Skip to content

#6 Add OAuth revoke (DELETE /api/token) #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nstillman-te wants to merge 1 commit into
base: master
Choose a base branch
from
Open

#6 Add OAuth revoke (DELETE /api/token) #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ Changelog
To be released
--------------

* Added ``client.oauth.revoke`` to revoke the access token (DELETE /api/token).

* Deprecate Python 3.9 support - minimum required version is now Python 3.10+. This does not mean the library will not work with Python 3.9, but it will not be tested against it anymore.

Expand Down
1 change: 1 addition & 0 deletions README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,7 @@ Most of the API is available:

client.messaging.send

client.oauth.revoke
client.oauth.test_tokens

client.puzzles.get_daily
Expand Down
19 changes: 18 additions & 1 deletion berserk/clients/oauth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,29 @@
from __future__ import annotations

from urllib.parse import urljoin

from typing import Any, Dict

from .. import models
from .. import exceptions, models
from .base import BaseClient


class OAuth(BaseClient):
def revoke(self) -> None:
"""Revoke the access token sent as Bearer (DELETE /api/token).

The session must be authenticated with the token to revoke (e.g.
``TokenSession(access_token)``). After a successful call, the token
is invalid and must not be used for further requests.

:return: None. Raises if the request fails.
"""
path = "/api/token"
url = urljoin(self._r.base_url, path)
response = self._r.session.request("DELETE", url)
if not response.ok:
raise exceptions.ResponseError(response)

def test_tokens(self, *tokens: str) -> Dict[str, Any]:
"""Test the validity of up to 1000 OAuth tokens.

Expand Down
17 changes: 17 additions & 0 deletions tests/clients/test_oauth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
import requests_mock

import berserk


class TestOAuthRevoke:
def test_revoke_sends_delete_with_bearer_token(self):
"""Verify the client sends DELETE /api/token with Authorization Bearer."""
with requests_mock.Mocker() as m:
m.delete("https://lichess.org/api/token", status_code=204)
session = berserk.TokenSession("my_access_token")
client = berserk.Client(session=session)
client.oauth.revoke()
assert m.call_count == 1
req = m.last_request
assert req.method == "DELETE"
assert req.headers.get("Authorization") == "Bearer my_access_token"