ExpireOauthToken expires the oauth token for the given user.
(t *testing.T, db database.Store, user *codersdk.Client)
| 60 | |
| 61 | // ExpireOauthToken expires the oauth token for the given user. |
| 62 | func (*LoginHelper) ExpireOauthToken(t *testing.T, db database.Store, user *codersdk.Client) database.UserLink { |
| 63 | t.Helper() |
| 64 | |
| 65 | //nolint:gocritic // Testing |
| 66 | ctx := dbauthz.AsSystemRestricted(testutil.Context(t, testutil.WaitMedium)) |
| 67 | |
| 68 | id, _, err := httpmw.SplitAPIToken(user.SessionToken()) |
| 69 | require.NoError(t, err) |
| 70 | |
| 71 | // We need to get the OIDC link and update it in the database to force |
| 72 | // it to be expired. |
| 73 | key, err := db.GetAPIKeyByID(ctx, id) |
| 74 | require.NoError(t, err, "get api key") |
| 75 | |
| 76 | link, err := db.GetUserLinkByUserIDLoginType(ctx, database.GetUserLinkByUserIDLoginTypeParams{ |
| 77 | UserID: key.UserID, |
| 78 | LoginType: database.LoginTypeOIDC, |
| 79 | }) |
| 80 | require.NoError(t, err, "get user link") |
| 81 | |
| 82 | // Expire the oauth link for the given user. |
| 83 | updated, err := db.UpdateUserLink(ctx, database.UpdateUserLinkParams{ |
| 84 | OAuthAccessToken: link.OAuthAccessToken, |
| 85 | OAuthAccessTokenKeyID: sql.NullString{}, // dbcrypt will update as required |
| 86 | OAuthRefreshToken: link.OAuthRefreshToken, |
| 87 | OAuthRefreshTokenKeyID: sql.NullString{}, // dbcrypt will update as required |
| 88 | OAuthExpiry: time.Now().Add(time.Hour * -1), |
| 89 | UserID: link.UserID, |
| 90 | LoginType: link.LoginType, |
| 91 | Claims: database.UserLinkClaims{}, |
| 92 | }) |
| 93 | require.NoError(t, err, "expire user link") |
| 94 | |
| 95 | return updated |
| 96 | } |
| 97 | |
| 98 | // ForceRefresh forces the client to refresh its oauth token. It does this by |
| 99 | // expiring the oauth token, then doing an authenticated call. This will force |