Auth: Logout disabled user (#17166)

* Feature: revoke user token when disabled * Chore: fix linter error
2025-02-10 23:55:47 -06:00 · 2019-05-23 15:54:47 +03:00 · 2019-05-23 15:54:47 +03:00 · a3a7916597
commit a3a7916597
parent c87b2c9913
3 changed files with 26 additions and 18 deletions
--- a/pkg/api/admin_users.go
+++ b/pkg/api/admin_users.go
@ -112,43 +112,44 @@ func AdminDeleteUser(c *models.ReqContext) {
 }
 // POST /api/admin/users/:id/disable
-func AdminDisableUser(c *models.ReqContext) {
+func (server *HTTPServer) AdminDisableUser(c *models.ReqContext) Response {
 	userID := c.ParamsInt64(":id")
 	// External users shouldn't be disabled from API
 	authInfoQuery := &models.GetAuthInfoQuery{UserId: userID}
 	if err := bus.Dispatch(authInfoQuery); err != models.ErrUserNotFound {
-		c.JsonApiErr(500, "Could not disable external user", nil)
+		return Error(500, "Could not disable external user", nil)
 		return
 	}
 	disableCmd := models.DisableUserCommand{UserId: userID, IsDisabled: true}
 	if err := bus.Dispatch(&disableCmd); err != nil {
-		c.JsonApiErr(500, "Failed to disable user", err)
+		return Error(500, "Failed to disable user", err)
 		return
 	}
-	c.JsonOK("User disabled")
+	err := server.AuthTokenService.RevokeAllUserTokens(c.Req.Context(), userID)
 	if err != nil {
 		return Error(500, "Failed to disable user", err)
 	}
 	return Success("User disabled")
 }
 // POST /api/admin/users/:id/enable
-func AdminEnableUser(c *models.ReqContext) {
+func AdminEnableUser(c *models.ReqContext) Response {
 	userID := c.ParamsInt64(":id")
 	// External users shouldn't be disabled from API
 	authInfoQuery := &models.GetAuthInfoQuery{UserId: userID}
 	if err := bus.Dispatch(authInfoQuery); err != models.ErrUserNotFound {
-		c.JsonApiErr(500, "Could not enable external user", nil)
+		return Error(500, "Could not enable external user", nil)
 		return
 	}
 	disableCmd := models.DisableUserCommand{UserId: userID, IsDisabled: false}
 	if err := bus.Dispatch(&disableCmd); err != nil {
-		c.JsonApiErr(500, "Failed to enable user", err)
+		return Error(500, "Failed to enable user", err)
 		return
 	}
-	c.JsonOK("User enabled")
+	return Success("User enabled")
 }
 // POST /api/admin/users/:id/logout
--- a/pkg/api/admin_users_test.go
+++ b/pkg/api/admin_users_test.go
@ -222,16 +222,23 @@ func adminDisableUserScenario(desc string, action string, url string, routePatte
 	Convey(desc+" "+url, func() {
 		defer bus.ClearBusHandlers()
 		fakeAuthTokenService := auth.NewFakeUserAuthTokenService()
 		hs := HTTPServer{
 			Bus:              bus.GetBus(),
 			AuthTokenService: fakeAuthTokenService,
 		}
 		sc := setupScenarioContext(url)
-		sc.defaultHandler = Wrap(func(c *m.ReqContext) {
+		sc.defaultHandler = Wrap(func(c *m.ReqContext) Response {
 			sc.context = c
 			sc.context.UserId = TestUserID
 			if action == "enable" {
-				AdminEnableUser(c)
+				return AdminEnableUser(c)
 			} else {
 				AdminDisableUser(c)
 			}
 			return hs.AdminDisableUser(c)
 		})
 		sc.m.Post(routePattern, sc.defaultHandler)
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@ -381,8 +381,8 @@ func (hs *HTTPServer) registerRoutes() {
 		adminRoute.Put("/users/:id/password", bind(dtos.AdminUpdateUserPasswordForm{}), AdminUpdateUserPassword)
 		adminRoute.Put("/users/:id/permissions", bind(dtos.AdminUpdateUserPermissionsForm{}), AdminUpdateUserPermissions)
 		adminRoute.Delete("/users/:id", AdminDeleteUser)
-		adminRoute.Post("/users/:id/disable", AdminDisableUser)
+		adminRoute.Post("/users/:id/disable", Wrap(hs.AdminDisableUser))
-		adminRoute.Post("/users/:id/enable", AdminEnableUser)
+		adminRoute.Post("/users/:id/enable", Wrap(AdminEnableUser))
 		adminRoute.Get("/users/:id/quotas", Wrap(GetUserQuotas))
 		adminRoute.Put("/users/:id/quotas/:target", bind(m.UpdateUserQuotaCmd{}), Wrap(UpdateUserQuota))
 		adminRoute.Get("/stats", AdminGetStats)