test: validate rotated refresh token and old-token failure

2026-01-08 06:17:21 +01:00
parent 058c69b414
commit 395cc299f3
1 changed files with 13 additions and 0 deletions
--- a/internal/integration/services_integration_test.go
+++ b/internal/integration/services_integration_test.go
@@ -610,6 +610,14 @@ func TestIntegration_Services(t *testing.T) {
 			t.Error("New access token should be different from original")
 		}

+		if newAccessToken.RefreshToken == "" {
+			t.Fatal("Refresh should return a new refresh token")
+		}
+
+		if newAccessToken.RefreshToken == loginResult.RefreshToken {
+			t.Error("Refresh token should rotate")
+		}
+
 		userID, err := authService.VerifyToken(newAccessToken.AccessToken)
 		if err != nil {
 			t.Fatalf("New access token should be valid: %v", err)
@@ -618,6 +626,11 @@ func TestIntegration_Services(t *testing.T) {
 		if userID != user.ID {
 			t.Errorf("Expected user ID %d, got %d", user.ID, userID)
 		}
+
+		_, err = authService.RefreshAccessToken(loginResult.RefreshToken)
+		if err == nil {
+			t.Error("Expected error for rotated refresh token")
+		}
 	})

 	t.Run("Refresh_Token_Expiration", func(t *testing.T) {