1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
use crate::login::{AUTH_URL, CLIENT_ID};
use crate::settings::get_global_config_path;
use crate::settings::global_user::GlobalUser;
use crate::terminal::message::{Message, StdOut};
use anyhow::Result;
use oauth2::basic::BasicClient;
use oauth2::reqwest::http_client;
use oauth2::{AuthType, AuthUrl, ClientId, RefreshToken, RevocationUrl, StandardRevocableToken};
use std::fs;
static REVOKE_URL: &str = "https://dash.cloudflare.com/oauth2/revoke";
pub fn run() -> Result<()> {
let mut has_auth = true;
if let Ok(user) = GlobalUser::new() {
match user {
GlobalUser::OAuthTokenAuth { .. } => {
match revoke_token(&user) {
Ok(_) => StdOut::info("Wrangler is configured with an OAuth token. The token has been successfully revoked."),
Err(e) => anyhow::bail!(e),
}
}
GlobalUser::ApiTokenAuth { .. } => {
StdOut::info("Wrangler is configured with an API token. Please go to your dashboard if you would like to delete the API token.");
}
GlobalUser::GlobalKeyAuth { .. } => {
StdOut::info("Wrangler is configured with a Global API key.");
}
}
} else {
StdOut::info("Improperly configured or missing authentication method. Please see the documentation regarding `wrangler login` or `wrangler config` for authentication methods.");
has_auth = false;
}
let config_path = get_global_config_path();
if config_path.exists() {
let config_path_str = match config_path.to_str() {
Some(path_name) => path_name,
None => {
log::debug!("Failed to convert config_path to str.");
"configuration file"
}
};
print!("Removing {}..", config_path_str);
fs::remove_file(config_path)?;
println!(" success!");
} else if has_auth {
println!("No config file has been found. If you wish to unauntheticate `wrangler`, please unset your environment variables (e.g. \"CF_API_TOKEN\", \"CF_API_KEY\", or \"CF_EMAIL\").");
}
Ok(())
}
pub fn revoke_token(user: &GlobalUser) -> Result<()> {
if let GlobalUser::OAuthTokenAuth { .. } = user {
let auth_url = AuthUrl::new(AUTH_URL.to_string())?;
let revoke_url = RevocationUrl::new(REVOKE_URL.to_string())?;
let client = BasicClient::new(ClientId::new(CLIENT_ID.to_string()), None, auth_url, None)
.set_revocation_uri(revoke_url)
.set_auth_type(AuthType::RequestBody);
let token_to_revoke = StandardRevocableToken::RefreshToken(RefreshToken::new(
user.get_refresh_token().to_string(),
));
if let Err(err) = client.revoke_token(token_to_revoke)?.request(http_client) {
anyhow::bail!(err)
}
}
Ok(())
}
pub fn invalidate_oauth_token(command: String) {
if let Ok(user) = GlobalUser::new() {
let result = revoke_token(&user);
if result.is_err() {
log::debug!("Failed to invalidate OAuth token before {}", command);
}
}
}