Fix logout and add tests

biborn · Aug 21, 2020 · 141de58 · 141de58
1 parent d22c2de
commit 141de58
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 7 deletions.
diff --git a/src/routes/v1/auth.route.js b/src/routes/v1/auth.route.js
@@ -142,8 +142,8 @@ module.exports = router;
  *      responses:
  *        "204":
  *          description: No content
- *        "401":
- *          $ref: '#/components/responses/Unauthorized'
+ *        "404":
+ *          $ref: '#/components/responses/NotFound'
  */
 
 /**

diff --git a/src/services/auth.service.js b/src/services/auth.service.js
@@ -24,12 +24,11 @@ const loginUserWithEmailAndPassword = async (email, password) => {
  * @returns {Promise}
  */
 const logout = async (refreshToken) => {
-  try {
-    const refreshTokenDoc = await tokenService.verifyToken(refreshToken, 'refresh');
-    await refreshTokenDoc.remove();
-  } catch (error) {
-    throw new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate');
+  const refreshTokenDoc = await Token.findOne({ token: refreshToken, type: 'refresh', blacklisted: false });
+  if (!refreshTokenDoc) {
+    throw new ApiError(httpStatus.NOT_FOUND, 'Not found');
   }
+  await refreshTokenDoc.remove();
 };
 
 /**

diff --git a/tests/integration/auth.test.js b/tests/integration/auth.test.js
@@ -122,6 +122,41 @@ describe('Auth routes', () => {
     });
   });
 
+  describe('POST /v1/auth/logout', () => {
+    test('should return 204 if refresh token is valid', async () => {
+      await insertUsers([userOne]);
+      const expires = moment().add(config.jwt.refreshExpirationDays, 'days');
+      const refreshToken = tokenService.generateToken(userOne._id, expires);
+      await tokenService.saveToken(refreshToken, userOne._id, expires, 'refresh');
+
+      await request(app).post('/v1/auth/logout').send({ refreshToken }).expect(httpStatus.NO_CONTENT);
+
+      const dbRefreshTokenDoc = await Token.findOne({ token: refreshToken });
+      expect(dbRefreshTokenDoc).toBe(null);
+    });
+
+    test('should return 400 error if refresh token is missing from request body', async () => {
+      await request(app).post('/v1/auth/logout').send().expect(httpStatus.BAD_REQUEST);
+    });
+
+    test('should return 404 error if refresh token is not found in the database', async () => {
+      await insertUsers([userOne]);
+      const expires = moment().add(config.jwt.refreshExpirationDays, 'days');
+      const refreshToken = tokenService.generateToken(userOne._id, expires);
+
+      await request(app).post('/v1/auth/logout').send({ refreshToken }).expect(httpStatus.NOT_FOUND);
+    });
+
+    test('should return 404 error if refresh token is blacklisted', async () => {
+      await insertUsers([userOne]);
+      const expires = moment().add(config.jwt.refreshExpirationDays, 'days');
+      const refreshToken = tokenService.generateToken(userOne._id, expires);
+      await tokenService.saveToken(refreshToken, userOne._id, expires, 'refresh', true);
+
+      await request(app).post('/v1/auth/logout').send({ refreshToken }).expect(httpStatus.NOT_FOUND);
+    });
+  });
+
   describe('POST /v1/auth/refresh-tokens', () => {
     test('should return 200 and new auth tokens if refresh token is valid', async () => {
       await insertUsers([userOne]);