feat(auth): Added RevokeRefreshTokensAsync() API (#171)

hiranya911 · web-flow · commit 6c51b93f064f · 2020-04-14T11:12:02.000-07:00
* feat(auth): Added RevokeRefreshTokensAsync() API

* Adding ConfigureAwait to async API call
diff --git a/FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseUserManagerTest.cs b/FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseUserManagerTest.cs
@@ -23,6 +23,7 @@
 using FirebaseAdmin.Util;
 using Google.Apis.Auth.OAuth2;
 using Google.Apis.Json;
+using Google.Apis.Util;
 using Newtonsoft.Json.Linq;
 using Xunit;
 
@@ -37,6 +38,8 @@ public class FirebaseUserManagerTest
         private static readonly GoogleCredential MockCredential =
             GoogleCredential.FromAccessToken("test-token");
 
+        private static readonly IClock MockClock = new MockClock();
+
         private static readonly IList<string> ListUsersResponse = new List<string>()
         {
             @"{
@@ -1529,6 +1532,49 @@ public async Task DeleteUserNotFound()
             Assert.Null(exception.InnerException);
         }
 
+        [Fact]
+        public async Task RevokeRefreshTokens()
+        {
+            var handler = new MockMessageHandler()
+            {
+                Response = CreateUserResponse,
+            };
+            var auth = this.CreateFirebaseAuth(handler);
+
+            await auth.RevokeRefreshTokensAsync("user1");
+
+            Assert.Equal(1, handler.Requests.Count);
+            var request = NewtonsoftJsonSerializer.Instance.Deserialize<JObject>(handler.LastRequestBody);
+            Assert.Equal(2, request.Count);
+            Assert.Equal("user1", request["localId"]);
+            Assert.Equal(MockClock.UnixTimestamp(), request["validSince"]);
+
+            this.AssertClientVersion(handler.LastRequestHeaders);
+        }
+
+        [Fact]
+        public void RevokeRefreshTokensNoUid()
+        {
+            var handler = new MockMessageHandler() { Response = CreateUserResponse };
+            var auth = this.CreateFirebaseAuth(handler);
+
+            Assert.ThrowsAsync<ArgumentException>(
+                async () => await auth.RevokeRefreshTokensAsync(null));
+            Assert.ThrowsAsync<ArgumentException>(
+                async () => await auth.RevokeRefreshTokensAsync(string.Empty));
+        }
+
+        [Fact]
+        public void RevokeRefreshTokensInvalidUid()
+        {
+            var handler = new MockMessageHandler() { Response = CreateUserResponse };
+            var auth = this.CreateFirebaseAuth(handler);
+
+            var uid = new string('a', 129);
+            Assert.ThrowsAsync<ArgumentException>(
+                async () => await auth.RevokeRefreshTokensAsync(uid));
+        }
+
         [Fact]
         public async Task ServiceUnvailable()
         {
@@ -1576,6 +1622,7 @@ private FirebaseAuth CreateFirebaseAuth(HttpMessageHandler handler)
                 ProjectId = MockProjectId,
                 ClientFactory = new MockHttpClientFactory(handler),
                 RetryOptions = RetryOptions.NoBackOff,
+                Clock = MockClock,
             });
             return new FirebaseAuth(new FirebaseAuth.FirebaseAuthArgs()
             {
diff --git a/FirebaseAdmin/FirebaseAdmin/Auth/FirebaseAuth.cs b/FirebaseAdmin/FirebaseAdmin/Auth/FirebaseAuth.cs
@@ -451,6 +451,51 @@ public async Task<UserRecord> UpdateUserAsync(
                 .ConfigureAwait(false);
         }
 
