jediping
9 months ago

Testing Passport logout -- is it possible?

Posted 9 months ago by jediping

I'm trying to figure out how to test my Passport-driven logout function, which looks like this:

public function logout() {
        $accessToken = auth()->user()->token();

        $refreshToken = DB::table('oauth_refresh_tokens')
            ->where('access_token_id', $accessToken->id)
            ->update([
                'revoked' => true
            ]);

        $accessToken->revoke();

        return response()->json(['status' => 200]);
    }

I am using the Passport actingAs helper in setting up the response.

    Passport::actingAs(
            $user,
            ['read write']
        );
$response = $this->post('/logout')
                ->assertStatus(200);

The test fails, as the code gives a 500 error, as auth()->user()->token() is ... empty-ish? $accessToken->id is 0, for example, which it shouldn't be, which means the code fails.

What I'm not sure about is if this is expected behavior because of how Passport's actingAs helper works and I can't actually test the logout function, or if there's something wrong with my logout function. Halp!

ETA: My login function, if it's helpful:

public function login(Request $request, Client $client){
        $this->validateLogin($request);

        if ($this->hasTooManyLoginAttempts($request)) {
            $this->fireLockoutEvent($request);

            return $this->sendLockoutResponse($request);
        }

        $response = $client->post(config('app.url') . '/oauth/token', [
            'form_params' => [
                'client_id' => config('auth.proxy.client_id'),
                'client_secret' => config('auth.proxy.client_secret'),
                'grant_type' => config('auth.proxy.grant_type'),
                'username' => $request->email,
                'password' => $request->password,
                'scopes' => '[read write]'
            ]
        ]);

        if ($response->getStatusCode() === 200) {
            $this->clearLoginAttempts($request);

           return response($response->getBody()->getContents(), $response->getStatusCode());
        }

        $this->incrementLoginAttempts($request);

        return response($response->getBody()->getContents(), $response->getStatusCode());
    }

Please sign in or create an account to participate in this conversation.