feat: revoke consent by session id. trigger back channel logout.

aarmam · aarmam · commit 220a7749569f · 2022-03-16T16:00:07.000+02:00
diff --git a/consent/handler.go b/consent/handler.go
@@ -135,14 +135,26 @@ func (h *Handler) DeleteConsentSession(w http.ResponseWriter, r *http.Request, p
 			}
 		}
 	case allClients:
-		if triggerBackChannelLogout == "true" {
-			if err := h.r.ConsentStrategy().ExecuteBackChannelLogoutBySubject(r.Context(), r, subject); err != nil {
-				h.r.Logger().WithError(err).Warn("Unable to execute back channel logout")
+		if len(loginSessionId) > 0 {
+			if triggerBackChannelLogout == "true" {
+				if err := h.r.ConsentStrategy().ExecuteBackChannelLogoutBySession(r.Context(), r, subject, loginSessionId); err != nil {
+					h.r.Logger().WithError(err).Warn("Unable to execute back channel logout")
+				}
+			}
+			if err := h.r.ConsentManager().RevokeLoginSessionConsentSession(r.Context(), loginSessionId); err != nil && !errors.Is(err, x.ErrNotFound) {
+				h.r.Writer().WriteError(w, r, err)
+				return
+			}
+		} else {
+			if triggerBackChannelLogout == "true" {
+				if err := h.r.ConsentStrategy().ExecuteBackChannelLogoutBySubject(r.Context(), r, subject); err != nil {
+					h.r.Logger().WithError(err).Warn("Unable to execute back channel logout")
+				}
+			}
+			if err := h.r.ConsentManager().RevokeSubjectConsentSession(r.Context(), subject); err != nil && !errors.Is(err, x.ErrNotFound) {
+				h.r.Writer().WriteError(w, r, err)
+				return
 			}
-		}
-		if err := h.r.ConsentManager().RevokeSubjectConsentSession(r.Context(), subject); err != nil && !errors.Is(err, x.ErrNotFound) {
-			h.r.Writer().WriteError(w, r, err)
-			return
 		}
 	default:
 		h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint(`Query parameter both 'client' and 'all' is not defined but one of them should have been.`)))
diff --git a/consent/manager.go b/consent/manager.go
@@ -42,6 +42,7 @@ type Manager interface {
 	GetConsentRequest(ctx context.Context, challenge string) (*ConsentRequest, error)
 	HandleConsentRequest(ctx context.Context, challenge string, r *HandledConsentRequest) (*ConsentRequest, error)
 	RevokeSubjectConsentSession(ctx context.Context, user string) error
+	RevokeLoginSessionConsentSession(ctx context.Context, loginSessionId string) error
 	RevokeSubjectClientConsentSession(ctx context.Context, user, client string) error
 	RevokeSubjectClientLoginSessionConsentSession(ctx context.Context, user, client, loginSessionId string) error
 
diff --git a/persistence/sql/persister_consent.go b/persistence/sql/persister_consent.go
@@ -28,6 +28,10 @@ func (p *Persister) RevokeSubjectConsentSession(ctx context.Context, user string
 	return p.transaction(ctx, p.revokeConsentSession("r.subject = ?", user))
 }
 
+func (p *Persister) RevokeLoginSessionConsentSession(ctx context.Context, loginSessionId string) error {
+	return p.transaction(ctx, p.revokeConsentSession("r.login_session_id = ?", loginSessionId))
+}
+
 func (p *Persister) RevokeSubjectClientConsentSession(ctx context.Context, user, client string) error {
 	return p.transaction(ctx, p.revokeConsentSession("r.subject = ? AND r.client_id = ?", user, client))
 }

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,10 @@ func (p *Persister) RevokeSubjectConsentSession(ctx context.Context, user string`
`28`	`28`	`return p.transaction(ctx, p.revokeConsentSession("r.subject = ?", user))`
`29`	`29`	`}`
`30`	`30`
	`31`	`+func (p *Persister) RevokeLoginSessionConsentSession(ctx context.Context, loginSessionId string) error {`
	`32`	`+ return p.transaction(ctx, p.revokeConsentSession("r.login_session_id = ?", loginSessionId))`
	`33`	`+}`
	`34`	`+`
`31`	`35`	`func (p *Persister) RevokeSubjectClientConsentSession(ctx context.Context, user, client string) error {`
`32`	`36`	`return p.transaction(ctx, p.revokeConsentSession("r.subject = ? AND r.client_id = ?", user, client))`
`33`	`37`	`}`