heroku-cli-util - npm Package Compare versions

Comparing version 6.2.3 to 6.2.4

index.js

@@ -38,1 +38,2 @@ 'use strict'
 exports.login = exports.auth.login
+exports.logout = exports.auth.logout

lib/auth.js

@@ -101,3 +101,73 @@ 'use strict'
 
+function * logout () {
+  let token = cli.heroku.options.token
+  if (token) {
+    // for SSO logins we delete the session since those do not show up in
+    // authorizations because they are created a trusted client
+    let sessionsP = cli.heroku.delete('/oauth/sessions/~')
+    .catch(err => {
+      if (err.statusCode === 404 && err.body && err.body.id === 'not_found' && err.body.resource === 'session') {
+        return null
+      }
+      if (err.statusCode === 401 && err.body && err.body.id === 'unauthorized') {
+        return null
+      }
+      throw err
+    })
+
+    // grab the default authorization because that is the token shown in the
+    // dashboard as API Key and they may be using it for something else and we
+    // would unwittingly break an integration that they are depending on
+    let defaultAuthorizationP = cli.heroku.get('/oauth/authorizations/~')
+    .catch(err => {
+      if (err.statusCode === 404 && err.body && err.body.id === 'not_found' && err.body.resource === 'authorization') {
+        return null
+      }
+      if (err.statusCode === 401 && err.body && err.body.id === 'unauthorized') {
+        return null
+      }
+      throw err
+    })
+
+    // grab all the authorizations so that we can delete the token they are
+    // using in the CLI.  we have to do this rather than delete ~ because
+    // the ~ is the API Key, not the authorization that is currently requesting
+    let authorizationsP = cli.heroku.get('/oauth/authorizations')
+    .catch(err => {
+      if (err.statusCode === 401 && err.body && err.body.id === 'unauthorized') {
+        return []
+      }
+      throw err
+    })
+
+    let [, defaultAuthorization, authorizations] = yield [sessionsP, defaultAuthorizationP, authorizationsP]
+
+    if (accessToken(defaultAuthorization) !== token) {
+      for (let authorization of authorizations) {
+        if (accessToken(authorization) === token) {
+          // remove the matching access token from core services
+          yield cli.heroku.delete(`/oauth/authorizations/${authorization.id}`)
+        }
+      }
+    }
+  }
+
+  const Netrc = require('netrc-parser')
+  const netrc = new Netrc()
+  if (netrc.machines.hasOwnProperty('api.heroku.com')) {
+    delete netrc.machines['api.heroku.com']
+  }
+  if (netrc.machines.hasOwnProperty('git.heroku.com')) {
+    delete netrc.machines['git.heroku.com']
+  }
+  netrc.save()
+}
+
+function accessToken (authorization) {
+  return authorization && authorization.access_token && authorization.access_token.token
+}
+
 function * login (options = {}) {
+  yield logout()
+
   try {
@@ -129,3 +199,4 @@ if (options['sso']) {
   login: co.wrap(login),
+  logout: co.wrap(logout),
   token
 }

package.json

 {
   "name": "heroku-cli-util",
   "description": "Set of helpful CLI utilities",
-  "version": "6.2.3",
+  "version": "6.2.4",
   "author": "Jeff Dickey (@dickeyxxx)",
@@ -45,2 +45,3 @@ "bugs": {
     "standard": "^8.6.0",
+    "tmp": "^0.0.31",
     "unexpected": "^10.25.0"
@@ -47,0 +48,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

86492

increased by3.09%

Lines of code

2914

increased by2.25%

Worsened metrics

Dev dependency count

13

increased by8.33%

Number of medium supply chain risk alerts

4

increased by33.33%

No dependency changes