From 318b36117e597ac99a4b175f34a698f3deefdaed Mon Sep 17 00:00:00 2001
From: Greg Messner <greg@messners.com>
Date: Wed, 1 May 2019 20:30:35 -0700
Subject: [PATCH] Fixed AccessTokenUtils.revokePersonalAccessToken() (#336).

---
 .../gitlab4j/api/utils/AccessTokenUtils.java  | 23 +++++++++++++++----
 .../gitlab4j/api/TestAccessTokenUtils.java    |  8 +++----
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/gitlab4j/api/utils/AccessTokenUtils.java b/src/main/java/org/gitlab4j/api/utils/AccessTokenUtils.java
index 5fbd05ff..58007f2c 100644
--- a/src/main/java/org/gitlab4j/api/utils/AccessTokenUtils.java
+++ b/src/main/java/org/gitlab4j/api/utils/AccessTokenUtils.java
@@ -36,7 +36,8 @@ public final class AccessTokenUtils {
     protected static final String PERSONAL_ACCESS_TOKEN_REGEX = "name=\\\"created-personal-access-token\\\".*data-clipboard-text=\\\"([^\\\"]*)\\\".*\\/>";
     protected static final Pattern PERSONAL_ACCESS_TOKEN_PATTERN = Pattern.compile(PERSONAL_ACCESS_TOKEN_REGEX);
 
-    protected static final String REVOKE_PERSONAL_ACCESS_TOKEN_REGEX = "<td>%s<\\/td>.*<td>%s<\\/td>.*href=\\\"([^\\\"]*)\\\">Revoke";
+    protected static final String REVOKE_PERSONAL_ACCESS_TOKEN_REGEX = "href=\\\"([^\\\"]*)\\\"";
+    protected static final Pattern REVOKE_PERSONAL_ACCESS_TOKEN_PATTERN = Pattern.compile(REVOKE_PERSONAL_ACCESS_TOKEN_REGEX);
 
     protected static final String FEED_TOKEN_REGEX = "name=\\\"feed_token\\\".*value=\\\"([^\\\"]*)\\\".*\\/>";
     protected static final Pattern FEED_TOKEN_PATTERN = Pattern.compile(FEED_TOKEN_REGEX);
@@ -230,6 +231,18 @@ public final class AccessTokenUtils {
              * Step 3: Submit the /profile/personal_access_tokens page with the info to    *
              * revoke the first matching personal access token.                            *
              *******************************************************************************/
+            int indexOfTokenName = content.indexOf("<td>" + tokenName + "</td>");
+            if (indexOfTokenName == -1) {
+                throw new GitLabApiException("personal access token not found, aborting!");
+            }
+
+            content = content.substring(indexOfTokenName);
+            int indexOfLinkEnd = content.indexOf("</a>");
+            if (indexOfTokenName == -1) {
+                throw new GitLabApiException("personal access token not found, aborting!");
+            }
+
+            content = content.substring(0, indexOfLinkEnd);
             String scopesText = "";
             if (scopes != null && scopes.size() > 0) {
                 final StringJoiner joiner = new StringJoiner(", ");
@@ -237,9 +250,11 @@ public final class AccessTokenUtils {
                 scopesText = joiner.toString();
             }
 
-            String regex = String.format(REVOKE_PERSONAL_ACCESS_TOKEN_REGEX, tokenName, scopesText);
-            Pattern pattern = Pattern.compile(regex);
-            matcher = pattern.matcher(content);
+            if (content.indexOf(scopesText) == -1) {
+                throw new GitLabApiException("personal access token not found, aborting!");
+            }
+
+            matcher = REVOKE_PERSONAL_ACCESS_TOKEN_PATTERN.matcher(content);
             if (!matcher.find()) {
                 throw new GitLabApiException("personal access token not found, aborting!");
             }
diff --git a/src/test/java/org/gitlab4j/api/TestAccessTokenUtils.java b/src/test/java/org/gitlab4j/api/TestAccessTokenUtils.java
index 91a5d49e..3da57759 100644
--- a/src/test/java/org/gitlab4j/api/TestAccessTokenUtils.java
+++ b/src/test/java/org/gitlab4j/api/TestAccessTokenUtils.java
@@ -72,7 +72,7 @@ public class TestAccessTokenUtils {
         String accessToken = AccessTokenUtils.createPersonalAccessToken(
                 TEST_HOST_URL, TEST_LOGIN_USERNAME, TEST_LOGIN_PASSWORD,
                 tokenName, Arrays.asList("api", "sudo"));
-        System.out.println("Created personal access token: " + accessToken);
+        System.out.format("Created '%s' personal access token: %s%n", tokenName, accessToken);
 
         assertNotNull(accessToken);
         assertFalse(accessToken.trim().isEmpty());
@@ -82,7 +82,7 @@ public class TestAccessTokenUtils {
             AccessTokenUtils.revokePersonalAccessToken(
                 TEST_HOST_URL, TEST_LOGIN_USERNAME, TEST_LOGIN_PASSWORD,
                 tokenName, Arrays.asList("api", "sudo"));
-            System.out.println("Revoked personal access token: " + accessToken);
+            System.out.format("Revoked '%s' personal access token: %s%n", tokenName, accessToken);
         } catch (Exception ignore) {}
     }
 
@@ -107,14 +107,14 @@ public class TestAccessTokenUtils {
         String accessToken = AccessTokenUtils.createPersonalAccessToken(
                 TEST_HOST_URL, TEST_LOGIN_USERNAME, TEST_LOGIN_PASSWORD,
                 tokenName, Arrays.asList("api", "sudo"));
-        System.out.println("Created personal access token: " + accessToken);
+        System.out.format("Created '%s' personal access token: %s%n", tokenName, accessToken);
         assertNotNull(accessToken);
         assertFalse(accessToken.trim().isEmpty());
 
         AccessTokenUtils.revokePersonalAccessToken(
                 TEST_HOST_URL, TEST_LOGIN_USERNAME, TEST_LOGIN_PASSWORD,
                 tokenName, Arrays.asList("api", "sudo"));
-        System.out.println("Revoked personal access token: " + accessToken);
+        System.out.format("Revoked '%s' personal access token: %s%n", tokenName, accessToken);
     }
 
     @Test
-- 
GitLab