@soapjs/soap-auth 0.3.1 → 0.3.3

package/build/strategies/credential-auth.strategy.js

@@ -1,254 +1,189 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CredentialAuthStrategy = void 0;
+const Soap = __importStar(require("@soapjs/soap"));
 const errors_1 = require("../errors");
 const base_auth_strategy_1 = require("./base-auth.strategy");
+const password_service_1 = require("../services/password.service");
 class CredentialAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     config;
     session;
+    jwt;
     logger;
-    constructor(config, session, logger) {
+    password;
+    constructor(config, session, jwt, logger) {
         super(config, session, logger);
         this.config = config;
         this.session = session;
+        this.jwt = jwt;
         this.logger = logger;
-    }
-    async storeUserSession(user, context) {
-        if (!this.session || !this.config.session) {
-            this.logger?.info("Session management is not configured. Skipping session storage.");
-            return;
+        if (config.passwordPolicy) {
+            this.password = new password_service_1.PasswordService(config.passwordPolicy, logger);
         }
-        let sessionId = this.config.session.getSessionId?.(context);
-        if (!sessionId) {
-            sessionId = this.config.session.generateSessionId
-                ? this.config.session.generateSessionId(user, context)
-                : `sid-${Date.now()}-${Math.random().toString(36).substring(7)}`;
+    }
+    async fetchUser(payload) {
+        if (this.config?.user?.fetchUser) {
+            return this.config.user.fetchUser(payload);
         }
-        const sessionData = this.config.session.createSessionData
-            ? this.config.session.createSessionData(user, context)
-            : { user };
-        if (this.config.session.store) {
-            await this.config.session.store.setSession(sessionId, sessionData);
+        throw new Soap.NotImplementedError("fetchUser");
+    }
+    async authenticate(context) {
+        try {
+            await this.rateLimit?.checkRateLimit(context);
+            if (this.jwt) {
+                try {
+                    return await this.jwt.authenticate(context);
+                }
+                catch (e) {
+                    this.logger?.warn("JWT authentication failed, falling back to session.");
+                }
+            }
+            if (this.session) {
+                return await this.authenticateWithSession(context);
+            }
+            this.logger?.warn("No authentication method found. Proceeding as guest.");
+            if (this.config.allowGuest) {
+                return { user: null };
+            }
+            throw new errors_1.UserNotFoundError();
         }
-        else {
-            await this.session.set(sessionId, sessionData);
+        catch (error) {
+            await this.onFailure("authenticate", {
+                context,
+                error,
+            });
+            throw error;
         }
-        this.config.session.embedSessionId?.(context, sessionId);
-        this.logger?.info(`Stored user session with ID: ${sessionId}`);
-    }
-    async handleAuthenticationError(error, context) {
-        this.logger?.error("Authentication failed:", error);
-        await this.onFailure("login", { context, error });
-        throw new errors_1.AuthError(error, "Authentication failed.");
-    }
-    async preAuthChecks(identifier) {
-        await this.isAccountLocked(identifier);
-        await this.checkFailedAttempts(identifier);
-        await this.checkRateLimit(identifier);
-        await this.checkPasswordExpiry(identifier);
     }
-    async handleFailedLogin(identifier) {
-        await this.config.failedAttempts.incrementFailedAttempts?.(identifier);
-    }
-    async handleSuccessfulLogin(identifier) {
-        await this.config.failedAttempts.resetFailedAttempts?.(identifier);
-    }
-    async finalizeAuthentication(user, context) {
-        await this.checkMfa(user, context);
-        await this.isAuthorized(user);
-        await this.storeUserSession(user, context);
-    }
-    async authenticate(context) {
+    async login(context) {
         try {
+            await this.rateLimit?.checkRateLimit(context);
             const credentials = await this.extractCredentials(context);
-            if (!credentials)
+            if (!credentials) {
                 throw new errors_1.MissingCredentialsError();
-            await this.preAuthChecks(credentials.identifier);
-            const valid = await this.verifyCredentials(credentials.identifier, credentials.password);
-            if (!valid) {
-                await this.handleFailedLogin(credentials.identifier);
+            }
