mirror of
https://github.com/Dvorinka/Bookra.git
synced 2026-06-03 20:13:00 +00:00
Tomas Dvorak
89 lines
2.5 KiB
Go
89 lines
2.5 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
|
|
"bookra/apps/auth-service/internal/db"
|
|
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
func TestGenerateTokensProducesVerifiableAccessAndRefreshTokens(t *testing.T) {
|
|
service := NewService(nil, nil, "test-secret", "http://localhost:3000")
|
|
name := "Token Tester"
|
|
user := &db.User{
|
|
ID: uuid.MustParse("019daeaa-bc14-7712-9224-e347a96bd5c3"),
|
|
Email: "tester@bookra.dev",
|
|
Name: &name,
|
|
}
|
|
|
|
tokens, err := service.generateTokensAt(user, time.Now().UTC())
|
|
if err != nil {
|
|
t.Fatalf("generate tokens: %v", err)
|
|
}
|
|
|
|
accessClaims, err := service.VerifyToken(tokens.AccessToken)
|
|
if err != nil {
|
|
t.Fatalf("verify access token: %v", err)
|
|
}
|
|
if accessClaims.Type != "access" {
|
|
t.Fatalf("expected access type, got %s", accessClaims.Type)
|
|
}
|
|
|
|
refreshClaims, err := service.VerifyRefreshToken(tokens.RefreshToken)
|
|
if err != nil {
|
|
t.Fatalf("verify refresh token: %v", err)
|
|
}
|
|
if refreshClaims.Type != "refresh" {
|
|
t.Fatalf("expected refresh type, got %s", refreshClaims.Type)
|
|
}
|
|
|
|
if _, err := service.VerifyToken(tokens.RefreshToken); err == nil {
|
|
t.Fatal("expected refresh token to fail access verification")
|
|
}
|
|
if _, err := service.VerifyRefreshToken(tokens.AccessToken); err == nil {
|
|
t.Fatal("expected access token to fail refresh verification")
|
|
}
|
|
}
|
|
|
|
func TestRefreshTokensReturnsRotatedPair(t *testing.T) {
|
|
service := NewService(nil, nil, "test-secret", "http://localhost:3000")
|
|
user := &db.User{
|
|
ID: uuid.MustParse("019daeaa-bc14-7712-9224-e347a96bd5c3"),
|
|
Email: "tester@bookra.dev",
|
|
}
|
|
|
|
original, err := service.generateTokens(user)
|
|
if err != nil {
|
|
t.Fatalf("generate tokens: %v", err)
|
|
}
|
|
|
|
refreshed, err := service.RefreshTokens(context.Background(), original.RefreshToken)
|
|
if err != nil {
|
|
t.Fatalf("refresh tokens: %v", err)
|
|
}
|
|
|
|
if refreshed.AccessToken == original.AccessToken {
|
|
t.Fatal("expected rotated access token")
|
|
}
|
|
if refreshed.RefreshToken == original.RefreshToken {
|
|
t.Fatal("expected rotated refresh token")
|
|
}
|
|
if _, err := service.VerifyToken(refreshed.AccessToken); err != nil {
|
|
t.Fatalf("verify refreshed access token: %v", err)
|
|
}
|
|
if _, err := service.VerifyRefreshToken(refreshed.RefreshToken); err != nil {
|
|
t.Fatalf("verify refreshed refresh token: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestRefreshTokensRejectsInvalidToken(t *testing.T) {
|
|
service := NewService(nil, nil, "test-secret", "http://localhost:3000")
|
|
|
|
if _, err := service.RefreshTokens(context.Background(), "bad-token"); err == nil {
|
|
t.Fatal("expected invalid refresh token error")
|
|
}
|
|
}
|