blob: 547ba6c3bdcb753271dab551e7e3bf0004cf05cf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# frozen_string_literal: true
module PersonalAccessTokens
class RevokeTokenFamilyService
def initialize(token)
@token = token
end
def execute
# Despite using #update_all, there should only be a single active token.
# A token family is a chain of rotated tokens. Once rotated, the
# previous token is revoked.
pat_family.active.update_all(revoked: true)
ServiceResponse.success
end
private
attr_reader :token
def pat_family
# rubocop: disable CodeReuse/ActiveRecord
cte = Gitlab::SQL::RecursiveCTE.new(:personal_access_tokens_cte)
personal_access_token_table = Arel::Table.new(:personal_access_tokens)
cte << PersonalAccessToken
.where(personal_access_token_table[:previous_personal_access_token_id].eq(token.id))
cte << PersonalAccessToken
.from([personal_access_token_table, cte.table])
.where(personal_access_token_table[:previous_personal_access_token_id].eq(cte.table[:id]))
PersonalAccessToken.with.recursive(cte.to_arel).from(cte.alias_to(personal_access_token_table))
# rubocop: enable CodeReuse/ActiveRecord
end
end
end
|