public async Task RemoveReferenceTokenAsync_by_subjectId_clientId_should_delete_entity()
{
using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
var serializer = new PersistentGrantSerializer();
var loggerMock = new Mock <ILogger <ReferenceTokenStore> >();
using var s1 = store.OpenAsyncSession();
await s1.StoreAsync(new Entity.ReferenceToken
{
Id = "test",
ClientId = "test",
UserId = "test",
Data = serializer.Serialize(new Token
{
ClientId = "test"
})
}, $"{nameof(Entity.ReferenceToken)}/test");
await s1.SaveChangesAsync();
using var session = store.OpenAsyncSession();
var sut = new ReferenceTokenStore(new ScopedAsynDocumentcSession(session), serializer, loggerMock.Object);
await sut.RemoveReferenceTokensAsync("test", "test");
using var s2 = store.OpenAsyncSession();
var result = await s2.LoadAsync <Entity.ReferenceToken>($"{nameof(Entity.ReferenceToken)}/test");
Assert.Null(result);
}
// revoke refresh token only if it belongs to client doing the request
private async Task <bool> RevokeRefreshTokenAsync(TokenRevocationRequestValidationResult validationResult)
{
var token = await RefreshTokenStore.GetRefreshTokenAsync(validationResult.Token);
if (token != null)
{
if (token.ClientId == validationResult.Client.ClientId)
{
Logger.LogDebug("Refresh token revoked");
await RefreshTokenStore.RemoveRefreshTokensAsync(token.SubjectId, token.ClientId);
await ReferenceTokenStore.RemoveReferenceTokensAsync(token.SubjectId, token.ClientId);
}
else
{
Logger.LogWarning("Client {clientId} tried to revoke a refresh token belonging to a different client: {clientId}", validationResult.Client.ClientId, token.ClientId);
}
return(true);
}
return(false);
}
