Invalidate Token API always returns `created: true`

[tvernum]

The TokenService attempts to inform the caller whether a token invalidation was "created". "created":true is intended to imply that the token was previously valid but is now invalid. false indicates that token was already invalid.

However, this doesn't work, and the API already returns true.

https://github.com/elastic/elasticsearch/blob/v6.4.2/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java#L589-L600

There's 2 issues:

• The UpdateRequest never requests the source, so updateResponse.getGetResult() is always null.
• Even if we did, the GetResult is the updated source, not the original source, so invalidated will always be true (because we just set it).

[elasticmachine]

Pinging @elastic/es-security

[MariaTeresaFerreira]

Hi! Can I take care of this issue?

[jaymode]

Hi @MariaTeresaFerreira, thank you for your interest in this issue. I believe @jkakavas is already working on this and the help wanted label should have been removed by us; I am removing it now. @jkakavas please correct me if I am wrong.

[jkakavas]

Yes, this is correct @jaymode , I forgot to remove the label once I assigned this to myself. I have a PR ready for this soon.
Sorry @MariaTeresaFerreira , I hope you find something else interesting to work on !