validate token tests

Vizzuality · Sep 21, 2024 · e0afebe · e0afebe
1 parent d5b074b
commit e0afebe
Show file tree

Hide file tree

Showing 6 changed files with 478 additions and 4 deletions.
diff --git a/api/src/modules/auth/authentication/authentication.service.ts b/api/src/modules/auth/authentication/authentication.service.ts
@@ -46,10 +46,10 @@ export class AuthenticationService {
   async verifyToken(token: string, type: TOKEN_TYPE_ENUM): Promise<boolean> {
     const { secret } = this.apiConfig.getJWTConfigByType(type);
     try {
-      this.jwt.verify(token, { secret });
+      await this.jwt.verify(token, { secret });
       return true;
     } catch (error) {
-      return false;
+      throw new UnauthorizedException();
     }
   }
 }
diff --git a/api/test/e2e/features/validate-token.feature b/api/test/e2e/features/validate-token.feature
@@ -0,0 +1,62 @@
+Feature: Validate Token
+
+  # Scenarios for Reset Password Tokens
+
+  Scenario: Validating a valid reset-password token
+    Given a user has requested a password reset
+    When the user attempts to validate the token with type "reset-password"
+    Then the user should receive a 200 status code
+
+  Scenario: Validating an expired reset-password token
+    Given a reset-password token has expired
+    When the user attempts to validate the expired token with type "reset-password"
+    Then the user should receive a 401 status code
+
+  Scenario: Validating a reset-password token with an invalid signature
+    Given a reset-password token has an invalid signature
+    When the user attempts to validate the token with type "reset-password"
+    Then the user should receive a 401 status code
+
+
+  Scenario: Validating a reset-password token with an incorrect type parameter
+    Given a user has a valid reset-password token
+    When the user attempts to validate the token with type "access"
+    Then the user should receive a 401 status code
+
+  Scenario: Validating a reset-password token without specifying the type
+    Given a user has a valid reset-password token
+    When the user attempts to validate the token without specifying the type
+    Then the user should receive a 400 status code
+  ## TODO: Include this step when implemented common error shapes
+   # And the response message should include "expected": "'access' | 'reset-password' | 'email-confirmation'"
+
+  # Scenarios for Access Tokens
+
+  Scenario: Validating a valid access token
+    Given a user has a valid access token
+    When the user attempts to validate the token with type "access"
+    Then the user should receive a 200 status code
+
+  Scenario: Validating an expired access token
+    Given an access token has expired
+    When the user attempts to validate the expired token with type "access"
+    Then the user should receive a 401 status code
+
+  Scenario: Validating an access token with an invalid signature
+    Given an access token has an invalid signature
+    When the user attempts to validate the token with type "access"
+    Then the user should receive a 401 status code
+
+  Scenario: Validating an access token with an incorrect type parameter
+    Given a user has a valid access token
+    When the user attempts to validate the token with type "reset-password"
+    Then the user should receive a 401 status code
+
+  # Common Scenarios for Both Token Types
+
+  Scenario: Validating a token without providing the Authorization header
+    When the user attempts to validate a token without providing the Authorization header
+    Then the user should receive a 400 status code
+
+
+
diff --git a/api/test/e2e/steps/password-recovery.steps.ts b/api/test/e2e/steps/password-recovery.steps.ts
@@ -9,7 +9,7 @@ const feature = loadFeature(
   './test/e2e/features/password-recovery-send-email.feature',
 );
 
-describe('test', () => {
+describe('Password Recovery - Send Email', () => {
   defineFeature(feature, (test) => {
     let testManager: TestManager;
     let testUser: User;