PP-12395: Revoke key functionality (#4400)

This covers the "Are you sure you want to revoke...?" screen, and the yes and no success paths. 
Cypress tests, validation and the flash notification will come in later PR(s).

app/controllers/simplified-account/settings/api-keys/api-keys.controller.js

@@ -11,6 +11,8 @@ async function get (req, res) {
       return {
         ...activeKey,
         changeNameLink: formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.changeName,
+          req.service.externalId, req.account.type, activeKey.tokenLink),
+        revokeKeyLink: formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.revoke,
           req.service.externalId, req.account.type, activeKey.tokenLink)
       }
     }),
@@ -23,3 +25,4 @@ async function get (req, res) {
 module.exports = { get }
 module.exports.createApiKey = require('./create/create-api-key.controller')
 module.exports.changeName = require('./change-name/change-name.controller')
+module.exports.revoke = require('./revoke/revoke.controller')

app/controllers/simplified-account/settings/api-keys/api-keys.controller.test.js

@@ -43,7 +43,8 @@ describe('Controller: settings/api-keys', () => {
         apiKeys.map(apiKey => {
           return {
             ...apiKey,
-            changeNameLink: `/simplified/service/${SERVICE_ID}/account/${ACCOUNT_TYPE}/settings/api-keys/change-name/${apiKeys[0].tokenLink}`
+            changeNameLink: `/simplified/service/${SERVICE_ID}/account/${ACCOUNT_TYPE}/settings/api-keys/change-name/${apiKeys[0].tokenLink}`,
+            revokeKeyLink: `/simplified/service/${SERVICE_ID}/account/${ACCOUNT_TYPE}/settings/api-keys/revoke/${apiKeys[0].tokenLink}`
           }
         }))
     })

app/controllers/simplified-account/settings/api-keys/revoke/revoke.controller.js

@@ -0,0 +1,22 @@
+const paths = require('@root/paths')
+const formatSimplifiedAccountPathsFor = require('@utils/simplified-account/format/format-simplified-account-paths-for')
+const { response } = require('@utils/response')
+const { getKeyByTokenLink, revokeKey } = require('@services/api-keys.service')
+
+async function get (req, res) {
+  const tokenLink = req.params.tokenLink
+  const apiKey = await getKeyByTokenLink(req.account.id, tokenLink)
+  return response(req, res, 'simplified-account/settings/api-keys/revoke', {
+    description: apiKey.description,
+    backLink: formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.index, req.service.externalId, req.account.type)
+  })
+}
+
+async function post (req, res) {
+  if (req.body.revokeApiKey === 'Yes') { // pragma: allowlist secret
+    await revokeKey(req.account.id, req.params.tokenLink)
+  }
+  res.redirect(formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.index, req.service.externalId, req.account.type))
+}
+
+module.exports = { get, post }

app/controllers/simplified-account/settings/api-keys/revoke/revoke.controller.test.js

