Revoke refresh token on logout (cherrypicked)
Change-Id: I30504a15e36d60a832d3a9b8fcd8286ff8400464
diff --git a/t/plugin/auth-oauth.t b/t/plugin/auth-oauth.t
index 4ce999a..f03f61e 100644
--- a/t/plugin/auth-oauth.t
+++ b/t/plugin/auth-oauth.t
@@ -200,6 +200,10 @@
# search with authorization
$t->get_ok('/?q=Baum')
->status_is(200)
+ ->session_has('/auth')
+ ->session_is('/auth', 'Bearer ' . $access_token)
+ ->session_is('/auth_r', $refresh_token)
+ ->session_is('/user', 'test')
->text_like('h1 span', qr/KorAP: Find .Baum./i)
->text_like('#total-results', qr/\d+$/)
->element_exists_not('div.notify-error')
@@ -211,6 +215,9 @@
# Logout
$t->get_ok('/user/logout')
->status_is(302)
+ ->session_hasnt('/auth')
+ ->session_hasnt('/auth_r')
+ ->session_hasnt('/user')
->header_is('Location' => '/');
$t->get_ok('/')
@@ -218,6 +225,8 @@
->element_exists_not('div.notify-error')
->element_exists('div.notify-success')
->text_is('div.notify-success', 'Logout successful')
+ ->element_exists("input[name=handle_or_email]")
+ ->element_exists("input[name=handle_or_email][value=test]")
;
$t->get_ok('/?q=Baum')
diff --git a/t/server/mock.pl b/t/server/mock.pl
index f8e6e62..2e14035 100644
--- a/t/server/mock.pl
+++ b/t/server/mock.pl
@@ -452,6 +452,26 @@
}
};
+# Revoke API token
+post '/v1.0/oauth2/revoke' => sub {
+ my $c = shift;
+
+ my $refresh_token = $c->param('token');
+
+ if ($c->param('client_secret') ne 'k414m4r-s3cr3t') {
+ return $c->render(
+ json => {
+ "error_description" => "Invalid client credentials",
+ "error" => "invalid_client"
+ },
+ status => 401
+ );
+ };
+
+ return $c->render(
+ text => ''
+ )
+};
app->start;