test(e2e): assert session delete breaks refresh
This commit is contained in:
parent
cf9d0a26ab
commit
76055b622b
|
|
@ -1,5 +1,5 @@
|
|||
import {test, expect} from '../../../support/fixtures'
|
||||
import {SessionFactory} from '../../../factories/session'
|
||||
import {SessionFactory, hashSessionToken} from '../../../factories/session'
|
||||
import {gotoUserSettings} from '../../../support/userSettings'
|
||||
|
||||
test.describe('Sessions', () => {
|
||||
|
|
@ -20,4 +20,29 @@ test.describe('Sessions', () => {
|
|||
await expect(page.locator('.tag.is-primary')).toContainText('Current')
|
||||
await expect(page.locator('tr', {hasText: 'Firefox on Linux'})).toContainText('192.0.2.5')
|
||||
})
|
||||
|
||||
test('revoking a session breaks its refresh token', async ({
|
||||
authenticatedPage: page, currentUser, apiContext,
|
||||
}) => {
|
||||
const rawToken = 'fixed-refresh-token-for-test-12345678901234567890'
|
||||
await SessionFactory.create(1, {
|
||||
user_id: currentUser.id,
|
||||
token_hash: hashSessionToken(rawToken),
|
||||
ip_address: '192.0.2.5',
|
||||
device_info: 'Firefox on Linux',
|
||||
}, false)
|
||||
|
||||
await gotoUserSettings(page, 'sessions')
|
||||
await page.locator('tr', {hasText: /192\.0\.2\.5/})
|
||||
.getByRole('button', {name: 'Delete'}).click()
|
||||
await page.locator('dialog[open] .modal-content .actions .button').filter({hasText: 'Do it!'}).click()
|
||||
await expect(page.locator('table.table tbody tr')).toHaveCount(1)
|
||||
|
||||
// After revoke, the refresh request must fail. Refresh tokens live in the
|
||||
// vikunja_refresh_token cookie, not as a Bearer credential.
|
||||
const after = await apiContext.post('user/token/refresh', {
|
||||
headers: {Cookie: `vikunja_refresh_token=${rawToken}`},
|
||||
})
|
||||
expect(after.status()).toBe(401)
|
||||
})
|
||||
})
|
||||
|
|
|
|||
Loading…
Reference in New Issue