@@ -0,0 +1,121 @@
+const ControllerTestBuilder = require('@test/test-helpers/simplified-account/controllers/ControllerTestBuilder.class')
+const sinon = require('sinon')
+const { expect } = require('chai')
+const formatSimplifiedAccountPathsFor = require('@utils/simplified-account/format/format-simplified-account-paths-for')
+const paths = require('@root/paths')
+const GatewayAccount = require('@models/GatewayAccount.class')
+
+const ACCOUNT_TYPE = 'live'
+const SERVICE_ID = 'service-id-123abc'
+const TOKEN_LINK = '550e8400-e29b-41d4-a716-446655440000'
+const GATEWAY_ACCOUNT_ID = 1
+const mockResponse = sinon.spy()
+const token = {
+  description: 'token description',
+  token_link: TOKEN_LINK
+}
+const apiKeysService = {
+  getKeyByTokenLink: sinon.stub().resolves(token),
+  revokeKey: sinon.stub().resolves()
+}
+
+const {
+  req,
+  res,
+  nextRequest,
+  call
+} = new ControllerTestBuilder('@controllers/simplified-account/settings/api-keys/revoke/revoke.controller')
+  .withServiceExternalId(SERVICE_ID)
+  .withAccount(new GatewayAccount({
+    type: ACCOUNT_TYPE,
+    gateway_account_id: GATEWAY_ACCOUNT_ID
+  }))
+  .withStubs({
+    '@utils/response': { response: mockResponse },
+    '@services/api-keys.service': apiKeysService
+  })
+  .build()
+
+describe('Controller: settings/api-keys/revoke', () => {
+  describe('get', () => {
+    before(() => {
+      nextRequest({
+        params: {
+          tokenLink: TOKEN_LINK
+        }
+      })
+      call('get')
+    })
+
+    it('should call apiKeysService.getKeyByTokenLink', () => {
+      expect(apiKeysService.getKeyByTokenLink).to.have.been.calledWith(GATEWAY_ACCOUNT_ID, TOKEN_LINK)
+    })
+
+    it('should call the response method', () => {
+      expect(mockResponse).to.have.been.calledOnce // eslint-disable-line
+    })
+
+    it('should pass req, res, template path and context to the response method', () => {
+      expect(mockResponse).to.have.been.calledWith(
+        { ...req, params: { tokenLink: TOKEN_LINK } },
+        res,
+        'simplified-account/settings/api-keys/revoke',
+        {
+          description: token.description,
+          backLink: formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.index, SERVICE_ID, ACCOUNT_TYPE)
+        })
+    })
+  })
+
+  describe('post', () => {
+    describe('when No is selected', () => {
+      before(() => {
+        nextRequest({
+          body: {
+            revokeApiKey: 'No'
+          },
+          params: {
+            tokenLink: TOKEN_LINK
+          }
+        })
+        call('post')
+      })
+
+      it('should not call apiKeysService.revokeKey', () => {
+        sinon.assert.notCalled(apiKeysService.revokeKey)
+      })
+
+      it('should redirect to the api keys index page', () => {
+        expect(res.redirect.calledOnce).to.be.true // eslint-disable-line
+        expect(res.redirect.args[0][0]).to.include(
+          formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.index, SERVICE_ID, ACCOUNT_TYPE)
+        )
+      })
+    })
+
+    describe('when Yes is selected', () => {
+      before(() => {
+        nextRequest({
+          body: {
+            revokeApiKey: 'Yes' // pragma: allowlist secret
+          },
+          params: {
+            tokenLink: TOKEN_LINK
+          }
+        })
+        call('post')
+      })
+
+      it('should call apiKeysService.revokeKey', () => {
+        expect(apiKeysService.revokeKey).to.have.been.calledWith(GATEWAY_ACCOUNT_ID, TOKEN_LINK)
+      })
+
+      it('should redirect to the api keys index page', () => {
+        expect(res.redirect.calledOnce).to.be.true // eslint-disable-line
+        expect(res.redirect.args[0][0]).to.include(
+          formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.index, SERVICE_ID, ACCOUNT_TYPE)
+        )
+      })
+    })
+  })
+})

app/paths.js

@@ -230,7 +230,8 @@ module.exports = {
       apiKeys: {
         index: '/settings/api-keys',
         create: '/settings/api-keys/create',
-        changeName: '/settings/api-keys/change-name/:tokenLink'
+        changeName: '/settings/api-keys/change-name/:tokenLink',
+        revoke: '/settings/api-keys/revoke/:tokenLink'
       },
       webhooks: {
         index: '/settings/webhooks'

app/services/api-keys.service.js

@@ -47,9 +47,32 @@ const changeApiKeyName = async (tokenLink, name) => {
   await publicAuthClient.updateToken({ payload: { token_link: tokenLink, description: name } })
 }
 
+/**
+ * @param {string} gatewayAccountId
+ * @param {string} tokenLink
+ * @return {Promise<*>}
+ */
+const getKeyByTokenLink = async (gatewayAccountId, tokenLink) => {
+  return await publicAuthClient.getKeyByTokenLink(gatewayAccountId, tokenLink)
+}
+
+/**
+ * @param {string} gatewayAccountId
+ * @param {string} tokenLink
+ * @return {Promise<*>}
+ */
+const revokeKey = async (gatewayAccountId, tokenLink) => {
+  await publicAuthClient.deleteTokenForAccount({
+    accountId: gatewayAccountId,
+    payload: { token_link: tokenLink }
+  })
+}
+
 module.exports = {
   changeApiKeyName,
   createApiKey,
   getActiveKeys,
+  getKeyByTokenLink,
+  revokeKey,
   TOKEN_SOURCE
 }

app/services/clients/public-auth.client.js

@@ -118,8 +118,22 @@ async function revokeTokensForAccount (accountId) {
   await this.client.delete(url, 'revoke all tokens for gateway account')
 }
 
