Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can't test token_expire (no time travel?) #2277

Open
benascbr opened this issue Jan 2, 2025 · 3 comments
Open

can't test token_expire (no time travel?) #2277

benascbr opened this issue Jan 2, 2025 · 3 comments

Comments

@benascbr
Copy link

benascbr commented Jan 2, 2025
edited
Loading

Subject of the issue

I was asked to implement test for jwt token expire for our application.

Because jwt.ttl is in minutes we can't wait 1 minute in test. Instead I'm trying to time travel but that doesn't work.

Your environment

Q A
Bug? possibly
New Feature? no
Framework Laravel
Framework version 11.36.1
Package version "php-open-source-saver/jwt-auth": "^2",
PHP version 8.3.14

Steps to reproduce

    public function test_token_expire()
    {
        Config::set('jwt.ttl', 1);
        $user = $this->user();

        $response = $this
            ->withHeaders(['X-DEVICE-ID' => md5(microtime(true))])
            ->postJson('/v1/login', [
                'username' => $user->email,
                'password' => 'password'
            ])
            ->assertOk();

        $token = $response->json('data.token');

        $this
            ->withToken($token)
            ->get('/v1/me')
            ->assertOk();

        $this->travel(1)->year();

        $this
            ->withToken($token)
            ->get('/v1/me')
            ->assertUnauthorized();
    }

Expected behaviour

Last API should fail, because token is expired after traveling 1 year.

Actual behaviour

Last API isn't failing and user token still works after 1 year.
@benascbr
Copy link
Author

benascbr commented Jan 2, 2025

Even if time travelling is bad idea I would appreciate any alternative solution to make such test.

@benascbr
Copy link
Author

benascbr commented Jan 2, 2025

https://github.com/tymondesigns/jwt-auth/blob/2.x/src/Claims/Expiration.php#L30

@DrakkoFire
Copy link

I'm guessing it uses Carbon under the hood, a good solution it would be using Carbon::setTestNow() with your date before generating the token, so it can create it with the simulated now(), and then reset the setTestNow to your current date so you can verify if it expired.

Here's a little example:

public function test_token_expire()
{
    Config::set('jwt.ttl', 1);

    // Traveling to the past by 1 minute
    Carbon::setTestNow(Carbon::now()->subMinutes(1));

    $user = $this->user();

    $response = $this
        ->withHeaders(['X-DEVICE-ID' => md5(microtime(true))])
        ->postJson('/v1/login', [
            'username' => $user->email,
            'password' => 'password'
        ])
        ->assertOk();

    $token = $response->json('data.token');

    $this
        ->withToken($token)
        ->get('/v1/me')
        ->assertOk();

    // Traveling back to the present time
    Carbon::setTestNow();

    $this
        ->withToken($token)
        ->get('/v1/me')
        ->assertUnauthorized();
}

You can check the documentation for it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DrakkoFire @benascbr