+            await this.accountLock?.isAccountLocked(credentials.identifier);
+            await this.throttle?.checkFailedAttempts(credentials.identifier);
+            if ((await this.verifyCredentials(credentials.identifier, credentials.password)) === false) {
+                await this.throttle?.incrementFailedAttempts(credentials.identifier);
                 throw new errors_1.InvalidCredentialsError();
             }
-            await this.handleSuccessfulLogin(credentials.identifier);
-            const user = await this.retrieveUser(credentials.identifier);
-            if (!user)
+            const isPasswordChangeRequired = await this.password?.isPasswordChangeRequired(credentials.identifier);
+            if (isPasswordChangeRequired) {
+                throw new errors_1.ExpiredPasswordError();
+            }
+            await this.throttle?.resetFailedAttempts(credentials.identifier);
+            const user = await this.fetchUser(credentials.identifier);
+            if (!user) {
                 throw new errors_1.UserNotFoundError();
-            await this.finalizeAuthentication(user, context);
-            this.auditLoginAttempt(credentials.identifier, true, context);
-            return { user };
-        }
-        catch (e) {
-            this.auditLoginAttempt(null, false, context);
-            return this.handleAuthenticationError(e, context);
-        }
-    }
-    async handleSession(user, context) {
-        if (this.session) {
-            const sessionId = this.session.generateSessionId();
-            await this.session.set(sessionId, user);
+            }
+            await this.mfa?.checkMfa(user, context);
+            await this.role?.isAuthorized(user);
+            const tokens = await this.jwt?.issueTokens(user, context);
+            const session = await this.session?.issueSession(user, context);
+            return { user, session, tokens };
+        }
+        catch (error) {
+            await this.onFailure("login", {
+                context,
+                error,
+            });
+            throw error;
         }
     }
     async logout(context) {
         try {
-            if (this.session) {
-                const sessionId = this.session.getSessionId?.(context);
-                if (!sessionId)
-                    throw new Error("Session ID is missing in the context.");
-                await this.session.destroy(sessionId);
-                this.logger?.info(`Session destroyed: ${sessionId}`);
-            }
+            await this.session?.logoutSession(context);
             await this.onSuccess("logout", context);
         }
-        catch (e) {
-            const error = new errors_1.AuthError(e, "Logout process failed.");
-            this.logger?.error("Error during logout:", error);
-            await this.onFailure("logout", { context, error });
+        catch (error) {
+            await this.onFailure("logout", {
+                error,
+            });
             throw error;
         }
     }
     async requestPasswordReset(identifier, email) {
         try {
-            if (!this.config?.passwordPolicy.generateResetToken) {
-                throw new Error("Password reset token generation is not configured.");
-            }
-            const token = await this.config.passwordPolicy.generateResetToken(identifier);
+            const token = await this.password.generateResetToken(identifier);
             if (email) {
-                await this.config.passwordPolicy.sendResetEmail?.(email, token);
+                await this.password.sendResetEmail(email, token);
             }
-            await this.onSuccess("request_password_reset", { identifier });
+            await this.onSuccess("request_password_reset", {
+                identifier,
+                tokens: { reset: token },
+            });
             this.logger.info(`Password reset requested for identifier: ${identifier}`);
         }
-        catch (e) {
-            const error = new errors_1.AuthError(e, "Password reset request error.");
-            this.logger.error("Password reset request error:", e);
+        catch (error) {
             await this.onFailure("request_password_reset", {
                 identifier,
-                error: e,
+                email,
+                error,
             });
             throw error;
         }
     }
     async resetPassword(identifier, token, newPassword) {
         try {
-            if (!this.config.passwordPolicy?.validateResetToken) {
-                throw new Error("Password reset token validation is not configured.");
+            if (!this.password?.validateResetToken) {
+                throw new Soap.NotImplementedError("validateResetToken");
             }
-            const isValid = await this.config.passwordPolicy.validateResetToken(token);
