Skip to content

Commit

Permalink
validate token tests
Browse files Browse the repository at this point in the history
  • Loading branch information
alexeh committed Sep 21, 2024
1 parent d3e539d commit 0ced803
Show file tree
Hide file tree
Showing 6 changed files with 478 additions and 4 deletions.
4 changes: 2 additions & 2 deletions api/src/modules/auth/authentication/authentication.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,10 @@ export class AuthenticationService {
async verifyToken(token: string, type: TOKEN_TYPE_ENUM): Promise<boolean> {
const { secret } = this.apiConfig.getJWTConfigByType(type);
try {
this.jwt.verify(token, { secret });
await this.jwt.verify(token, { secret });
return true;
} catch (error) {
return false;
throw new UnauthorizedException();
}
}
}
62 changes: 62 additions & 0 deletions api/test/e2e/features/validate-token.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
Feature: Validate Token

# Scenarios for Reset Password Tokens

Scenario: Validating a valid reset-password token
Given a user has requested a password reset
When the user attempts to validate the token with type "reset-password"
Then the user should receive a 200 status code

Scenario: Validating an expired reset-password token
Given a reset-password token has expired
When the user attempts to validate the expired token with type "reset-password"
Then the user should receive a 401 status code

Scenario: Validating a reset-password token with an invalid signature
Given a reset-password token has an invalid signature
When the user attempts to validate the token with type "reset-password"
Then the user should receive a 401 status code


Scenario: Validating a reset-password token with an incorrect type parameter
Given a user has a valid reset-password token
When the user attempts to validate the token with type "access"
Then the user should receive a 401 status code

Scenario: Validating a reset-password token without specifying the type
Given a user has a valid reset-password token
When the user attempts to validate the token without specifying the type
Then the user should receive a 400 status code
## TODO: Include this step when implemented common error shapes
# And the response message should include "expected": "'access' | 'reset-password' | 'email-confirmation'"

# Scenarios for Access Tokens

Scenario: Validating a valid access token
Given a user has a valid access token
When the user attempts to validate the token with type "access"
Then the user should receive a 200 status code

Scenario: Validating an expired access token
Given an access token has expired
When the user attempts to validate the expired token with type "access"
Then the user should receive a 401 status code

Scenario: Validating an access token with an invalid signature
Given an access token has an invalid signature
When the user attempts to validate the token with type "access"
Then the user should receive a 401 status code

Scenario: Validating an access token with an incorrect type parameter
Given a user has a valid access token
When the user attempts to validate the token with type "reset-password"
Then the user should receive a 401 status code

# Common Scenarios for Both Token Types

Scenario: Validating a token without providing the Authorization header
When the user attempts to validate a token without providing the Authorization header
Then the user should receive a 400 status code



2 changes: 1 addition & 1 deletion api/test/e2e/steps/password-recovery.steps.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ const feature = loadFeature(
'./test/e2e/features/password-recovery-send-email.feature',
);

describe('test', () => {
describe('Password Recovery - Send Email', () => {
defineFeature(feature, (test) => {
let testManager: TestManager;
let testUser: User;
Expand Down
Loading

0 comments on commit 0ced803

Please sign in to comment.