+        /// <summary>
+        /// Revokes all refresh tokens for the specified user.
+        ///
+        /// Updates the user's tokensValidAfterTimestamp to the current UTC time expressed in
+        /// seconds since the epoch and truncated to 1 second accuracy. It is important that
+        /// the server on which this is called has its clock set correctly and synchronized.
+        ///
+        /// While this will revoke all sessions for a specified user and disable any new ID tokens
+        /// for existing sessions from getting minted, existing ID tokens may remain active until
+        /// their natural expiration (one hour).
+        /// </summary>
+        /// <param name="uid">A user ID string.</param>
+        /// <returns>A task that completes when the user's refresh tokens have been revoked.</returns>
+        /// <exception cref="ArgumentException">If the user ID argument is null or empty.</exception>
+        /// <exception cref="FirebaseAuthException">If an error occurs while revoking the tokens.</exception>
+        public async Task RevokeRefreshTokensAsync(string uid)
+        {
+            await this.RevokeRefreshTokensAsync(uid, default(CancellationToken))
+                .ConfigureAwait(false);
+        }
+
+        /// <summary>
+        /// Revokes all refresh tokens for the specified user.
+        ///
+        /// Updates the user's tokensValidAfterTimestamp to the current UTC time expressed in
+        /// seconds since the epoch and truncated to 1 second accuracy. It is important that
+        /// the server on which this is called has its clock set correctly and synchronized.
+        ///
+        /// While this will revoke all sessions for a specified user and disable any new ID tokens
+        /// for existing sessions from getting minted, existing ID tokens may remain active until
+        /// their natural expiration (one hour).
+        /// </summary>
+        /// <param name="uid">A user ID string.</param>
+        /// <param name="cancellationToken">A cancellation token to monitor the asynchronous
+        /// operation.</param>
+        /// <returns>A task that completes when the user's refresh tokens have been revoked.</returns>
+        /// <exception cref="ArgumentException">If the user ID argument is null or empty.</exception>
+        /// <exception cref="FirebaseAuthException">If an error occurs while revoking the tokens.</exception>
+        public async Task RevokeRefreshTokensAsync(string uid, CancellationToken cancellationToken)
+        {
+            var userManager = this.IfNotDeleted(() => this.userManager.Value);
+            await userManager.RevokeRefreshTokensAsync(uid, cancellationToken)
+                .ConfigureAwait(false);
+        }
+
         /// <summary>
         /// Deletes the user identified by the specified <paramref name="uid"/>.
         /// </summary>
diff --git a/FirebaseAdmin/FirebaseAdmin/Auth/FirebaseUserManager.cs b/FirebaseAdmin/FirebaseAdmin/Auth/FirebaseUserManager.cs
@@ -18,15 +18,15 @@
 using System.Threading;
 using System.Threading.Tasks;
 using FirebaseAdmin.Util;
-using Google.Api.Gax;
 using Google.Api.Gax.Rest;
 using Google.Apis.Auth.OAuth2;
 using Google.Apis.Http;
 using Google.Apis.Json;
 using Google.Apis.Util;
-using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 
+using Gax = Google.Api.Gax;
+
 namespace FirebaseAdmin.Auth
 {
     /// <summary>
@@ -45,6 +45,7 @@ internal class FirebaseUserManager : IDisposable
 
         private readonly ErrorHandlingHttpClient<FirebaseAuthException> httpClient;
         private readonly string baseUrl;
+        private readonly IClock clock;
 
         internal FirebaseUserManager(Args args)
         {
@@ -65,6 +66,7 @@ internal FirebaseUserManager(Args args)
                     RetryOptions = args.RetryOptions,
                 });
             this.baseUrl = string.Format(IdTooklitUrl, args.ProjectId);
+            this.clock = args.Clock ?? SystemClock.Default;
         }
 
         public void Dispose()
@@ -159,7 +161,7 @@ internal async Task<UserRecord> GetUserByPhoneNumberAsync(
                 .ConfigureAwait(false);
         }
 
-        internal PagedAsyncEnumerable<ExportedUserRecords, ExportedUserRecord> ListUsers(
+        internal Gax.PagedAsyncEnumerable<ExportedUserRecords, ExportedUserRecord> ListUsers(
             ListUsersOptions options)
         {
             var factory = new ListUsersRequest.Factory(this.baseUrl, this.httpClient, options);
@@ -244,6 +246,16 @@ internal async Task DeleteUserAsync(
             }
         }
 
+        internal async Task RevokeRefreshTokensAsync(string uid, CancellationToken cancellationToken)
+        {
+            var args = new UserRecordArgs()
+            {
+                Uid = uid,
+                ValidSince = this.clock.UnixTimestamp(),
+            };
+            await this.UpdateUserAsync(args, cancellationToken).ConfigureAwait(false);
+        }
+
         internal async Task<string> GenerateEmailActionLinkAsync(
             EmailActionLinkRequest request,
             CancellationToken cancellationToken = default(CancellationToken))
@@ -313,6 +325,8 @@ internal sealed class Args
             internal string ProjectId { get; set; }
 
             internal RetryOptions RetryOptions { get; set; }
+
+            internal IClock Clock { get; set; }
         }
 
         /// <summary>
diff --git a/FirebaseAdmin/FirebaseAdmin/Auth/UserRecordArgs.cs b/FirebaseAdmin/FirebaseAdmin/Auth/UserRecordArgs.cs
@@ -93,6 +93,8 @@ public bool Disabled
         /// </summary>
         public string Password { get; set; }
 
+        internal long? ValidSince { get; set; }
+
         internal IReadOnlyDictionary<string, object> CustomClaims
         {
             get => this.customClaims?.Value;
@@ -283,6 +285,7 @@ internal UpdateUserRequest(UserRecordArgs args)
                 this.Email = CheckEmail(args.Email);
                 this.EmailVerified = args.emailVerified;
                 this.Password = CheckPassword(args.Password);
+                this.ValidSince = args.ValidSince;
 
                 if (args.displayName != null)
                 {
@@ -357,6 +360,9 @@ internal UpdateUserRequest(UserRecordArgs args)
             [JsonProperty("localId")]
             public string Uid { get; set; }
 
+            [JsonProperty("validSince")]
+            public long? ValidSince { get; set; }
+
             private void AddDeleteAttribute(string attribute)
             {
                 if (this.DeleteAttribute == null)
