From 7fa4913f902457dadb1a4806ce194eb122dbc090 Mon Sep 17 00:00:00 2001
From: Nick Frazier <nrflaw@gmail.com>
Date: Thu, 19 Oct 2017 08:10:29 -0400
Subject: [PLT-7794] Add user access token enable/disable endpoints (#7630)

* Add column to UserAccessTokens table

* PLT-7794 Add user access token enable/disable endpoints

* replaced eliminated global variable

* updates to user_access_token_store and upgrade.go

* style fix and cleanup
---
 store/sqlstore/upgrade.go                 | 12 ++++--
 store/sqlstore/user_access_token_store.go | 62 +++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+), 4 deletions(-)

(limited to 'store/sqlstore')

diff --git a/store/sqlstore/upgrade.go b/store/sqlstore/upgrade.go
index 5f466cf51..a6c1ecc43 100644
--- a/store/sqlstore/upgrade.go
+++ b/store/sqlstore/upgrade.go
@@ -312,8 +312,12 @@ func UpgradeDatabaseToVersion43(sqlStore SqlStore) {
 }
 
 func UpgradeDatabaseToVersion44(sqlStore SqlStore) {
-	// TODO: Uncomment following when version 4.4.0 is released
-	//if shouldPerformUpgrade(sqlStore, VERSION_4_3_0, VERSION_4_4_0) {
-	//	saveSchemaVersion(sqlStore, VERSION_4_4_0)
-	//}
+	// TODO: Uncomment following condition when version 4.4.0 is released
+	// if shouldPerformUpgrade(sqlStore, VERSION_4_3_0, VERSION_4_4_0) {
+
+	// Add the IsActive column to UserAccessToken.
+	sqlStore.CreateColumnIfNotExists("UserAccessTokens", "IsActive", "boolean", "boolean", "1")
+
+	// saveSchemaVersion(sqlStore, VERSION_4_4_0)
+	// }
 }
diff --git a/store/sqlstore/user_access_token_store.go b/store/sqlstore/user_access_token_store.go
index 2535943c7..530ba8d16 100644
--- a/store/sqlstore/user_access_token_store.go
+++ b/store/sqlstore/user_access_token_store.go
@@ -198,3 +198,65 @@ func (s SqlUserAccessTokenStore) GetByUser(userId string, offset, limit int) sto
 		result.Data = tokens
 	})
 }
+
+func (s SqlUserAccessTokenStore) UpdateTokenEnable(tokenId string) store.StoreChannel {
+	return store.Do(func(result *store.StoreResult) {
+		if _, err := s.GetMaster().Exec("UPDATE UserAccessTokens SET IsActive = TRUE WHERE Id = :Id", map[string]interface{}{"Id": tokenId}); err != nil {
+			result.Err = model.NewAppError("SqlUserAccessTokenStore.UpdateTokenEnable", "store.sql_user_access_token.update_token_enable.app_error", nil, "id="+tokenId+", "+err.Error(), http.StatusInternalServerError)
+		} else {
+			result.Data = tokenId
+		}
+	})
+}
+
+func (s SqlUserAccessTokenStore) UpdateTokenDisable(tokenId string) store.StoreChannel {
+	return store.Do(func(result *store.StoreResult) {
+		transaction, err := s.GetMaster().Begin()
+		if err != nil {
+			result.Err = model.NewAppError("SqlUserAccessTokenStore.UpdateTokenDisable", "store.sql_user_access_token.update_token_disble.app_error", nil, err.Error(), http.StatusInternalServerError)
+		} else {
+			if extrasResult := s.deleteSessionsAndDisableToken(transaction, tokenId); extrasResult.Err != nil {
+				*result = extrasResult
+			}
+
+			if result.Err == nil {
+				if err := transaction.Commit(); err != nil {
+					// don't need to rollback here since the transaction is already closed
+					result.Err = model.NewAppError("SqlUserAccessTokenStore.UpdateTokenDisable", "store.sql_user_access_token.update_token_disable.app_error", nil, err.Error(), http.StatusInternalServerError)
+				}
+			} else {
+				if err := transaction.Rollback(); err != nil {
+					result.Err = model.NewAppError("SqlUserAccessTokenStore.UpdateTokenDisable", "store.sql_user_access_token.update_token_disable.app_error", nil, err.Error(), http.StatusInternalServerError)
+				}
+			}
+		}
+	})
+}
+
+func (s SqlUserAccessTokenStore) deleteSessionsAndDisableToken(transaction *gorp.Transaction, tokenId string) store.StoreResult {
+	result := store.StoreResult{}
+
+	query := ""
+	if s.DriverName() == model.DATABASE_DRIVER_POSTGRES {
+		query = "DELETE FROM Sessions s USING UserAccessTokens o WHERE o.Token = s.Token AND o.Id = :Id"
+	} else if s.DriverName() == model.DATABASE_DRIVER_MYSQL {
+		query = "DELETE s.* FROM Sessions s INNER JOIN UserAccessTokens o ON o.Token = s.Token WHERE o.Id = :Id"
+	}
+
+	if _, err := transaction.Exec(query, map[string]interface{}{"Id": tokenId}); err != nil {
+		result.Err = model.NewAppError("SqlUserAccessTokenStore.deleteSessionsAndDisableToken", "store.sql_user_access_token.update_token_disable.app_error", nil, "id="+tokenId+", err="+err.Error(), http.StatusInternalServerError)
+		return result
+	}
+
+	return s.updateTokenDisable(transaction, tokenId)
+}
+
+func (s SqlUserAccessTokenStore) updateTokenDisable(transaction *gorp.Transaction, tokenId string) store.StoreResult {
+	result := store.StoreResult{}
+
+	if _, err := transaction.Exec("UPDATE UserAccessTokens SET IsActive = FALSE WHERE Id = :Id", map[string]interface{}{"Id": tokenId}); err != nil {
+		result.Err = model.NewAppError("SqlUserAccessTokenStore.updateTokenDisable", "store.sql_user_access_token.update_token_disable.app_error", nil, "", http.StatusInternalServerError)
+	}
+
+	return result
+}
-- 
cgit v1.2.3-1-g7c22