Psg 831 (#20)

* Implement Revoke Refresh Tokens

* update endpoint and add test

* fix test

* update app model

* Update app.go

Co-authored-by: Bert Ramirez <[email protected]>

* Update user.go

Co-authored-by: Bert Ramirez <[email protected]>

Co-authored-by: Michael Roberts <[email protected]>
Co-authored-by: Bert Ramirez <[email protected]>

Author: 3 people

app.go

@@ -81,6 +81,9 @@ type AppInfo struct {
 	AllowedIdentifier             string              `json:"allowed_identifier"`              // Which identifier(s) are allowed for this app (email, phone, both)
 	RequireIdentifierVerification bool                `json:"require_identifier_verification"` // Whether this app requires identifier verification
 	SessionTimeoutLength          int                 `json:"session_timeout_length"`          // How long a JWT will last for the app when a user logs in
+	RefreshEnabled                bool                `json:"refresh_enabled"`                 // Whether this app has refresh tokens enabled
+	RefreshAbsoluteLifetime       int                 `json:"refresh_absolute_lifetime"`       // The absolute lifetime of a refresh token in seconds
+	RefreshInactivityLifetime     int                 `json:"refresh_inactivity_lifetime"`     // The inactivity lifetime of a refresh token in seconds
 	UserMetadataSchemaResponse    []UserMetadataField `json:"user_metadata_schema"`            // The schema for user_metadata that will be stored about users
 	Layouts                       Layouts             `json:"layouts"`                         // The layouts of user_metadata on the register/profile element
 }

user.go

@@ -245,3 +245,22 @@ func (a *App) RevokeUserDevice(userID, deviceID string) (bool, error) {
 
 	return true, nil
 }
+
+// Signout revokes a users refresh tokens
+// returns true on success, error on failure
+func (a *App) SignOut(userID string) (bool, error) {
+	response, err := resty.New().R().
+		SetAuthToken(a.Config.APIKey).
+		Delete(fmt.Sprintf("https://api.passage.id/v1/apps/%v/users/%v/tokens/", a.ID, userID))
+	if err != nil {
+		return false, errors.New("network error: could not get Passage User")
+	}
+	if response.StatusCode() == http.StatusNotFound {
+		return false, fmt.Errorf("passage User with ID \"%v\" does not exist", userID)
+	}
+	if response.StatusCode() != http.StatusOK {
+		return false, fmt.Errorf("failed to revoke all refresh tokens for a Passage User")
+	}
+
+	return true, nil
+}

user_test.go

@@ -136,3 +136,14 @@ func TestListUserDevices(t *testing.T) {
 }
 
 // NOTE RevokeUserDevice is not tested because it is impossible to spoof webauthn to create a device to then revoke
+
+func TestSignOutUser(t *testing.T) {
+	psg, err := passage.New(PassageAppID, &passage.Config{
+		APIKey: PassageApiKey, // An API_KEY environment variable is required for testing.
+	})
+	require.Nil(t, err)
+
+	result, err := psg.SignOut(PassageUserID)
+	require.Nil(t, err)
+	assert.Equal(t, result, true)
+}