API - revoke all token for a given client

2022-06-12 17:15:18 +02:00
parent 1f26b69cba
commit e01248d0d1
4 changed files with 140 additions and 19 deletions
--- a/fittrackee/oauth2/models.py
+++ b/fittrackee/oauth2/models.py
@@ -93,3 +93,15 @@ class OAuth2Token(BaseModel, OAuth2TokenMixin):
            return False
        expires_at = self.issued_at + self.expires_in * 2
        return expires_at >= time.time()
+
+    @classmethod
+    def revoke_client_tokens(cls, client_id: str) -> None:
+        sql = """
+            UPDATE oauth2_token
+            SET access_token_revoked_at = %(revoked_at)s
+            WHERE client_id = %(client_id)s;
+        """
+        db.engine.execute(
+            sql, {'client_id': client_id, 'revoked_at': int(time.time())}
+        )
+        db.session.commit()