feat(api-key,js-sdk,dashboard): allow deleting api keys only once its revoked (#9118)

what: - module only deletes api keys once its revoked - disables ui elements https://github.com/user-attachments/assets/437821ae-497e-4b59-b02c-4a6ff36e6a30 RESOLVES CC-106 RESOLVES CC-105 RESOLVES CC-104
2024-09-12 12:16:15 +02:00
parent c94f89610f
commit 64d5b74c12
7 changed files with 108 additions and 24 deletions
--- a/packages/modules/api-key/integration-tests/tests/api-key-module-service.spec.ts
+++ b/packages/modules/api-key/integration-tests/tests/api-key-module-service.spec.ts
@@ -261,6 +261,12 @@ moduleIntegrationTestRunner<IApiKeyModuleService>({
            createPublishableKeyFixture,
            createSecretKeyFixture,
          ])
+
+          await service.revoke(
+            { id: [createdApiKeys[0].id, createdApiKeys[1].id] },
+            { revoked_by: "test_user" }
+          )
+
          await service.deleteApiKeys([
            createdApiKeys[0].id,
            createdApiKeys[1].id,
@@ -269,6 +275,25 @@ moduleIntegrationTestRunner<IApiKeyModuleService>({
          const apiKeysInDatabase = await service.listApiKeys()
          expect(apiKeysInDatabase).toHaveLength(0)
        })
+
+        it("should throw when trying to delete unrevoked api keys", async function () {
+          const createdApiKeys = await service.createApiKeys([
+            createPublishableKeyFixture,
+            createSecretKeyFixture,
+          ])
+
+          const error = await service
+            .deleteApiKeys([createdApiKeys[0].id, createdApiKeys[1].id])
+            .catch((e) => e)
+
+          expect(error.type).toEqual("not_allowed")
+          expect(error.message).toContain(
+            `Cannot delete api keys that are not revoked - `
+          )
+
+          const apiKeysInDatabase = await service.listApiKeys()
+          expect(apiKeysInDatabase).toHaveLength(2)
+        })
      })

      describe("authenticating with API keys", () => {