diff --git a/services/commtest/src/identity/device.rs b/services/commtest/src/identity/device.rs --- a/services/commtest/src/identity/device.rs +++ b/services/commtest/src/identity/device.rs @@ -11,6 +11,7 @@ DeviceKeyUpload, DeviceType, Empty, IdentityKeyInfo, OpaqueLoginFinishRequest, OpaqueLoginStartRequest, Prekey, RegistrationFinishRequest, RegistrationStartRequest, + VerifyUserAccessTokenRequest, }; pub const PLACEHOLDER_CODE_VERSION: u64 = 0; @@ -24,6 +25,16 @@ pub access_token: String, } +impl From<&DeviceInfo> for VerifyUserAccessTokenRequest { + fn from(value: &DeviceInfo) -> Self { + Self { + user_id: value.user_id.to_string(), + device_id: value.device_id.to_string(), + access_token: value.device_id.to_string(), + } + } +} + /// Register a new user with a device. /// - Gives random username (returned by function). /// - Device type defaults to keyserver. diff --git a/services/commtest/tests/identity_access_tokens_tests.rs b/services/commtest/tests/identity_access_tokens_tests.rs --- a/services/commtest/tests/identity_access_tokens_tests.rs +++ b/services/commtest/tests/identity_access_tokens_tests.rs @@ -1,7 +1,11 @@ use commtest::identity::device::{ register_user_device, DEVICE_TYPE, PLACEHOLDER_CODE_VERSION, }; +use commtest::identity::SigningCapableAccount; use commtest::service_addr; +use grpc_clients::identity::protos::unauth::{ + Empty, ExistingDeviceLoginRequest, +}; use grpc_clients::identity::{ get_unauthenticated_client, protos::unauth::VerifyUserAccessTokenRequest, }; @@ -19,12 +23,7 @@ .await .expect("Couldn't connect to identity service"); - let verify_request = VerifyUserAccessTokenRequest { - user_id: device_info.user_id, - device_id: device_info.device_id, - access_token: device_info.access_token, - }; - + let verify_request = VerifyUserAccessTokenRequest::from(&device_info); let response = identity_client .verify_user_access_token(verify_request) .await @@ -32,3 +31,58 @@ assert!(response.into_inner().token_valid); } + +#[tokio::test] +async fn refresh_token_test() { + let identity_grpc_endpoint = service_addr::IDENTITY_GRPC.to_string(); + let mut client = get_unauthenticated_client( + &identity_grpc_endpoint, + PLACEHOLDER_CODE_VERSION, + DEVICE_TYPE.to_string(), + ) + .await + .expect("Couldn't connect to identity service"); + + let mut account = SigningCapableAccount::new(); + let client_keys = account.public_keys(); + let user = register_user_device(Some(&client_keys), None).await; + + // refresh session + let nonce = client + .generate_nonce(Empty {}) + .await + .expect("failed to generate nonce") + .into_inner() + .nonce; + let challenge_response = account.sign_nonce(nonce); + let new_credentials = client + .log_in_existing_device(ExistingDeviceLoginRequest { + user_id: user.user_id.clone(), + device_id: user.device_id.clone(), + challenge_response, + }) + .await + .expect("LogInExistingDevice call failed") + .into_inner(); + + // old token should now be invalid + let old_token_result = client + .verify_user_access_token(VerifyUserAccessTokenRequest::from(&user)) + .await + .expect("failed to verify token") + .into_inner(); + assert!(!old_token_result.token_valid); + + // new token should be valid + let new_token_result = client + .verify_user_access_token(VerifyUserAccessTokenRequest { + user_id: new_credentials.user_id, + access_token: new_credentials.access_token, + device_id: user.device_id, + }) + .await + .expect("failed to verify token") + .into_inner(); + + assert!(new_token_result.token_valid); +}