Changeset View
Changeset View
Standalone View
Standalone View
src/tests/Feature/Controller/AuthTest.php
Show First 20 Lines • Show All 119 Lines • ▼ Show 20 Lines | public function testLogout($token): void | ||||
$this->assertEquals('success', $json['status']); | $this->assertEquals('success', $json['status']); | ||||
$this->assertEquals('Successfully logged out.', $json['message']); | $this->assertEquals('Successfully logged out.', $json['message']); | ||||
// Check if it really destroyed the token? | // Check if it really destroyed the token? | ||||
$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->get("api/auth/info"); | $response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->get("api/auth/info"); | ||||
$response->assertStatus(401); | $response->assertStatus(401); | ||||
} | } | ||||
/** | |||||
* Test /api/auth/refresh | |||||
*/ | |||||
public function testRefresh(): void | public function testRefresh(): void | ||||
{ | { | ||||
// TODO | // Request with no token, testing that it requires auth | ||||
$this->markTestIncomplete(); | $response = $this->post("api/auth/refresh"); | ||||
$response->assertStatus(401); | |||||
// Test the same using JSON mode | |||||
$response = $this->json('POST', "api/auth/refresh", []); | |||||
$response->assertStatus(401); | |||||
// Login the user to get a valid token | |||||
$post = ['email' => 'john@kolab.org', 'password' => 'simple123']; | |||||
$response = $this->post("api/auth/login", $post); | |||||
$response->assertStatus(200); | |||||
$json = $response->json(); | |||||
$token = $json['access_token']; | |||||
// Request with a valid token | |||||
$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->post("api/auth/refresh"); | |||||
$response->assertStatus(200); | |||||
$json = $response->json(); | |||||
$this->assertTrue(!empty($json['access_token'])); | |||||
$this->assertTrue($json['access_token'] != $token); | |||||
$this->assertEquals(\config('jwt.ttl') * 60, $json['expires_in']); | |||||
$this->assertEquals('bearer', $json['token_type']); | |||||
$new_token = $json['access_token']; | |||||
// TODO: Shall we invalidate the old token? | |||||
// And if the new token is working | |||||
$response = $this->withHeaders(['Authorization' => 'Bearer ' . $new_token])->get("api/auth/info"); | |||||
$response->assertStatus(200); | |||||
} | } | ||||
} | } |