token_spec.rb

 1# frozen_string_literal: true
 2
 3require 'rails_helper'
 4
 5RSpec.describe Token, type: :model do
 6  describe "revoke!" do
 7    subject { create(:access_token) }
 8
 9    context "when the token has not been revoked yet" do
10      before do
11        freeze_time
12        subject.revoke!
13      end
14
15      specify { expect(subject.reload.revoked_at.to_i).to eql(Time.current.to_i) }
16    end
17
18    context "when a token associated with an authorization grant is revoked" do
19      subject { create(:access_token, authorization: authorization) }
20
21      let(:authorization) { create(:authorization) }
22      let!(:other_token) { create(:access_token, authorization: authorization) }
23
24      before { subject.revoke! }
25
26      specify { expect(authorization.reload).to be_revoked }
27      specify { expect(other_token.reload).to be_revoked }
28    end
29  end
30
31  describe ".expired" do
32    let!(:active_token) { create(:access_token) }
33    let!(:expired_token) { create(:access_token, expired_at: 1.second.ago) }
34
35    specify { expect(described_class.expired).to match_array([expired_token]) }
36  end
37
38  describe ".revoked" do
39    let!(:revoked_token) { create(:access_token, revoked_at: 1.second.ago) }
40    let!(:active_token) { create(:access_token) }
41
42    specify { expect(described_class.revoked).to match_array([revoked_token]) }
43  end
44
45  describe ".claims_for" do
46    subject { described_class }
47
48    let(:access_token) { build_stubbed(:access_token).to_jwt }
49    let(:refresh_token) { build_stubbed(:refresh_token).to_jwt }
50
51    specify { expect(subject.claims_for('blah', token_type: :access)).to be_empty }
52    specify { expect(subject.claims_for('blah', token_type: :refresh)).to be_empty }
53    specify { expect(subject.claims_for('blah', token_type: :any)).to be_empty }
54    specify { expect(subject.claims_for(access_token, token_type: :access)).to be_present }
55    specify { expect(subject.claims_for(refresh_token, token_type: :refresh)).to be_present }
56  end
57
58  describe ".authenticate" do
59    subject { described_class }
60
61    context "when the access_token is active" do
62      let(:token) { create(:access_token) }
63
64      specify { expect(subject.authenticate(token.to_jwt)).to eql(token) }
65    end
66
67    context "when the token is a refresh token" do
68      let(:token) { create(:refresh_token) }
69
70      specify { expect(subject.authenticate(token.to_jwt)).to be_nil }
71    end
72
73    context "when the access token has been revoked" do
74      let(:token) { create(:access_token, :revoked) }
75
76      specify { expect(subject.authenticate(token.to_jwt)).to be_nil }
77    end
78
79    context "when the access token is expired" do
80      let(:token) { create(:access_token, :expired) }
81
82      specify { expect(subject.authenticate(token.to_jwt)).to be_nil }
83    end
84  end
85end