use super::*;
use time::Duration;
#[tokio::test]
async fn revoke_session_route_deletes_session_for_current_user(
) -> Result<(), Box<dyn std::error::Error>> {
let adapter = Arc::new(RouteAdapter::default());
let now = OffsetDateTime::now_utc();
adapter.insert_user(user(now)).await;
adapter
.insert_session(session(now, now + Duration::hours(1)))
.await;
adapter
.insert_session(Session {
id: "session_2".to_owned(),
token: "token_2".to_owned(),
..session(now, now + Duration::hours(2))
})
.await;
let router = router(adapter.clone())?;
let cookie = signed_session_cookie("token_1")?;
let response = router
.handle_async(json_request(
Method::POST,
"/api/auth/revoke-session",
r#"{"token":"token_2"}"#,
Some(&cookie),
)?)
.await?;
assert_eq!(response.status(), StatusCode::OK);
let body: Value = serde_json::from_slice(response.body())?;
assert_eq!(body["status"], true);
assert!(!contains_record_string(&adapter, "session", "token", "token_2").await?);
Ok(())
}
#[tokio::test]
async fn revoke_session_route_requires_authenticated_session(
) -> Result<(), Box<dyn std::error::Error>> {
let adapter = Arc::new(RouteAdapter::default());
let router = router(adapter)?;
let response = router
.handle_async(json_request(
Method::POST,
"/api/auth/revoke-session",
r#"{"token":"token_1"}"#,
None,
)?)
.await?;
assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
Ok(())
}