From 141de587b68b0252d37ade49a0db8f97eca46459 Mon Sep 17 00:00:00 2001
From: Hagop Jamkojian <hagopj13@gmail.com>
Date: Fri, 21 Aug 2020 23:59:31 +0200
Subject: [PATCH] Fix logout and add tests

---
 src/routes/v1/auth.route.js    |  4 ++--
 src/services/auth.service.js   |  9 ++++-----
 tests/integration/auth.test.js | 35 ++++++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 7 deletions(-)

diff --git a/src/routes/v1/auth.route.js b/src/routes/v1/auth.route.js
index 5c2ce5d7..dbd2cee2 100644
--- a/src/routes/v1/auth.route.js
+++ b/src/routes/v1/auth.route.js
@@ -142,8 +142,8 @@ module.exports = router;
  *      responses:
  *        "204":
  *          description: No content
- *        "401":
- *          $ref: '#/components/responses/Unauthorized'
+ *        "404":
+ *          $ref: '#/components/responses/NotFound'
  */
 
 /**
diff --git a/src/services/auth.service.js b/src/services/auth.service.js
index ef253093..07571e78 100644
--- a/src/services/auth.service.js
+++ b/src/services/auth.service.js
@@ -24,12 +24,11 @@ const loginUserWithEmailAndPassword = async (email, password) => {
  * @returns {Promise}
  */
 const logout = async (refreshToken) => {
-  try {
-    const refreshTokenDoc = await tokenService.verifyToken(refreshToken, 'refresh');
-    await refreshTokenDoc.remove();
-  } catch (error) {
-    throw new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate');
+  const refreshTokenDoc = await Token.findOne({ token: refreshToken, type: 'refresh', blacklisted: false });
+  if (!refreshTokenDoc) {
+    throw new ApiError(httpStatus.NOT_FOUND, 'Not found');
   }
+  await refreshTokenDoc.remove();
 };
 
 /**
diff --git a/tests/integration/auth.test.js b/tests/integration/auth.test.js
index 106308be..608ca6b4 100644
--- a/tests/integration/auth.test.js
+++ b/tests/integration/auth.test.js
@@ -122,6 +122,41 @@ describe('Auth routes', () => {
     });
   });
 
+  describe('POST /v1/auth/logout', () => {
+    test('should return 204 if refresh token is valid', async () => {
+      await insertUsers([userOne]);
+      const expires = moment().add(config.jwt.refreshExpirationDays, 'days');
+      const refreshToken = tokenService.generateToken(userOne._id, expires);
+      await tokenService.saveToken(refreshToken, userOne._id, expires, 'refresh');
+
+      await request(app).post('/v1/auth/logout').send({ refreshToken }).expect(httpStatus.NO_CONTENT);
+
+      const dbRefreshTokenDoc = await Token.findOne({ token: refreshToken });
+      expect(dbRefreshTokenDoc).toBe(null);
+    });
+
+    test('should return 400 error if refresh token is missing from request body', async () => {
+      await request(app).post('/v1/auth/logout').send().expect(httpStatus.BAD_REQUEST);
+    });
+
+    test('should return 404 error if refresh token is not found in the database', async () => {
+      await insertUsers([userOne]);
+      const expires = moment().add(config.jwt.refreshExpirationDays, 'days');
+      const refreshToken = tokenService.generateToken(userOne._id, expires);
+
+      await request(app).post('/v1/auth/logout').send({ refreshToken }).expect(httpStatus.NOT_FOUND);
+    });
+
+    test('should return 404 error if refresh token is blacklisted', async () => {
+      await insertUsers([userOne]);
+      const expires = moment().add(config.jwt.refreshExpirationDays, 'days');
+      const refreshToken = tokenService.generateToken(userOne._id, expires);
+      await tokenService.saveToken(refreshToken, userOne._id, expires, 'refresh', true);
+
+      await request(app).post('/v1/auth/logout').send({ refreshToken }).expect(httpStatus.NOT_FOUND);
+    });
+  });
+
   describe('POST /v1/auth/refresh-tokens', () => {
     test('should return 200 and new auth tokens if refresh token is valid', async () => {
       await insertUsers([userOne]);