+/**
+ * @param {string} accountId
+ * @param {string} tokenLink
+ * @return {Promise<*>}
+ */
+async function getKeyByTokenLink (accountId, tokenLink) {
+  this.client = new Client(SERVICE_NAME)
+  const url = `${process.env.PUBLIC_AUTH_URL}/${accountId}/${tokenLink}`
+  configureClient(this.client, url)
+  const response = await this.client.get(url, 'get token by token link and account id')
+  return response.data
+}
+
 module.exports = {
   getActiveTokensForAccount,
+  getKeyByTokenLink,
   getRevokedTokensForAccount,
   createTokenForAccount,
   updateToken,

app/simplified-account-routes.js

@@ -79,6 +79,8 @@ simplifiedAccount.get(paths.simplifiedAccount.settings.apiKeys.create, permissio
 simplifiedAccount.post(paths.simplifiedAccount.settings.apiKeys.create, permission('tokens:create'), serviceSettingsController.apiKeys.createApiKey.post)
 simplifiedAccount.get(paths.simplifiedAccount.settings.apiKeys.changeName, permission('tokens:update'), serviceSettingsController.apiKeys.changeName.get)
 simplifiedAccount.post(paths.simplifiedAccount.settings.apiKeys.changeName, permission('tokens:update'), serviceSettingsController.apiKeys.changeName.post)
+simplifiedAccount.get(paths.simplifiedAccount.settings.apiKeys.revoke, permission('tokens:delete'), serviceSettingsController.apiKeys.revoke.get)
+simplifiedAccount.post(paths.simplifiedAccount.settings.apiKeys.revoke, permission('tokens:delete'), serviceSettingsController.apiKeys.revoke.post)
 
 // stripe details
 const stripeDetailsPath = paths.simplifiedAccount.settings.stripeDetails

app/views/simplified-account/settings/api-keys/index.njk

@@ -53,7 +53,7 @@
                 text: 'Change name'
               },
               {
-                href: '#',
+                href: key.revokeKeyLink,
                 text: 'Revoke'
               }
             ]

app/views/simplified-account/settings/api-keys/revoke.njk

@@ -0,0 +1,38 @@
+{% extends "../settings-layout.njk" %}
+
+{% block settingsPageTitle %}
+  API keys - revoke key
+{% endblock %}
+
+{% block settingsContent %}
+  <form id="revoke-api-key" method="post" novalidate>
+    <input id="csrf" name="csrfToken" type="hidden" value="{{ csrf }}"/>
+
+    {{ govukRadios({
+      name: 'revokeApiKey',
+      fieldset: {
+        legend: {
+          text: 'Are you sure you want to revoke ' + description,
+          isPageHeading: true,
+          classes: 'govuk-fieldset__legend--l govuk-!-font-weight-bold'
+        }
+      },
+      hint: {
+        text: 'The key will stop working immediately. Any integration you’ve created will no longer work.'
+      },
+      items: [
+        {
+          value: 'Yes',
+          text: 'Yes'
+        },
+        {
+          value: 'No',
+          text: 'No'
+        }
+      ]
+    }) }}
+    {{ govukButton({
+      text: 'Save changes'
+    }) }}
+  </form>
+{% endblock %}

test/cypress/integration/simplified-account/service-settings/api-keys/api-keys.cy.js

@@ -105,7 +105,8 @@ describe('Settings - API keys', () => {
                 .within(() => {
                   cy.get('a')
                     .should('contain.text', 'Revoke')
-                    .and('have.attr', 'href', '#')
+                    .and('have.attr', 'href', formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.revoke,
+                      SERVICE_EXTERNAL_ID, ACCOUNT_TYPE, token.tokenLink))
                 })
 
               cy.get('.govuk-summary-list__row').eq(0)