[public-api] Delete token

Author: jeanp413

components/gitpod-db/go/personal_access_token.go

@@ -87,6 +87,25 @@ func CreatePersonalAccessToken(ctx context.Context, conn *gorm.DB, req PersonalA
 	return token, nil
 }
 
+func DeletePersonalAccessTokenForUser(ctx context.Context, conn *gorm.DB, tokenID uuid.UUID, userID uuid.UUID) error {
+	db := conn.WithContext(ctx)
+
+	db = db.
+		Table((&PersonalAccessToken{}).TableName()).
+		Where("id = ?", tokenID).
+		Where("userId = ?", userID).
+		Where("deleted = ?", 0).
+		Update("deleted", 1)
+	if db.Error != nil {
+		if errors.Is(db.Error, gorm.ErrRecordNotFound) {
+			return fmt.Errorf("Token with ID %s does not exist: %w", tokenID, ErrorNotFound)
+		}
+		return fmt.Errorf("Failed to delete token: %v", db.Error)
+	}
+
+	return nil
+}
+
 func ListPersonalAccessTokensForUser(ctx context.Context, conn *gorm.DB, userID uuid.UUID, pagination Pagination) (*PaginatedResult[PersonalAccessToken], error) {
 	if userID == uuid.Nil {
 		return nil, fmt.Errorf("user ID is a required argument to list personal access tokens for user, got nil")

components/gitpod-db/go/personal_access_token_test.go

@@ -74,6 +74,42 @@ func TestPersonalAccessToken_Create(t *testing.T) {
 	require.Equal(t, request.ID, result.ID)
 }
 
+func TestPersonalAccessToken_Delete(t *testing.T) {
+	conn := dbtest.ConnectForTests(t)
+
+	firstUserId := uuid.New()
+	secondUserId := uuid.New()
+
+	token := dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{UserID: firstUserId})
+	token2 := dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{UserID: secondUserId})
+
+	tokenEntries := []db.PersonalAccessToken{token, token2}
+
+	dbtest.CreatePersonalAccessTokenRecords(t, conn, tokenEntries...)
+
+	t.Run("not matching user", func(t *testing.T) {
+		err := db.DeletePersonalAccessTokenForUser(context.Background(), conn, token.ID, token2.UserID)
+		require.Error(t, err, db.ErrorNotFound)
+	})
+
+	t.Run("not matching token", func(t *testing.T) {
+		err := db.DeletePersonalAccessTokenForUser(context.Background(), conn, token2.ID, token.UserID)
+		require.Error(t, err, db.ErrorNotFound)
+	})
+
+	t.Run("both token and user don't exist in the DB", func(t *testing.T) {
+		err := db.DeletePersonalAccessTokenForUser(context.Background(), conn, uuid.New(), uuid.New())
+		require.Error(t, err, db.ErrorNotFound)
+	})
+
+	t.Run("valid", func(t *testing.T) {
+		err := db.DeletePersonalAccessTokenForUser(context.Background(), conn, token.ID, token.UserID)
+		require.NoError(t, err)
+		_, err = db.GetPersonalAccessTokenForUser(context.Background(), conn, token.ID, token.UserID)
+		require.Error(t, err, db.ErrorNotFound)
+	})
+}
+
 func TestListPersonalAccessTokensForUser(t *testing.T) {
 	ctx := context.Background()
 	conn := dbtest.ConnectForTests(t)

components/public-api-server/pkg/apiv1/tokens.go

@@ -204,13 +204,18 @@ func (s *TokensService) DeletePersonalAccessToken(ctx context.Context, req *conn
 		return nil, err
 	}
 
-	_, _, err = s.getUser(ctx, conn)
+	_, userID, err := s.getUser(ctx, conn)
 	if err != nil {
 		return nil, err
 	}
 
-	log.Infof("Handling DeletePersonalAccessToken request for Token ID '%s'", tokenID.String())
-	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("gitpod.experimental.v1.TokensService.DeletePersonalAccessToken is not implemented"))
+	err = db.DeletePersonalAccessTokenForUser(ctx, s.dbConn, tokenID, userID)
+	if err != nil {
+		log.WithError(err).Errorf("Failed to delete personal access token for user %s", userID.String())
+		return nil, connect.NewError(connect.CodeInternal, errors.New("Failed to delete personal access token."))
+	}
+
+	return connect.NewResponse(&v1.DeletePersonalAccessTokenResponse{}), nil
 }
 
 func (s *TokensService) getUser(ctx context.Context, conn protocol.APIInterface) (*protocol.User, uuid.UUID, error) {

components/public-api-server/pkg/apiv1/tokens_test.go

@@ -464,16 +464,31 @@ func TestTokensService_DeletePersonalAccessToken(t *testing.T) {
 		require.Equal(t, connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 
-	t.Run("unimplemented when feature flag enabled", func(t *testing.T) {
-		serverMock, _, client := setupTokensService(t, withTokenFeatureEnabled)
+	t.Run("delete token", func(t *testing.T) {
+		serverMock, dbConn, client := setupTokensService(t, withTokenFeatureEnabled)
 
-		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
+		tokens := dbtest.CreatePersonalAccessTokenRecords(t, dbConn,
+			dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{
+				UserID: uuid.MustParse(user.ID),
+			}),
+		)
 
-		_, err := client.DeletePersonalAccessToken(context.Background(), connect.NewRequest(&v1.DeletePersonalAccessTokenRequest{
-			Id: uuid.New().String(),
+		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil).MaxTimes(3)
+
+		_, err := client.GetPersonalAccessToken(context.Background(), connect.NewRequest(&v1.GetPersonalAccessTokenRequest{
+			Id: tokens[0].ID.String(),
 		}))
+		require.NoError(t, err)
 
-		require.Equal(t, connect.CodeUnimplemented, connect.CodeOf(err))
+		_, err = client.DeletePersonalAccessToken(context.Background(), connect.NewRequest(&v1.DeletePersonalAccessTokenRequest{
+			Id: tokens[0].ID.String(),
+		}))
+		require.NoError(t, err)
+
+		_, err = client.GetPersonalAccessToken(context.Background(), connect.NewRequest(&v1.GetPersonalAccessTokenRequest{
+			Id: tokens[0].ID.String(),
+		}))
+		require.Error(t, err, fmt.Errorf("Token with ID %s does not exist: not found", tokens[0].ID.String()))
 	})
 }