Merge branch 'security/clear-oauth-with-password' into 'develop'

Delete Tokens and Authorizations on password change

Closes #320

See merge request pleroma/pleroma!375

1 files changed, 32 insertions, 0 deletions

diff --git a/test/web/oauth/token_test.exs b/test/web/oauth/token_test.exs
index 58448949c..f926ff50b 100644
--- a/test/web/oauth/token_test.exs
+++ b/test/web/oauth/token_test.exs
@@ -29,4 +29,36 @@ defmodule Pleroma.Web.OAuth.TokenTest do
     auth = Repo.get(Authorization, auth.id)
     {:error, "already used"} = Token.exchange_token(app, auth)
   end
+
+  test "deletes all tokens of a user" do
+    {:ok, app1} =
+      Repo.insert(
+        App.register_changeset(%App{}, %{
+          client_name: "client1",
+          scopes: "scope",
+          redirect_uris: "url"
+        })
+      )
+
+    {:ok, app2} =
+      Repo.insert(
+        App.register_changeset(%App{}, %{
+          client_name: "client2",
+          scopes: "scope",
+          redirect_uris: "url"
+        })
+      )
+
+    user = insert(:user)
+
+    {:ok, auth1} = Authorization.create_authorization(app1, user)
+    {:ok, auth2} = Authorization.create_authorization(app2, user)
+
+    {:ok, token1} = Token.exchange_token(app1, auth1)
+    {:ok, token2} = Token.exchange_token(app2, auth2)
+
+    {tokens, _} = Token.delete_user_tokens(user)
+
+    assert tokens == 2
+  end
 end