add DELETE route and logic

packages/core/admin/server/controllers/__tests__/api-token.test.js

@@ -96,4 +96,55 @@ describe('API Token Controller', () => {
       expect(send).toHaveBeenCalledWith({ data: tokens });
     });
   });
+
+  describe('Delete an API token', () => {
+    const token = {
+      id: 1,
+      name: 'api-token_tests-name',
+      description: 'api-token_tests-description',
+      type: 'read-only',
+    };
+
+    test('Deletes an API token successfully', async () => {
+      const revoke = jest.fn().mockResolvedValue(token);
+      const deleted = jest.fn();
+      const ctx = createContext({ params: { id: token.id } }, { deleted });
+
+      global.strapi = {
+        admin: {
+          services: {
+            'api-token': {
+              revoke,
+            },
+          },
+        },
+      };
+
+      await apiTokenController.revoke(ctx);
+
+      expect(revoke).toHaveBeenCalledWith(token.id);
+      expect(deleted).toHaveBeenCalledWith();
+    });
+
+    test('Does not return an error if the ressource does not exists', async () => {
+      const revoke = jest.fn().mockResolvedValue(null);
+      const deleted = jest.fn();
+      const ctx = createContext({ params: { id: token.id } }, { deleted });
+
+      global.strapi = {
+        admin: {
+          services: {
+            'api-token': {
+              revoke,
+            },
+          },
+        },
+      };
+
+      await apiTokenController.revoke(ctx);
+
+      expect(revoke).toHaveBeenCalledWith(token.id);
+      expect(deleted).toHaveBeenCalledWith();
+    });
+  });
 });

packages/core/admin/server/controllers/api-token.js

@@ -41,4 +41,13 @@ module.exports = {
 
     ctx.send({ data: apiTokens });
   },
+
+  async revoke(ctx) {
+    const { id } = ctx.params;
+    const apiTokenService = getService('api-token');
+
+    await apiTokenService.revoke(id);
+
+    ctx.deleted();
+  },
 };

packages/core/admin/server/routes/api-tokens.js

@@ -23,4 +23,15 @@ module.exports = [
       ],
     },
   },
+  {
+    method: 'DELETE',
+    path: '/api-tokens/:id',
+    handler: 'api-token.revoke',
+    config: {
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        { name: 'admin::hasPermissions', options: { actions: ['admin::api-tokens.delete'] } },
+      ],
+    },
+  },
 ];

packages/core/admin/server/services/__tests__/api-token.test.js

@@ -153,4 +153,43 @@ describe('API Token', () => {
       expect(res).toEqual(tokens);
     });
   });
+
+  describe('revoke', () => {
+    const token = {
+      id: 1,
+      name: 'api-token_tests-name',
+      description: 'api-token_tests-description',
+      type: 'read-only',
+    };
+
+    test('It deletes the token', async () => {
+      const mockedDelete = jest.fn().mockResolvedValue(token);
+
+      global.strapi = {
+        query() {
+          return { delete: mockedDelete };
+        },
+      };
+
+      const res = await apiTokenService.revoke(token.id);
+
+      expect(mockedDelete).toHaveBeenCalledWith({ where: { id: token.id } });
+      expect(res).toEqual(token);
+    });
+
+    test('It returns `null` if the resource does not exists', async () => {
+      const mockedDelete = jest.fn().mockResolvedValue(null);
+
+      global.strapi = {
+        query() {
+          return { delete: mockedDelete };
+        },
+      };
+
+      const res = await apiTokenService.revoke(42);
+
+      expect(mockedDelete).toHaveBeenCalledWith({ where: { id: 42 } });
+      expect(res).toEqual(null);
+    });
+  });
 });

packages/core/admin/server/services/api-token.js

@@ -95,10 +95,20 @@ const list = async () => {
   });
 };
 
+/**
+ * @param {string|number} id
+ *
+ * @returns {Promise<void>}
+ */
+const revoke = async id => {
+  return strapi.query('admin::api-token').delete({ where: { id } });
+};
+
 module.exports = {
   create,
   exists,
   createSaltIfNotDefined,
   hash,
   list,
+  revoke,
 };

packages/core/admin/server/tests/admin-api-token.test.e2e.js

@@ -175,4 +175,24 @@ describe('Admin API Token CRUD (e2e)', () => {
       },
     ]);
   });
+
+  test('7. Deletes a token (successfully)', async () => {
+    const res = await rq({
+      url: '/admin/api-tokens/3',
+      method: 'DELETE',
+    });
+
+    expect(res.statusCode).toBe(204);
+    expect(res.body.data).toBeUndefined();
+  });
+
+  test('8. Does not return an error if the ressource does not exists', async () => {
+    const res = await rq({
+      url: '/admin/api-tokens/42',
+      method: 'DELETE',
+    });
+
+    expect(res.statusCode).toBe(204);
+    expect(res.body.data).toBeUndefined();
+  });
 });