-            if (!isValid) {
-                throw new Error("Invalid or expired reset token.");
+            if ((await this.password.validateResetToken(token)) === false) {
+                throw new errors_1.ExpiredResetTokenError();
             }
-            await this.config.passwordPolicy.updatePassword(identifier, newPassword);
+            await this.password.updatePassword(identifier, newPassword);
             await this.onSuccess("password_reset", { identifier });
             this.logger.info(`Password successfully reset for identifier: ${identifier}`);
-            this.auditPasswordChange(identifier);
         }
-        catch (e) {
-            const error = new errors_1.AuthError(e, "Password reset error");
-            this.logger.error("Password reset error:", e);
+        catch (error) {
             await this.onFailure("password_reset", {
                 identifier,
-                error: e,
+                additional: { token },
+                error,
             });
             throw error;
         }
     }
     async changePassword(identifier, oldPassword, newPassword) {
         try {
-            if (!this.config.credentials.verifyCredentials) {
-                throw new Error("Credential verification is not configured.");
-            }
-            const isAuthenticated = await this.config.credentials.verifyCredentials(identifier, oldPassword);
-            if (!isAuthenticated) {
+            if (!(await this.verifyCredentials(identifier, oldPassword))) {
                 throw new errors_1.InvalidCredentialsError();
             }
-            await this.config.passwordPolicy?.updatePassword?.(identifier, newPassword);
+            await this.password.updatePassword(identifier, newPassword);
             await this.onSuccess("change_password", { identifier });
             this.logger.info(`Password changed successfully for identifier: ${identifier}`);
-            this.auditPasswordChange(identifier);
         }
-        catch (e) {
-            const error = new errors_1.AuthError(e, "Change password error");
-            this.logger.error("Change password error:", e);
+        catch (error) {
             await this.onFailure("change_password", {
                 identifier,
-                error: e,
+                error,
             });
             throw error;
         }
     }
-    async auditLoginAttempt(identifier, success, context) {
-        await this.config.audit?.logAttempt?.(identifier, success, context);
-    }
-    async auditPasswordChange(identifier, context) {
-        await this.config.audit?.logPasswordChange?.(identifier, context);
-    }
-    validatePasswordPolicy(password) {
-        return this.config.passwordPolicy.validatePassword?.(password) ?? true;
-    }
-    async checkFailedAttempts(identifier) {
-        try {
-            if (this.config.security?.maxFailedLoginAttempts) {
-                const failedAttempts = (await this.config.failedAttempts.getFailedAttempts?.(identifier)) ||
-                    0;
-                if (failedAttempts >= this.config.security.maxFailedLoginAttempts) {
-                    this.logger.warn(`User ${identifier} is temporarily locked out.`);
-                    throw new errors_1.AccountLockedError();
-                }
-            }
-        }
-        catch (e) {
-            this.logger.error("Check failed attempts:", e);
-        }
-    }
-    async isAccountLocked(account) {
-        if (await this.config.lock.isAccountLocked?.(account)) {
-            throw new errors_1.AccountLockedError();
-        }
-        if (typeof account === "string" && this.config.security?.lockoutDuration) {
-            const lockoutKey = `lockout:${account}`;
-            const lockoutSession = await this.session?.get(lockoutKey);
-            if (lockoutSession) {
-                const elapsed = Date.now() - Number(lockoutSession.date);
-                if (elapsed < this.config.security.lockoutDuration * 60 * 1000) {
-                    this.logger.warn(`Account ${account} is temporarily locked out.`);
-                    return true;
-                }
-                else {
-                    await this.session?.destroy(lockoutKey);
-                }
-            }
-        }
-        return false;
-    }
-    async incrementFailedAttempts(account) {
-        if (this.config.failedAttempts.incrementFailedAttempts) {
-            await this.config.failedAttempts.incrementFailedAttempts(account);
-            const failedAttempts = (await this.config.failedAttempts.getFailedAttempts?.(account)) || 0;
-            if (this.config.security?.maxFailedLoginAttempts &&
-                failedAttempts >= this.config.security.maxFailedLoginAttempts) {
