Dmitri
e3d4f8eac8
Some checks failed
Build and Push Docker Image / build-and-push (push) Failing after 11m16s
62 lines
2.4 KiB
Rust
62 lines
2.4 KiB
Rust
use crate::common::{setup_app, spawn_server};
|
|
|
|
#[tokio::test]
|
|
async fn test_protected_route_requires_auth() {
|
|
let (app, _db) = setup_app().await;
|
|
let (base_url, client) = spawn_server(app).await;
|
|
|
|
// No token → 401
|
|
let resp = client
|
|
.get(format!("{}/api/v1/protected/ping", base_url))
|
|
.send().await.unwrap();
|
|
assert_eq!(resp.status(), 401, "Protected route should require auth");
|
|
|
|
// With token → 200
|
|
let email = format!("protected_{}@test.com", uuid::Uuid::new_v4());
|
|
let reg = client
|
|
.post(format!("{}/api/v1/auth/register", base_url))
|
|
.json(&serde_json::json!({"email": email, "password": "SuperSecureP@ssw0rd2024!"}))
|
|
.send().await.unwrap();
|
|
let token: serde_json::Value = reg.json().await.unwrap();
|
|
|
|
let resp = client
|
|
.get(format!("{}/api/v1/protected/ping", base_url))
|
|
.bearer_auth(token["access_token"].as_str().unwrap())
|
|
.send().await.unwrap();
|
|
assert_eq!(resp.status(), 200, "Protected route should succeed with valid token");
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_refresh_and_logout_all() {
|
|
let (app, _db) = setup_app().await;
|
|
let (base_url, client) = spawn_server(app).await;
|
|
|
|
// Register + login to get a valid session
|
|
let email = format!("refresh_{}@test.com", uuid::Uuid::new_v4());
|
|
let reg = client
|
|
.post(format!("{}/api/v1/auth/register", base_url))
|
|
.json(&serde_json::json!({"email": email, "password": "SuperSecureP@ssw0rd2024!"}))
|
|
.send().await.unwrap();
|
|
let _token: serde_json::Value = reg.json().await.unwrap();
|
|
|
|
// Refresh should work
|
|
let refreshed = client
|
|
.post(format!("{}/api/v1/auth/refresh", base_url))
|
|
.send().await.unwrap();
|
|
assert!(refreshed.status().is_success(), "Refresh should succeed with cookie");
|
|
let new_token: serde_json::Value = refreshed.json().await.unwrap();
|
|
assert!(new_token["access_token"].is_string());
|
|
|
|
// Logout all
|
|
let resp = client
|
|
.post(format!("{}/api/v1/protected/auth/logout-all", base_url))
|
|
.bearer_auth(new_token["access_token"].as_str().unwrap())
|
|
.send().await.unwrap();
|
|
assert!(resp.status().is_success(), "logout-all should succeed");
|
|
|
|
// After logout-all, refresh should fail
|
|
let fail = client
|
|
.post(format!("{}/api/v1/auth/refresh", base_url))
|
|
.send().await.unwrap();
|
|
assert_eq!(fail.status(), 401, "Refresh should fail after logout-all");
|
|
} |