Skip to content

Commit 6222989

Browse files
devksingh4devksingh4
committed
add session clear tests
1 parent e730ba4 commit 6222989

File tree

2 files changed

+43
-2
lines changed

2 files changed

+43
-2
lines changed

tests/live/clearSession.test.ts

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
import { describe, expect, test } from "vitest";
2+
import { createJwt, getBaseEndpoint } from "./utils.js";
3+
import { allAppRoles } from "../../src/common/roles.js";
4+
5+
const baseEndpoint = getBaseEndpoint();
6+
7+
describe("Session clearing tests", async () => {
8+
test("Token is revoked on logout", async () => {
9+
const token = await createJwt();
10+
// token works
11+
const response = await fetch(`${baseEndpoint}/api/v1/protected`, {
12+
method: "GET",
13+
headers: {
14+
Authorization: `Bearer ${token}`,
15+
},
16+
});
17+
expect(response.status).toBe(200);
18+
const responseBody = await response.json();
19+
expect(responseBody).toStrictEqual({
20+
username: "[email protected]",
21+
roles: allAppRoles,
22+
});
23+
// user logs out
24+
const clearResponse = await fetch(`${baseEndpoint}/api/v1/clearSession`, {
25+
method: "POST",
26+
headers: {
27+
Authorization: `Bearer ${token}`,
28+
},
29+
});
30+
expect(clearResponse.status).toBe(201);
31+
// token should be revoked
32+
const responseFail = await fetch(`${baseEndpoint}/api/v1/protected`, {
33+
method: "GET",
34+
headers: {
35+
Authorization: `Bearer ${token}`,
36+
},
37+
});
38+
expect(responseFail.status).toBe(403);
39+
});
40+
});

tests/live/utils.ts

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ import {
33
SecretsManagerClient,
44
GetSecretValueCommand,
55
} from "@aws-sdk/client-secrets-manager";
6+
import { randomUUID } from "node:crypto";
67

78
export const getSecretValue = async (
89
secretId: string,
@@ -47,7 +48,7 @@ export async function createJwt(
4748
iss: "custom_jwt",
4849
iat: Math.floor(Date.now() / 1000),
4950
nbf: Math.floor(Date.now() / 1000),
50-
exp: Math.floor(Date.now() / 1000) + 3600 * 24, // Token expires after 24 hour
51+
exp: Math.floor(Date.now() / 1000) + 3600 * 1, // Token expires after 1 hour
5152
acr: "1",
5253
aio: "AXQAi/8TAAAA",
5354
amr: ["pwd"],
@@ -64,7 +65,7 @@ export async function createJwt(
6465
sub: "subject",
6566
tid: "tenant-id",
6667
unique_name: username,
67-
uti: "uti-value",
68+
uti: randomUUID().toString(),
6869
ver: "1.0",
6970
};
7071
const token = jwt.sign(payload, secretData.JWTKEY, { algorithm: "HS256" });

0 commit comments

Comments
 (0)