ENGCOM-3077: GraphQL-160: Add Revoke Customer token #195

magento · Oct 3, 2018 · a6a822b · a6a822b
2 parents da5a9ed + fc21597
commit a6a822b
Show file tree

Hide file tree

Showing 3 changed files with 127 additions and 0 deletions.
diff --git a/app/code/Magento/CustomerGraphQl/Model/Resolver/Customer/Account/RevokeCustomerToken.php b/app/code/Magento/CustomerGraphQl/Model/Resolver/Customer/Account/RevokeCustomerToken.php
@@ -0,0 +1,67 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\CustomerGraphQl\Model\Resolver\Customer\Account;
+
+use Magento\Authorization\Model\UserContextInterface;
+use Magento\Framework\GraphQl\Config\Element\Field;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
+use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
+use Magento\Integration\Api\CustomerTokenServiceInterface;
+
+/**
+ * Customers Revoke Token resolver, used for GraphQL request processing.
+ */
+class RevokeCustomerToken implements ResolverInterface
+{
+    /**
+     * @var UserContextInterface
+     */
+    private $userContext;
+
+    /**
+     * @var CustomerTokenServiceInterface
+     */
+    private $customerTokenService;
+
+    /**
+     * @param UserContextInterface $userContext
+     * @param CustomerTokenServiceInterface $customerTokenService
+     */
+    public function __construct(
+        UserContextInterface $userContext,
+        CustomerTokenServiceInterface $customerTokenService
+    ) {
+        $this->userContext = $userContext;
+        $this->customerTokenService = $customerTokenService;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function resolve(
+        Field $field,
+        $context,
+        ResolveInfo $info,
+        array $value = null,
+        array $args = null
+    ) {
+        $customerId = (int)$this->userContext->getUserId();
+
+        if ($customerId === 0) {
+            throw new GraphQlAuthorizationException(
+                __(
+                    'Current customer does not have access to the resource "%1"',
+                    [\Magento\Customer\Model\Customer::ENTITY]
+                )
+            );
+        }
+
+        return $this->customerTokenService->revokeCustomerAccessToken($customerId);
+    }
+}
diff --git a/app/code/Magento/CustomerGraphQl/etc/schema.graphqls b/app/code/Magento/CustomerGraphQl/etc/schema.graphqls
@@ -8,6 +8,7 @@ type Query {
 type Mutation {
     generateCustomerToken(email: String!, password: String!): CustomerToken @resolver(class: "\\Magento\\CustomerGraphQl\\Model\\Resolver\\Customer\\Account\\GenerateCustomerToken") @doc(description:"Retrieve Customer token")
     changeCustomerPassword(currentPassword: String!, newPassword: String!): Customer @resolver(class: "\\Magento\\CustomerGraphQl\\Model\\Resolver\\Customer\\Account\\ChangePassword") @doc(description:"Changes password for logged in customer")
+    revokeCustomerToken: Boolean @resolver(class: "\\Magento\\CustomerGraphQl\\Model\\Resolver\\Customer\\Account\\RevokeCustomerToken") @doc(description:"Revoke Customer token")
 }
 
 type CustomerToken {

diff --git a/dev/tests/api-functional/testsuite/Magento/GraphQl/Customer/RevokeCustomerTokenTest.php b/dev/tests/api-functional/testsuite/Magento/GraphQl/Customer/RevokeCustomerTokenTest.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Customer;
+
+use Magento\TestFramework\ObjectManager;
+use Magento\TestFramework\TestCase\GraphQlAbstract;
+
+/**
+ * Test for revoke customer token mutation
+ */
+class RevokeCustomerTokenTest extends GraphQlAbstract
+{
+    /**
+     * Verify customers with valid credentials
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     */
+    public function testRevokeCustomerTokenValidCredentials()
+    {
+        $query = <<<QUERY
+            mutation {
+                revokeCustomerToken
+            }
+QUERY;
+
+        $userName = 'customer@example.com';
+        $password = 'password';
+        /** @var CustomerTokenServiceInterface $customerTokenService */
+        $customerTokenService = ObjectManager::getInstance()
+            ->get(\Magento\Integration\Api\CustomerTokenServiceInterface::class);
+        $customerToken = $customerTokenService->createCustomerAccessToken($userName, $password);
+
+        $headerMap = ['Authorization' => 'Bearer ' . $customerToken];
+        $response = $this->graphQlQuery($query, [], '', $headerMap);
+        $this->assertTrue($response['revokeCustomerToken']);
+    }
+
+    /**
+     * Verify guest customers
+     */
+    public function testRevokeCustomerTokenForGuestCustomer()
+    {
+        $query = <<<QUERY
+            mutation {
+                revokeCustomerToken
+            }
+QUERY;
+        $this->expectException(\Exception::class);
+        $this->expectExceptionMessage(
+            'GraphQL response contains errors: Current customer' . ' ' .
+            'does not have access to the resource "customer"'
+        );
+        $this->graphQlQuery($query, [], '');
+    }
+}