Commit c8e8e0e
Changed files (3)
app
controllers
spec
requests
app/controllers/tokens_controller.rb
@@ -15,7 +15,7 @@ class TokensController < ApplicationController
def introspect
claims = Token.claims_for(params[:token], token_type: :any)
- if revoked_tokens[claims[:jti]]
+ if claims.empty? || revoked_tokens[claims[:jti]]
render json: { active: false }, status: :ok
else
render json: claims.merge(active: true), status: :ok
spec/requests/tokens_spec.rb
@@ -269,5 +269,16 @@ RSpec.describe '/tokens' do
let(:json) { JSON.parse(response.body, symbolize_names: true) }
specify { expect(json[:active]).to eql(false) }
end
+
+ context "when the token is expired" do
+ let(:token) { create(:access_token, :expired) }
+
+ before { post '/tokens/introspect', params: { token: token.to_jwt }, headers: headers }
+
+ specify { expect(response).to have_http_status(:ok) }
+ specify { expect(response['Content-Type']).to include('application/json') }
+ let(:json) { JSON.parse(response.body, symbolize_names: true) }
+ specify { expect(json[:active]).to eql(false) }
+ end
end
end
spec/factories.rb
@@ -19,6 +19,10 @@ FactoryBot.define do
trait :revoked do
revoked_at { Time.now }
end
+
+ trait :expired do
+ expired_at { 1.minute.ago }
+ end
end
factory :authorization do