From 8378b72ebacc51e5e090faa527462b801e4c2803 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sat, 19 May 2018 21:05:08 +0200
Subject: Ensure push subscription is immediately removed when application is
 revoked (#7548)

* Ensure push subscription is immediately removed when application is revoked

* When token is revoked from app, unsubscribe too
---
 .../oauth/authorized_applications_controller.rb            |  5 +++++
 app/controllers/oauth/tokens_controller.rb                 | 14 ++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 app/controllers/oauth/tokens_controller.rb

(limited to 'app/controllers/oauth')

diff --git a/app/controllers/oauth/authorized_applications_controller.rb b/app/controllers/oauth/authorized_applications_controller.rb
index 395fbc51b..0c28d194b 100644
--- a/app/controllers/oauth/authorized_applications_controller.rb
+++ b/app/controllers/oauth/authorized_applications_controller.rb
@@ -8,6 +8,11 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
 
   include Localized
 
+  def destroy
+    Web::PushSubscription.unsubscribe_for(params[:id], current_resource_owner)
+    super
+  end
+
   private
 
   def store_current_location
diff --git a/app/controllers/oauth/tokens_controller.rb b/app/controllers/oauth/tokens_controller.rb
new file mode 100644
index 000000000..fa6d58f25
--- /dev/null
+++ b/app/controllers/oauth/tokens_controller.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class Oauth::TokensController < Doorkeeper::TokensController
+  def revoke
+    unsubscribe_for_token if authorized? && token.accessible?
+    super
+  end
+
+  private
+
+  def unsubscribe_for_token
+    Web::PushSubscription.where(access_token_id: token.id).delete_all
+  end
+end
-- 
cgit