Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: assert refresh token rotation and old-token invalidation

Browse Source
This commit is contained in:
Sandro CURY CAZZANIGA
2026-01-08 06:16:44 +01:00
parent 4888916613
commit 44e2f97cb7
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
internal/services/session_service_test.go
View File

@@ -398,12 +398,23 @@ func TestSessionService_RefreshAccessToken(t *testing.T) {
if result.AccessToken == "" {
t.Error("expected non-empty access token")
}
if result.RefreshToken != refreshToken {
t.Errorf("expected refresh token to remain unchanged")
if result.RefreshToken == "" {
t.Error("expected non-empty refresh token")
}
if result.RefreshToken == refreshToken {
t.Errorf("expected refresh token to rotate")
}
if result.User == nil {
t.Fatal("expected non-nil user")
}
_, err = service.RefreshAccessToken(refreshToken)
if err == nil {
t.Fatal("expected error when using rotated refresh token")
}
if !errors.Is(err, ErrRefreshTokenInvalid) {
t.Errorf("expected ErrRefreshTokenInvalid, got %v", err)
}
})
t.Run("invalid refresh token", func(t *testing.T) {