Token revoke tests

crates/common/src/auth/access_token.rs

@@ -254,13 +254,11 @@ impl Server {
 
     pub async fn increment_principal_revision(&self, changed_principals: ChangedPrincipals) {
         let mut nested_principals = Vec::new();
-        let mut fetched_ids = AHashSet::new();
 
         for (id, changed_principal) in changed_principals.iter() {
             self.increment_revision(*id).await;
-            if changed_principal.member_change {
-                nested_principals.push(*id);
 
+            if changed_principal.member_change {
                 if changed_principal.typ == Type::Tenant {
                     match self
                         .store()
@@ -277,12 +275,7 @@ impl Server {
                         Ok(principals) => {
                             for principal in principals.items {
                                 if !changed_principals.contains(principal.id()) {
-                                    if principal.typ() == Type::Role {
-                                        nested_principals.push(principal.id());
-                                    } else {
                                     self.increment_revision(principal.id()).await;
-                                        fetched_ids.insert(principal.id());
-                                    }
                                 }
                             }
                         }
@@ -293,11 +286,14 @@ impl Server {
                                 .account_id(*id));
                         }
                     }
+                } else {
+                    nested_principals.push(*id);
                 }
             }
         }
 
         if !nested_principals.is_empty() {
+            let mut fetched_ids = AHashSet::new();
             let mut ids = nested_principals.into_iter();
             let mut ids_stack = vec![];
 

tests/src/jmap/mod.rs

@@ -383,7 +383,7 @@ pub async fn jmap_tests() {
     thread_get::test(&mut params).await;
     thread_merge::test(&mut params).await;
     mailbox::test(&mut params).await;
-    delivery::test(&mut params).await;
+    delivery::test(&mut params).await;*/
     auth_acl::test(&mut params).await;
     auth_limits::test(&mut params).await;
     auth_oauth::test(&mut params).await;
@@ -395,7 +395,7 @@ pub async fn jmap_tests() {
     websocket::test(&mut params).await;
     quota::test(&mut params).await;
     crypto::test(&mut params).await;
-    blob::test(&mut params).await;*/
+    blob::test(&mut params).await;
     permissions::test(&params).await;
     purge::test(&mut params).await;
     enterprise::test(&mut params).await;

tests/src/jmap/permissions.rs

@@ -50,7 +50,8 @@ pub async fn test(params: &JMAPTest) {
         .unwrap()
         .validate_permissions(
             Permission::all().filter(|p| p.is_user_permission() && *p != Permission::Pop3Dele),
-        );
+        )
+        .validate_revision(0);
 
     // Create multiple roles
     for (role, permissions, parent_role) in &[
@@ -139,7 +140,8 @@ pub async fn test(params: &JMAPTest) {
             Permission::ImapList,
             Permission::Pop3Authenticate,
             Permission::Pop3List,
-        ]);
+        ])
+        .validate_revision(1);
 
     // Query all principals
     api.get::<List<Principal>>("/api/principal")
@@ -833,6 +835,7 @@ trait ValidatePermissions {
         expected_permissions: impl IntoIterator<Item = Permission>,
     ) -> Self;
     fn validate_tenant(self, tenant_id: u32, tenant_quota: u64) -> Self;
+    fn validate_revision(self, revision: u64) -> Self;
 }
 
 impl ValidatePermissions for Arc<AccessToken> {
@@ -877,4 +880,9 @@ impl ValidatePermissions for Arc<AccessToken> {
         );
         self
     }
+
+    fn validate_revision(self, revision: u64) -> Self {
+        assert_eq!(self.revision, revision);
+        self
+    }
 }