versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
server/packages/api/plugins/openid/routes/oauth/revoke.test.ts
Jesse Wierzbinski 90b6399407
Some checks failed
Mirror to Codeberg / Mirror (push) Failing after 0s
Details
Test Publish / build (client) (push) Failing after 1s
Details
Test Publish / build (sdk) (push) Failing after 0s
Details
refactor: ♻️ Rewrite build system to fit the monorepo architecture
2025-07-04 06:29:43 +02:00

139 lines
4.5 KiB
TypeScript
Raw Blame History

import { afterAll, describe, expect, test } from "bun:test";
import { Application, Token } from "@versia-server/kit/db";
import { fakeRequest, getTestUsers } from "@versia-server/tests";
import { randomUUIDv7 } from "bun";
const { deleteUsers, users } = await getTestUsers(1);
const application = await Application.insert({
id: randomUUIDv7(),
clientId: "test-client-id",
redirectUri: "https://example.com/callback",
scopes: "openid profile email",
secret: "test-secret",
name: "Test Application",
});
const token = await Token.insert({
id: randomUUIDv7(),
code: "test-code",
redirectUri: application.data.redirectUri,
clientId: application.data.clientId,
accessToken: "test-access-token",
expiresAt: new Date(Date.now() + 3600 * 1000).toISOString(),
createdAt: new Date().toISOString(),
tokenType: "Bearer",
scope: application.data.scopes,
userId: users[0].id,
applicationId: application.id,
});
afterAll(async () => {
await deleteUsers();
await application.delete();
await token.delete();
});
describe("/oauth/revoke", () => {
test("should revoke token with valid inputs", async () => {
const response = await fakeRequest("/oauth/revoke", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client_id: application.data.clientId,
client_secret: application.data.secret,
token: "test-access-token",
}),
});
expect(response.status).toBe(200);
const body = await response.json();
expect(body).toEqual({});
});
test("should return error for missing token", async () => {
const response = await fakeRequest("/oauth/revoke", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client_id: application.data.clientId,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("unauthorized_client");
expect(body.error_description).toBe(
"You are not authorized to revoke this token",
);
});
test("should return error for invalid client credentials", async () => {
const response = await fakeRequest("/oauth/revoke", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client_id: application.data.clientId,
client_secret: "invalid-secret",
token: "test-access-token",
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("unauthorized_client");
expect(body.error_description).toBe(
"You are not authorized to revoke this token",
);
});
test("should return error for token not found", async () => {
const response = await fakeRequest("/oauth/revoke", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client_id: application.data.clientId,
client_secret: application.data.secret,
token: "invalid-token",
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("unauthorized_client");
expect(body.error_description).toBe(
"You are not authorized to revoke this token",
);
});
test("should return error for unauthorized client", async () => {
const response = await fakeRequest("/oauth/revoke", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client_id: "unauthorized-client-id",
client_secret: application.data.secret,
token: "test-access-token",
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("unauthorized_client");
expect(body.error_description).toBe(
"You are not authorized to revoke this token",
);
});
});
Reference in a new issue View git blame Copy permalink