FroMage · RasDeaks · Mar 22, 2024 · Apr 2, 2024 · Apr 2, 2024 · Apr 17, 2024
diff --git a/pom.xml b/pom.xml
@@ -16,7 +16,7 @@
     <quarkus.platform.group-id>io.quarkus</quarkus.platform.group-id>
     <quarkus.platform.version>3.8.3</quarkus.platform.version>
     <surefire-plugin.version>3.0.0-M5</surefire-plugin.version>
-    <renarde.version>3.0.9</renarde.version>
+    <renarde.version>3.0.12-SNAPSHOT</renarde.version>
   </properties>
   <dependencyManagement>
     <dependencies>

diff --git a/src/main/resources/messages.properties b/src/main/resources/messages.properties
@@ -3,6 +3,7 @@ main.help=Help
 main.about=About
 main.language=Language
 main.logout=Logout
+main.revoke=Revoke
 main.backoffice=Backoffice
 main.todos=Todos
 

diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties
@@ -3,6 +3,7 @@ main.help=Aide
 main.about=À propos
 main.language=Langue
 main.logout=Déconnexion
+main.revoke=Suppression
 main.backoffice=Administration
 main.todos=Tâches
 

diff --git a/src/main/resources/templates/main.html b/src/main/resources/templates/main.html
@@ -33,6 +33,9 @@
                       <li class="nav-item"><a class="nav-link" aria-current="page" href="/_renarde/backoffice/index"><i class="bi bi-database"></i>{m:main.backoffice}</a></li>
                     {/if}
                     <li class="nav-item"><a class="nav-link" aria-current="page" href="{uri:RenardeSecurityController.logout()}">{m:main.logout}</a></li>
+                    {#if inject:user.tenantId && inject:user.tenantId is 'apple'}
+                      <li class="nav-item"><a class="nav-link" aria-current="page" href="{uri:RenardeRevokeController.revokeApple()}" >{m:main.revoke}</a></li>
+                    {/if}
                 {/if}
                 <li class="nav-item dropdown">
                   <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false">

diff --git a/src/test/java/fr/epardaud/TodoResourceTest.java b/src/test/java/fr/epardaud/TodoResourceTest.java
@@ -357,6 +357,67 @@ public void appleLoginTest() {
                            "Foo", "Bar", "AppleUser", "[email protected]", "q_session_apple");
     }
 
+    @Test
+    public void appleRevokeTest(){
+        // GIVEN a registered apple user
+        RenardeCookieFilter cookieFilter = new RenardeCookieFilter();
+        ValidatableResponse response = follow("/_renarde/security/login-apple", cookieFilter);
+        JsonPath json = response.statusCode(200)
+                .extract().body().jsonPath();
+        String code = json.get("code");
+        String state = json.get("state");
+
+        String location = given()
+                .when()
+                .filter(cookieFilter)
+                .formParam("state", state)
+                .formParam("code", code)
+                // can't follow redirects due to cookies
+                .redirects().follow(false)
+                // must be precise and not contain an encoding: probably needs fixing in the OIDC side
+                .contentType("application/x-www-form-urlencoded")
+                .log().ifValidationFails()
+                .post("/_renarde/security/oidc-success")
+                .then()
+                .log().ifValidationFails()
+                .statusCode(302)
+                .extract().header("Location");
+       follow(location.replace("https://", "http://"), cookieFilter)
+                .body(containsString("Complete registration for [email protected]"));
+
+        // WHEN Revoke access
+        List<String> setCookieHeaderResp = given()
+                .when()
+                .filter(cookieFilter)
+                .redirects().follow(false)
+                .get("/_renarde/security/apple-revoke")
+                .then()
+                .statusCode(303)
+                .extract().headers()
+                .getValues("Set-Cookie");
+
+        // THEN Cookie is reset (no more QuarkusUser nor apple session)
+        String userLogoutCookie = setCookieHeaderResp.stream()
+                .filter(c -> c.startsWith("QuarkusUser="))
+                .findFirst()
+                .orElseThrow();
+        Assertions.assertEquals("QuarkusUser=;Version=1;Path=/;Max-Age=0", userLogoutCookie);
+        String userSessionCookie = setCookieHeaderResp.stream()
+                .filter(c -> c.startsWith("q_session_apple="))
+                .findFirst()
+                .orElseThrow();
+        Assertions.assertEquals("q_session_apple=;Version=1;Path=/;Max-Age=0", userSessionCookie);
+
+        // THEN Secure page will redirect to login
+        Assertions.assertTrue(
+                given().when().filter(cookieFilter)
+                        .redirects().follow(false)
+                        .get("/Todos/index")
+                        .then()
+                        .statusCode(302).extract().header("Location")
+                        .endsWith("Login/login"));
+    }
+
     private void finishConfirmation(RenardeCookieFilter cookieFilter, String confirmationCode, 
                                     String firstName, String lastName, String userName, String email,
                                     String cookieName) {