Ensured tokens are different on each login with Test

7riumph · 7riumph · commit 59193e7882e1 · 2025-02-06T16:04:06.000-07:00
diff --git a/spec/requests/api/v1/users/sessions_spec.rb b/spec/requests/api/v1/users/sessions_spec.rb
@@ -28,6 +28,31 @@
         end
       end
 
+      response "201", "generates new randomized tokens on each sign-in" do
+        let(:user) { { email: volunteer.email, password: volunteer.password } }
+        schema "$ref" => "#/components/schemas/login_success"
+
+        run_test! do |response|
+          first_response = JSON.parse(response.body)
+
+          expect(response.status).to eq(201)
+          expect(first_response["token"]).not_to be_nil
+          expect(first_response["refresh_token"]).not_to be_nil
+
+          old_token = first_response["token"]
+          old_refresh_token = first_response["refresh_token"]
+
+          # Second Sign-In
+          post "/api/v1/users/sign_in", params: user
+          second_response = JSON.parse(response.body)
+
+          expect(response.status).to eq(201)
+          expect(second_response["token"]).not_to eq(old_token)
+          expect(second_response["refresh_token"]).not_to eq(old_refresh_token)
+        end
+      end
+
+
       response "401", "invalid credentials" do
         let(:user) { {email: "foo", password: "bar"} }
         schema "$ref" => "#/components/schemas/login_failure"
diff --git a/swagger/v1/swagger.yaml b/swagger/v1/swagger.yaml
@@ -16,6 +16,12 @@ components:
           type: string
         token:
           type: string
+        refresh_token:
+          type: string
+        token_expires_at:
+          type: datetime
+        refresh_token_expires_at:
+          type: datetime
     login_failure:
       type: object
       properties:
