Auth: Allow soft token revocation (#31601)

* Add revoked_at field to user auth token to allow soft revokes * Allow soft token revocations * Update token revocations and tests * Return error info on revokedTokenErr * Override session cookie only when no revokedErr nor API request * Display modal on revoked token error * Feedback: Refactor TokenRevokedModal to FC * Add GetUserRevokedTokens into UserTokenService * Backendsrv: adds tests and refactors soft token path * Apply feedback * Write redirect cookie on token revoked error * Update TokenRevokedModal style * Return meaningful error info * Some UI changes * Update backend_srv tests * Minor style fix on backend_srv tests * Replace deprecated method usage to publish events * Fix backend_srv tests * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Minor style fix after PR suggestion commit * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Prettier fixes Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2025-02-25 18:55:37 -06:00 · 2021-03-16 17:44:02 +01:00
parent a1c7e0630d
commit 610999cfa2
13 changed files with 286 additions and 30 deletions
--- a/pkg/api/login.go
+++ b/pkg/api/login.go
@@ -283,7 +283,7 @@ func (hs *HTTPServer) Logout(c *models.ReqContext) {
 		return
 	}

-	err := hs.AuthTokenService.RevokeToken(c.Req.Context(), c.UserToken)
+	err := hs.AuthTokenService.RevokeToken(c.Req.Context(), c.UserToken, false)
 	if err != nil && !errors.Is(err, models.ErrUserTokenNotFound) {
 		hs.log.Error("failed to revoke auth token", "error", err)
 	}
--- a/pkg/api/user_token.go
+++ b/pkg/api/user_token.go
@@ -132,7 +132,7 @@ func (hs *HTTPServer) revokeUserAuthTokenInternal(c *models.ReqContext, userID i
 		return response.Error(400, "Cannot revoke active user auth token", nil)
 	}

-	err = hs.AuthTokenService.RevokeToken(c.Req.Context(), token)
+	err = hs.AuthTokenService.RevokeToken(c.Req.Context(), token, false)
 	if err != nil {
 		if errors.Is(err, models.ErrUserTokenNotFound) {
 			return response.Error(404, "User auth token not found", err)