Level 53
This Stackoverflow answer my help.
Summer Sale! All accounts are 50% off this week.
I have a test that:
I don't understand what the problem is. I'm getting a 200 and the user data is being returned even after revoking (and/or deleting) the token.
This is the relevant part of the AuthController:
public function logout(Request $request)
{
try {
$request->user()->token()->revoke();
$request->user()->token()->delete();
return response()->json([
'type' => 'logout_success',
'message' => 'User logged out.'
]);
} catch (Exception $e) {
return $this->respondWithGenericError($e);
}
}
And the relevant part of the test:
<?php
class AuthTest extends TestCase
{
use RefreshDatabase;
protected function setUp() : void
{
parent::setUp();
\Artisan::call('migrate');
\Artisan::call('passport:install');
}
public function test_that_tokens_are_revoked_upon_logout()
{
$user = factory(\App\User::class)->create();
$response = $this
->postJson('/api/auth/login', [
'email' => $user->email,
'password' => 'password' // NOTE: Is default password set by User factory.
])
->assertJsonStructure([
'access_token',
'expires_at',
'token_type'
]);
$this
->actingAs($user)
->getJson('/api/auth/logout', [
'Authorization' => 'Bearer ' . $response->json()['access_token']
])
->assertJsonFragment(['type' => 'logout_success']);
// FIXME: Why do we get a 200?
$this
->actingAs($user)
->getJson('/api/auth/user', [
'Authorization' => 'Bearer ' . $response->json()['access_token']
])
->assertStatus(401);
// $this
// ->assertDatabaseHas('oauth_access_tokens', [
// 'user_id' => $user->id,
// 'revoked' => true
// ]);
}
}
Please or to participate in this conversation.