Token Expiration Test

[pythonpioneer]

Issue

Issue Type: [Test]

Issue Category: [Backend]

Issue Desc:

• Route: Testing the Logout route with an expired refresh token.
• Context: The test is verifying the behaviour of the API when a user logs out after the refresh token has expired.
• Status: All test scenarios work, except for token expiration.
• Expectation: After simulating token expiration using fakeTimers (such as Jest's built-in fake timers or @sinonjs/fake-timers), the API should return a 401 status code, indicating that the refresh token is no longer valid.
• Problem:
  • The test hangs, and the expected behaviour is not reached.
  • Even after advancing time with fakeTimers, the test doesn't proceed as expected.
  • The test fails to handle the token expiration logic properly during logout.

You can find this test inside src/v1/__tests__/logoutUser.test.ts

Code Example

describe("when refresh token is expired", () => {

  it("Should return status code 401", async () => {

    /** FLOW OF THE TEST
           * Register the user
       * Login the user
           * store the refresh token to use it for logout
       * fast-forward the time to expire the refresh token, (REFRESH_TOKEN_AGE VARIABLE IS AVAILABLE, YOU CAN IMPORT IT)
       * Logout the user
       * assert the test, based on the standard status codes
           */

         // register the user
        await request(app).post(registerRoute).send(userData);

    // login the user
    const response = await request(app).post(loginRoute).send({
        email: userData.email,
        password: userData.password
    });

    expect(response.status).toBe(200);
        expect(response.body.data.accessToken).toBeDefined();
    expect(response.body.data.refreshToken).toBeDefined();

    // saving the refresh token
    const refreshToken = response.body.data.refreshToken;

    // fast-forward the time to expire the refresh token
    jest.useFakeTimers();
    jest.advanceTimersByTime(REFRESH_TOKEN_AGE + 1);

    // now, make the request to the logout route
    const logoutResponse = await request(app).post(logoutRoute)
        .set('Cookie', `refreshToken=${refreshToken}`)
        .send();

    expect(logoutResponse.status).toBe(401);

    // shift to real timer
    jest.useRealTimers();
  });
});

Problem Snapshot

Setup to Contribute

Contributing to this project is straightforward. Follow these steps to get started:

• Clone the repo.
• Install all dependencies.
• Create a .env file in the src directory.
• Copy the content from the .env.sample
• Also make sure that the NODE_ENV=test for testing purpose (in this case).

If you encounter any issues while setting up the project, please don't hesitate to leave a message in the comments section. You can also refer to the contributing guidelines for more detailed instructions and best practices.

[pythonpioneer]

We can create a utility method to generate expired tokens or tokens that will expire after some time.