From 1c24cbea2666b64b8681357e780efcae18413699 Mon Sep 17 00:00:00 2001
From: mpeltriaux <Michel_Peltriaux@web.de>
Date: Mon, 23 Dec 2024 09:26:14 +0100
Subject: [PATCH] # OAuth Token revocation

* adds revocation of user tokens on logout
---
 api/models/token.py    | 19 +++++++++++++++++++
 konova/views/logout.py |  5 +++++
 2 files changed, 24 insertions(+)

diff --git a/api/models/token.py b/api/models/token.py
index dac0b4a7..698202ed 100644
--- a/api/models/token.py
+++ b/api/models/token.py
@@ -155,3 +155,22 @@ class OAuthToken(UuidModel):
 
         return user
 
+    def revoke(self) -> (int, int):
+        """ Revokes the tokens of the user
+
+        Returns:
+            revocation_status_codes (tuple): HTTP status code for revocation of access_token and refresh_token
+        """
+        revoke_url = f"{SSO_SERVER_BASE}o/revoke_token/"
+        token = self.refresh_token
+        revocation_status_codes = requests.post(
+                revoke_url,
+                data={
+                    'token': token,
+                    'token_type_hint': "refresh_token",
+                },
+                auth=(OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET),
+            ).status_code
+
+        return revocation_status_codes
+
diff --git a/konova/views/logout.py b/konova/views/logout.py
index fe4d0db4..57a34fd6 100644
--- a/konova/views/logout.py
+++ b/konova/views/logout.py
@@ -24,5 +24,10 @@ class LogoutView(View):
         Returns:
             A redirect
         """
+        user = request.user
+        oauth_token = user.oauth_token
+        if oauth_token:
+            oauth_token.revoke()
+
         logout(request)
         return redirect(SSO_SERVER_BASE)