99 lines
2.5 KiB
Rust
99 lines
2.5 KiB
Rust
use std::sync::Arc;
|
|
|
|
use domain::models::UserRole;
|
|
use domain::testing::InMemoryUserRepository;
|
|
|
|
use crate::{
|
|
auth::commands::RegisterCommand,
|
|
auth::queries::LoginQuery,
|
|
auth::{login, refresh, register},
|
|
test_helpers::TestContextBuilder,
|
|
};
|
|
|
|
async fn login_user(ctx: &crate::context::AppContext) -> login::LoginResult {
|
|
register::execute(
|
|
ctx,
|
|
RegisterCommand {
|
|
email: "alice@example.com".to_string(),
|
|
username: "alice".to_string(),
|
|
password: "password123".to_string(),
|
|
role: UserRole::Standard,
|
|
},
|
|
)
|
|
.await
|
|
.unwrap();
|
|
|
|
login::execute(
|
|
ctx,
|
|
LoginQuery {
|
|
email: "alice@example.com".into(),
|
|
password: "password123".into(),
|
|
},
|
|
)
|
|
.await
|
|
.unwrap()
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn refresh_returns_new_tokens() {
|
|
let users = InMemoryUserRepository::new();
|
|
let ctx = TestContextBuilder::new()
|
|
.with_users(Arc::clone(&users) as _)
|
|
.build();
|
|
|
|
let login_result = login_user(&ctx).await;
|
|
|
|
let result = refresh::execute(&ctx, &login_result.refresh_token)
|
|
.await
|
|
.unwrap();
|
|
|
|
assert!(!result.token.is_empty());
|
|
assert!(!result.refresh_token.is_empty());
|
|
assert_ne!(result.refresh_token, login_result.refresh_token);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn refresh_rotates_token_old_one_invalid() {
|
|
let users = InMemoryUserRepository::new();
|
|
let ctx = TestContextBuilder::new()
|
|
.with_users(Arc::clone(&users) as _)
|
|
.build();
|
|
|
|
let login_result = login_user(&ctx).await;
|
|
let old_token = login_result.refresh_token.clone();
|
|
|
|
refresh::execute(&ctx, &old_token).await.unwrap();
|
|
|
|
let retry = refresh::execute(&ctx, &old_token).await;
|
|
assert!(retry.is_err());
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn refresh_with_new_token_works() {
|
|
let users = InMemoryUserRepository::new();
|
|
let ctx = TestContextBuilder::new()
|
|
.with_users(Arc::clone(&users) as _)
|
|
.build();
|
|
|
|
let login_result = login_user(&ctx).await;
|
|
|
|
let first = refresh::execute(&ctx, &login_result.refresh_token)
|
|
.await
|
|
.unwrap();
|
|
|
|
let second = refresh::execute(&ctx, &first.refresh_token)
|
|
.await
|
|
.unwrap();
|
|
|
|
assert!(!second.token.is_empty());
|
|
assert_ne!(second.refresh_token, first.refresh_token);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn refresh_with_unknown_token_fails() {
|
|
let ctx = TestContextBuilder::new().build();
|
|
|
|
let result = refresh::execute(&ctx, "nonexistent-token").await;
|
|
assert!(result.is_err());
|
|
}
|