-                const lockoutKey = `lockout:${account}`;
-                await this.session?.set(lockoutKey, {
-                    date: Date.now(),
-                });
-                this.logger.warn(`Account ${account} has been locked due to failed attempts.`);
-                this.notifyAccountLocked(account);
-            }
-        }
-    }
-    async notifyAccountLocked(identifier) {
-        if (this.config.security?.notifyOnLockout) {
-            await this.config.security.notifyOnLockout(identifier);
-        }
-    }
-    async checkPasswordExpiry(identifier) {
-        if (this.config.passwordPolicy?.passwordExpirationDays) {
-            const lastChanged = await this.config.passwordPolicy.getLastPasswordChange?.(identifier);
-            if (lastChanged &&
-                Date.now() - Number(lastChanged) >
-                    this.config.passwordPolicy.passwordExpirationDays * 86400000) {
-                throw new Error("Password expired, please reset your password.");
-            }
-        }
-    }
 }
 exports.CredentialAuthStrategy = CredentialAuthStrategy;

package/build/strategies/jwt/__tests__/jwt.strategy.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/strategies/jwt/__tests__/jwt.strategy.test.js

@@ -0,0 +1,156 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const jsonwebtoken_1 = require("jsonwebtoken");
+const jwt_strategy_1 = require("../jwt.strategy");
+const errors_1 = require("../../../errors");
+describe("JWTStrategy", () => {
+    let strategy;
+    let mockLogger;
+    let mockConfig;
+    let mockUser;
+    let mockContext;
+    beforeEach(() => {
+        mockLogger = { error: jest.fn(), warn: jest.fn(), info: jest.fn() };
+        mockUser = { id: "123", email: "test@example.com" };
+        mockContext = {
+            req: {
+                headers: { authorization: "Bearer mock-access-token" },
+                cookies: { refreshToken: "mock-refresh-token" },
+            },
+            res: { setHeader: jest.fn(), cookie: jest.fn(), clearCookie: jest.fn() },
+        };
+        mockConfig = {
+            accessToken: {
+                issuer: { secretKey: "access-secret", options: { expiresIn: "1h" } },
+                verifier: { options: {} },
+                persistence: { store: jest.fn() },
+                extract: jest.fn(),
+                embed: jest.fn(),
+            },
+            refreshToken: {
+                issuer: { secretKey: "refresh-secret", options: { expiresIn: "7d" } },
+                verifier: { options: {} },
+                persistence: { store: jest.fn(), remove: jest.fn() },
+                extract: jest.fn(),
+                embed: jest.fn(),
+            },
+            user: { fetchUser: jest.fn().mockResolvedValue(mockUser) },
+            routes: {},
+        };
+        strategy = new jwt_strategy_1.JwtStrategy(mockConfig, mockLogger);
+    });
+    it("should authenticate user with valid access token", async () => {
+        const mockAccessToken = "mock-access-token";
+        jest
+            .spyOn(mockConfig.accessToken, "extract")
+            .mockReturnValue(mockAccessToken);
+        jest.spyOn(strategy, "verifyAccessToken").mockResolvedValue(mockUser);
+        const result = await strategy.authenticate(mockContext);
+        expect(result.user).toEqual(mockUser);
+        expect(result.tokens.accessToken).toEqual("mock-access-token");
+    });
+    it("should refresh tokens when access token is invalid", async () => {
+        const mockAccessToken = "mock-access-token";
+        const mockRefreshToken = "mock-refresh-token";
+        jest
+            .spyOn(mockConfig.accessToken, "extract")
+            .mockReturnValue(mockAccessToken);
+        jest
+            .spyOn(mockConfig.refreshToken, "extract")
+            .mockReturnValue(mockRefreshToken);
+        jest
+            .spyOn(strategy, "verifyAccessToken")
+            .mockRejectedValue(new jsonwebtoken_1.TokenExpiredError("Access", new Date()));
+        jest.spyOn(strategy, "verifyRefreshToken").mockResolvedValue(mockUser);
+        jest
+            .spyOn(strategy, "generateAccessToken")
+            .mockResolvedValue("new-access-token");
+        jest
+            .spyOn(strategy, "generateRefreshToken")
+            .mockResolvedValue("new-refresh-token");
+        jest.spyOn(strategy, "storeAccessToken").mockResolvedValue(null);
+        jest.spyOn(strategy, "storeRefreshToken").mockResolvedValue(null);
+        const result = await strategy.authenticate(mockContext);
+        expect(result.user).toEqual(mockUser);
+        expect(result.tokens.accessToken).toEqual("new-access-token");
+        expect(result.tokens.refreshToken).toEqual("new-refresh-token");
+    });
+    it("should throw MissingTokenError when no tokens are provided", async () => {
