Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CognitoIDP: sign_out() should invalidate AccessToken (#5794)

Browse Source
This commit is contained in:
Bert Blommers 2022-12-20 21:09:02 -01:00 committed by GitHub
parent 027572177d
commit bdef72d481
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
moto/cognitoidp/models.py
View File

@ -627,6 +627,10 @@ class CognitoIdpUserPool(BaseModel):
_, logged_in_user = token_tuple _, logged_in_user = token_tuple
if username == logged_in_user: if username == logged_in_user:
self.refresh_tokens[token] = None self.refresh_tokens[token] = None
for access_token, token_tuple in list(self.access_tokens.items()):
_, logged_in_user = token_tuple
if username == logged_in_user:
self.access_tokens.pop(access_token)
class CognitoIdpUserPoolDomain(BaseModel): class CognitoIdpUserPoolDomain(BaseModel):

6
tests/test_cognitoidp/test_cognitoidp.py
View File

@ -3212,6 +3212,12 @@ def test_global_sign_out():
err["Code"].should.equal("NotAuthorizedException") err["Code"].should.equal("NotAuthorizedException")
err["Message"].should.equal("Refresh Token has been revoked") err["Message"].should.equal("Refresh Token has been revoked")
with pytest.raises(ClientError) as ex:
conn.get_user(AccessToken=result["access_token"])
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
@mock_cognitoidp @mock_cognitoidp
def test_global_sign_out_unknown_accesstoken(): def test_global_sign_out_unknown_accesstoken():