(ctx context.Context, req *adminv1.RevokeRepresentativeAuthTokensRequest)
| 371 | } |
| 372 | |
| 373 | func (s *Server) RevokeRepresentativeAuthTokens(ctx context.Context, req *adminv1.RevokeRepresentativeAuthTokensRequest) (*adminv1.RevokeRepresentativeAuthTokensResponse, error) { |
| 374 | claims := auth.GetClaims(ctx) |
| 375 | |
| 376 | if !claims.Superuser(ctx) { |
| 377 | return nil, status.Error(codes.PermissionDenied, "only superusers can manage representative auth tokens") |
| 378 | } |
| 379 | |
| 380 | // Error if authenticated as anything other than a user |
| 381 | if claims.OwnerType() != auth.OwnerTypeUser { |
| 382 | return nil, status.Error(codes.Unauthenticated, "not authenticated as a user") |
| 383 | } |
| 384 | |
| 385 | u, err := s.admin.DB.FindUserByEmail(ctx, req.Email) |
| 386 | if err != nil { |
| 387 | return nil, err |
| 388 | } |
| 389 | |
| 390 | observability.AddRequestAttributes(ctx, |
| 391 | attribute.String("args.user_id", u.ID), |
| 392 | ) |
| 393 | |
| 394 | err = s.admin.DB.DeleteUserAuthTokensByUserAndRepresentingUser(ctx, claims.OwnerID(), u.ID) |
| 395 | if err != nil { |
| 396 | return nil, err |
| 397 | } |
| 398 | |
| 399 | return &adminv1.RevokeRepresentativeAuthTokensResponse{}, nil |
| 400 | } |
| 401 | |
| 402 | // IssueRepresentativeAuthToken returns the temporary auth token for representing email |
| 403 | func (s *Server) IssueRepresentativeAuthToken(ctx context.Context, req *adminv1.IssueRepresentativeAuthTokenRequest) (*adminv1.IssueRepresentativeAuthTokenResponse, error) { |
nothing calls this directly
no test coverage detected