+        jest.spyOn(mockConfig.accessToken, "extract").mockReturnValue(undefined);
+        jest.spyOn(mockConfig.refreshToken, "extract").mockReturnValue(undefined);
+        await expect(strategy.authenticate(mockContext)).rejects.toThrow(errors_1.MissingTokenError);
+    });
+    it("should throw InvalidTokenError if user does not exist", async () => {
+        const mockAccessToken = "mock-access-token";
+        const mockRefreshToken = null;
+        jest
+            .spyOn(mockConfig.accessToken, "extract")
+            .mockReturnValue(mockAccessToken);
+        jest
+            .spyOn(mockConfig.refreshToken, "extract")
+            .mockReturnValue(mockRefreshToken);
+        jest.spyOn(strategy, "verifyAccessToken").mockResolvedValue(mockUser);
+        mockConfig.user.fetchUser = jest.fn().mockResolvedValue(null);
+        await expect(strategy.authenticate(mockContext)).rejects.toThrow(errors_1.InvalidTokenError);
+    });
+    it("should throw InvalidTokenError when refresh token is invalid", async () => {
+        const mockAccessToken = "mock-access-token";
+        const mockRefreshToken = "mock-refresh-token";
+        jest
+            .spyOn(mockConfig.accessToken, "extract")
+            .mockReturnValue(mockAccessToken);
+        jest
+            .spyOn(mockConfig.refreshToken, "extract")
+            .mockReturnValue(mockRefreshToken);
+        jest
+            .spyOn(strategy, "verifyAccessToken")
+            .mockRejectedValue(new errors_1.InvalidTokenError("Access"));
+        jest
+            .spyOn(strategy, "verifyRefreshToken")
+            .mockRejectedValue(new errors_1.InvalidTokenError("Refresh"));
+        await expect(strategy.authenticate(mockContext)).rejects.toThrow(errors_1.InvalidTokenError);
+    });
+    it("should generate and store access and refresh tokens", async () => {
+        jest
+            .spyOn(strategy, "generateAccessToken")
+            .mockResolvedValue("new-access-token");
+        jest
+            .spyOn(strategy, "generateRefreshToken")
+            .mockResolvedValue("new-refresh-token");
+        jest.spyOn(strategy, "storeAccessToken").mockResolvedValue(null);
+        jest.spyOn(strategy, "storeRefreshToken").mockResolvedValue(null);
+        const tokens = await strategy.issueTokens(mockUser, mockContext);
+        expect(tokens).toHaveProperty("accessToken", "new-access-token");
+        expect(tokens).toHaveProperty("refreshToken", "new-refresh-token");
+        expect(strategy.storeAccessToken).toHaveBeenCalledWith("new-access-token");
+        expect(strategy.storeRefreshToken).toHaveBeenCalledWith("new-refresh-token");
+    });
+    it("should invalidate refresh token", async () => {
+        jest
+            .spyOn(strategy, "extractRefreshToken")
+            .mockResolvedValue("mock-refresh-token");
+        jest.spyOn(strategy, "invalidateRefreshToken").mockResolvedValue(null);
+        await strategy.invalidateRefreshToken(mockContext);
+        expect(strategy.invalidateRefreshToken).toHaveBeenCalledWith(mockContext);
+    });
+    it("should extract access token from context", async () => {
+        const mockAccessToken = "mock-access-token";
+        jest
+            .spyOn(mockConfig.accessToken, "extract")
+            .mockReturnValue(mockAccessToken);
+        const token = await strategy.extractAccessToken(mockContext);
+        expect(token).toBe("mock-access-token");
+    });
+    it("should extract refresh token from context", async () => {
+        const mockRefreshToken = "mock-refresh-token";
+        jest
+            .spyOn(mockConfig.refreshToken, "extract")
+            .mockReturnValueOnce(mockRefreshToken);
+        const token = await strategy.extractRefreshToken(mockContext);
+        expect(token).toBe("mock-refresh-token");
+    });
+    it("should throw UndefinedTokenSecretError if access secret key is missing", async () => {
+        mockConfig.accessToken.issuer.secretKey = undefined;
+        expect(() => new jwt_strategy_1.JwtStrategy(mockConfig, mockLogger)).toThrow(errors_1.UndefinedTokenSecretError);
+    });
+});

package/build/strategies/jwt/__tests__/jwt.tools.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/strategies/jwt/__tests__/jwt.tools.test.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const globals_1 = require("@jest/globals");
+const jwt_tools_1 = require("../jwt.tools");
+const errors_1 = require("../../../errors");
+(0, globals_1.describe)("JwtTools", () => {
+    const secretKey = "test-secret";
+    const payload = { id: "user123", email: "test@example.com" };
+    const config = {
+        accessToken: {
+            issuer: { secretKey, options: { expiresIn: "1h" } },
+            verifier: { options: {} },
+        },
+        refreshToken: {
