use super::common::{get_credentials, get_revocable_credentials};
use busbar_sf_auth::{Credentials, OAuthClient, OAuthConfig, PRODUCTION_LOGIN_URL};
fn login_url_for(creds: &busbar_sf_auth::SalesforceCredentials) -> &'static str {
if creds.instance_url().contains("test.salesforce.com")
|| creds.instance_url().contains("sandbox")
|| creds.instance_url().contains(".scratch.")
{
"https://test.salesforce.com"
} else {
PRODUCTION_LOGIN_URL
}
}
#[tokio::test]
async fn test_revoke_access_token() {
let creds = get_revocable_credentials().await;
let login_url = login_url_for(&creds);
let result = creds.revoke_session(false, login_url).await;
match &result {
Ok(()) => {} Err(e) => {
let err_str = e.to_string();
assert!(
err_str.contains("revocation failed") || err_str.contains("invalid_token"),
"Unexpected error revoking access token: {err_str}"
);
}
}
}
#[tokio::test]
async fn test_revoke_refresh_token() {
let creds = get_credentials().await;
let login_url = login_url_for(&creds);
let creds_with_dummy = busbar_sf_auth::SalesforceCredentials::new(
creds.instance_url(),
creds.access_token(),
creds.api_version(),
)
.with_refresh_token("dummy-refresh-token-for-revocation-test");
let result = creds_with_dummy.revoke_session(true, login_url).await;
match &result {
Ok(()) => {} Err(e) => {
let err_str = e.to_string();
assert!(
err_str.contains("revocation failed") || err_str.contains("invalid_token"),
"Unexpected error revoking dummy token: {err_str}"
);
}
}
}
#[tokio::test]
async fn test_revoke_token_with_oauth_client() {
let creds = get_revocable_credentials().await;
let login_url = login_url_for(&creds);
let config = OAuthConfig::new("test_revoke_client");
let oauth_client = OAuthClient::new(config);
let result = oauth_client
.revoke_token(creds.access_token(), login_url)
.await;
match &result {
Ok(()) => {}
Err(e) => {
let err_str = e.to_string();
assert!(
err_str.contains("revocation failed") || err_str.contains("invalid_token"),
"Unexpected error revoking token with OAuthClient: {err_str}"
);
}
}
}
#[tokio::test]
async fn test_revoke_token_idempotency() {
let creds = get_revocable_credentials().await;
let login_url = login_url_for(&creds);
let result1 = creds.revoke_session(false, login_url).await;
match &result1 {
Ok(()) => {}
Err(e) => {
let err_str = e.to_string();
assert!(
err_str.contains("revocation failed") || err_str.contains("invalid_token"),
"Unexpected error on first revocation: {err_str}"
);
}
}
let result2 = creds.revoke_session(false, login_url).await;
match &result2 {
Ok(()) => {} Err(e) => {
let err_str = e.to_string();
assert!(
err_str.contains("revocation failed") || err_str.contains("invalid_token"),
"Unexpected error on second revocation: {err_str}"
);
}
}
}
#[tokio::test]
async fn test_revoke_session_without_refresh_token() {
let creds = get_credentials().await;
let login_url = login_url_for(&creds);
let creds_no_refresh = busbar_sf_auth::SalesforceCredentials::new(
creds.instance_url(),
creds.access_token(),
creds.api_version(),
);
let result = creds_no_refresh.revoke_session(true, login_url).await;
assert!(
result.is_err(),
"Should fail when trying to revoke non-existent refresh token"
);
}