From 86bbff36ea08eb21bb87c5d351e77cdb80545ac4 Mon Sep 17 00:00:00 2001
From: karwosts <32912880+karwosts@users.noreply.github.com>
Date: Mon, 29 Jan 2024 12:07:44 -0500
Subject: [PATCH] Delete all refresh tokens (attempt #2) (#19547)

* Add a button to delete all refresh tokens (#18680)

Co-authored-by: Bram Kragten <mail@bramkragten.nl>

* Don't delete LL tokens. Don't delete the current token

* Update src/data/auth.ts

Co-authored-by: Simon Lamon <32477463+silamon@users.noreply.github.com>

* typing

---------

Co-authored-by: Bram Kragten <mail@bramkragten.nl>
Co-authored-by: Simon Lamon <32477463+silamon@users.noreply.github.com>
---
 src/data/auth.ts                             |  9 +++++-
 src/data/refresh_token.ts                    |  4 ++-
 src/panels/profile/ha-refresh-tokens-card.ts | 32 ++++++++++++++++++++
 src/translations/en.json                     |  2 ++
 4 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/src/data/auth.ts b/src/data/auth.ts
index 95389e6fd9..29095dcf13 100644
--- a/src/data/auth.ts
+++ b/src/data/auth.ts
@@ -1,5 +1,6 @@
 import { HaFormSchema } from "../components/ha-form/types";
 import { HomeAssistant } from "../types";
+import { RefreshTokenType } from "./refresh_token";
 
 export interface AuthUrlSearchParams {
   client_id?: string;
@@ -137,7 +138,13 @@ export const adminChangePassword = (
     password,
   });
 
-export const deleteAllRefreshTokens = (hass: HomeAssistant) =>
+export const deleteAllRefreshTokens = (
+  hass: HomeAssistant,
+  token_type?: RefreshTokenType,
+  delete_current_token?: boolean
+) =>
   hass.callWS({
     type: "auth/delete_all_refresh_tokens",
+    token_type,
+    delete_current_token,
   });
diff --git a/src/data/refresh_token.ts b/src/data/refresh_token.ts
index bc2752bdf0..e5cbfef53b 100644
--- a/src/data/refresh_token.ts
+++ b/src/data/refresh_token.ts
@@ -4,6 +4,8 @@ declare global {
   }
 }
 
+export type RefreshTokenType = "normal" | "long_lived_access_token";
+
 export interface RefreshToken {
   client_icon?: string;
   client_id: string;
@@ -13,5 +15,5 @@ export interface RefreshToken {
   is_current: boolean;
   last_used_at?: string;
   last_used_ip?: string;
-  type: "normal" | "long_lived_access_token";
+  type: RefreshTokenType;
 }
diff --git a/src/panels/profile/ha-refresh-tokens-card.ts b/src/panels/profile/ha-refresh-tokens-card.ts
index 6217936dcb..b6c340209d 100644
--- a/src/panels/profile/ha-refresh-tokens-card.ts
+++ b/src/panels/profile/ha-refresh-tokens-card.ts
@@ -9,6 +9,7 @@ import "../../components/ha-card";
 import "../../components/ha-settings-row";
 import "../../components/ha-icon-button";
 import { RefreshToken } from "../../data/refresh_token";
+import { deleteAllRefreshTokens } from "../../data/auth";
 import {
   showAlertDialog,
   showConfirmationDialog,
@@ -108,6 +109,13 @@ class HaRefreshTokens extends LitElement {
             )
           : ""}
       </div>
+      <div class="card-actions">
+        <mwc-button class="warning" @click=${this._deleteAllTokens}>
+          ${this.hass.localize(
+            "ui.panel.profile.refresh_tokens.delete_all_tokens"
+          )}
+        </mwc-button>
+      </div>
     </ha-card>`;
   }
 
@@ -139,6 +147,30 @@ class HaRefreshTokens extends LitElement {
     }
   }
 
+  private async _deleteAllTokens(): Promise<void> {
+    if (
+      !(await showConfirmationDialog(this, {
+        text: this.hass.localize(
+          "ui.panel.profile.refresh_tokens.confirm_delete_all"
+        ),
+        destructive: true,
+      }))
+    ) {
+      return;
+    }
+    try {
+      await deleteAllRefreshTokens(this.hass, "normal", false);
+      fireEvent(this, "hass-refresh-tokens");
+    } catch (err: any) {
+      await showAlertDialog(this, {
+        title: this.hass.localize(
+          "ui.panel.profile.refresh_tokens.delete_failed"
+        ),
+        text: err.message,
+      });
+    }
+  }
+
   static get styles(): CSSResultGroup {
     return [
       haStyle,
diff --git a/src/translations/en.json b/src/translations/en.json
index d95f315f86..d2468dde7c 100644
--- a/src/translations/en.json
+++ b/src/translations/en.json
@@ -5867,6 +5867,8 @@
           "last_used": "Last used {date} from {location}",
           "not_used": "Has never been used",
           "confirm_delete": "Are you sure you want to delete the refresh token for {name}?",
+          "delete_all_tokens": "Delete all tokens",
+          "confirm_delete_all": "Are you sure you want to delete all refresh tokens? Your current session token will not be removed. Your long-lived access tokens will not be removed.",
           "delete_failed": "Failed to delete the refresh token.",
           "current_token_tooltip": "Unable to delete current refresh token"
         },