yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Previously provisioned JWT's should be revoked on signout (#3639)

Browse Source 
* feat: auth.delete endpoint

* test
This commit is contained in:
Tom Moor
2022-06-07 13:57:17 -07:00
committed by GitHub
parent 0de6650aa5
commit 56393f39b7
5 changed files with 62 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
server/routes/api/auth.test.ts
View File

@@ -48,6 +48,30 @@ describe("#auth.info", () => {
});
});
describe("#auth.delete", () => {
it("should make the access token unusable", async () => {
const user = await buildUser();
const res = await server.post("/api/auth.delete", {
body: {
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(200);
const res2 = await server.post("/api/auth.info", {
body: {
token: user.getJwtToken(),
},
});
expect(res2.status).toEqual(401);
});
it("should require authentication", async () => {
const res = await server.post("/api/auth.delete");
expect(res.status).toEqual(401);
});
});
describe("#auth.config", () => {
it("should return available SSO providers", async () => {
env.DEPLOYMENT = "hosted";