From fbb82c87e858e4708ff52422a88550260b5bf1ac Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Thu, 27 Jan 2022 14:12:49 +0200
Subject: [PATCH] Add new device token deletion endpoint

---
 .../resources/api_auth/new_device.py          | 18 ++++++++++++++++++
 selfprivacy_api/utils/auth.py                 |  7 +++++++
 tests/test_auth.py                            | 19 +++++++++++++++++++
 3 files changed, 44 insertions(+)

diff --git a/selfprivacy_api/resources/api_auth/new_device.py b/selfprivacy_api/resources/api_auth/new_device.py
index 6961e90..6133bbf 100644
--- a/selfprivacy_api/resources/api_auth/new_device.py
+++ b/selfprivacy_api/resources/api_auth/new_device.py
@@ -7,6 +7,7 @@ from selfprivacy_api.resources.api_auth import api
 from selfprivacy_api.utils.auth import (
     get_new_device_auth_token,
     use_new_device_auth_token,
+    delete_new_device_auth_token,
 )
 
 
@@ -32,6 +33,23 @@ class NewDevice(Resource):
         token = get_new_device_auth_token()
         return {"token": token}
 
+    def delete(self):
+        """
+        Delete new device token
+        ---
+        tags:
+            - Tokens
+        security:
+            - bearerAuth: []
+        responses:
+            200:
+                description: New device token deleted
+            400:
+                description: Bad request
+        """
+        delete_new_device_auth_token()
+        return {"token": None}
+
 
 class AuthorizeDevice(Resource):
     """Authorize device class
diff --git a/selfprivacy_api/utils/auth.py b/selfprivacy_api/utils/auth.py
index cbfd643..df3ee71 100644
--- a/selfprivacy_api/utils/auth.py
+++ b/selfprivacy_api/utils/auth.py
@@ -276,6 +276,13 @@ def _get_new_device_auth_token():
         return new_device["token"]
 
 
+def delete_new_device_auth_token():
+    """Delete new device auth token"""
+    with WriteUserData(UserDataFiles.TOKENS) as tokens:
+        if "new_device" in tokens:
+            del tokens["new_device"]
+
+
 def use_new_device_auth_token(mnemonic_phrase, name):
     """Use the new device auth token by converting the mnemonic string to a byte array.
     If the mnemonic phrase is valid then generate a device token and return it.
diff --git a/tests/test_auth.py b/tests/test_auth.py
index 6ec61fd..8380a91 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -114,6 +114,25 @@ def test_get_new_device_auth_token(authorized_client, tokens_file):
     assert read_json(tokens_file)["new_device"]["token"] == token
 
 
+def test_get_and_delete_new_device_token(authorized_client, tokens_file):
+    response = authorized_client.post("/auth/new_device")
+    assert response.status_code == 200
+    assert "token" in response.json
+    token = Mnemonic(language="english").to_entropy(response.json["token"]).hex()
+    assert read_json(tokens_file)["new_device"]["token"] == token
+    response = authorized_client.delete(
+        "/auth/new_device", json={"token": response.json["token"]}
+    )
+    assert response.status_code == 200
+    assert read_json(tokens_file) == TOKENS_FILE_CONTETS
+
+
+def test_delete_token_unauthenticated(client, tokens_file):
+    response = client.delete("/auth/new_device")
+    assert response.status_code == 401
+    assert read_json(tokens_file) == TOKENS_FILE_CONTETS
+
+
 def test_get_and_authorize_new_device(client, authorized_client, tokens_file):
     response = authorized_client.post("/auth/new_device")
     assert response.status_code == 200