+            issuer: { secretKey, options: { expiresIn: "7d" } },
+            verifier: { options: {} },
+        },
+        routes: {},
+    };
+    (0, globals_1.it)("should generate an access token", () => {
+        const token = jwt_tools_1.JwtTools.generateAccessToken(payload, config.accessToken);
+        (0, globals_1.expect)(typeof token).toBe("string");
+    });
+    (0, globals_1.it)("should throw error when generating access token without secret key", () => {
+        const invalidConfig = {
+            ...config,
+            accessToken: { issuer: { secretKey: "" } },
+        };
+        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.generateAccessToken(payload, invalidConfig.accessToken)).toThrow(errors_1.UndefinedTokenSecretError);
+    });
+    (0, globals_1.it)("should generate a refresh token", () => {
+        const token = jwt_tools_1.JwtTools.generateRefreshToken(payload, config.refreshToken);
+        (0, globals_1.expect)(typeof token).toBe("string");
+    });
+    (0, globals_1.it)("should throw error when generating refresh token without secret key", () => {
+        const invalidConfig = {
+            ...config,
+            refreshToken: { issuer: { secretKey: "" } },
+        };
+        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.generateRefreshToken(payload, invalidConfig.refreshToken)).toThrow(errors_1.UndefinedTokenSecretError);
+    });
+    (0, globals_1.it)("should verify a valid access token", () => {
+        const token = jwt_tools_1.JwtTools.generateAccessToken(payload, config.accessToken);
+        const decoded = jwt_tools_1.JwtTools.verifyAccessToken(token, config.accessToken);
+        (0, globals_1.expect)(decoded.id).toBe(payload.id);
+    });
+    (0, globals_1.it)("should throw error for undefined access token", () => {
+        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.verifyAccessToken("", config.accessToken)).toThrow(errors_1.UndefinedTokenError);
+    });
+    (0, globals_1.it)("should throw error for invalid access token", () => {
+        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.verifyAccessToken("invalid-token", config.accessToken)).toThrow(errors_1.InvalidTokenError);
+    });
+    (0, globals_1.it)("should verify a valid refresh token", () => {
+        const token = jwt_tools_1.JwtTools.generateRefreshToken(payload, config.refreshToken);
+        const decoded = jwt_tools_1.JwtTools.verifyRefreshToken(token, config.refreshToken);
+        (0, globals_1.expect)(decoded.id).toBe(payload.id);
+    });
+    (0, globals_1.it)("should throw error for undefined refresh token", () => {
+        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.verifyRefreshToken("", config.refreshToken)).toThrow(errors_1.UndefinedTokenError);
+    });
+    (0, globals_1.it)("should throw error for invalid refresh token", () => {
+        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.verifyRefreshToken("invalid-token", config.refreshToken)).toThrow(errors_1.InvalidTokenError);
+    });
+    (0, globals_1.it)("should set the access token in the response header", () => {
+        const token = jwt_tools_1.JwtTools.generateAccessToken(payload, config.accessToken);
+        const context = { res: { setHeader: globals_1.jest.fn() } };
+        jwt_tools_1.JwtTools.setAccessTokenHeader(token, context);
+        (0, globals_1.expect)(context.res.setHeader).toHaveBeenCalledWith("Authorization", `Bearer ${token}`);
+    });
+    (0, globals_1.it)("should set the refresh token in cookies", () => {
+        const token = jwt_tools_1.JwtTools.generateRefreshToken(payload, config.refreshToken);
+        const context = { res: { cookie: globals_1.jest.fn() } };
+        jwt_tools_1.JwtTools.setRefreshTokenCookie(token, context);
+        (0, globals_1.expect)(context.res.cookie).toHaveBeenCalledWith("refreshToken", token, globals_1.expect.any(Object));
+    });
+    (0, globals_1.it)("should clear tokens from headers and cookies", () => {
+        const context = {
+            res: { clearCookie: globals_1.jest.fn(), setHeader: globals_1.jest.fn() },
+        };
+        jwt_tools_1.JwtTools.clearTokens(context);
+        (0, globals_1.expect)(context.res.clearCookie).toHaveBeenCalledWith("refreshToken");
+        (0, globals_1.expect)(context.res.setHeader).toHaveBeenCalledWith("Authorization", "");
+    });
+    (0, globals_1.it)("should retrieve an access token from request headers", () => {
+        const token = jwt_tools_1.JwtTools.generateAccessToken(payload, config.accessToken);
+        const context = {
+            req: { headers: { authorization: `Bearer ${token}` } },
+        };
+        const extractedToken = jwt_tools_1.JwtTools.getAccessToken(context);
+        (0, globals_1.expect)(extractedToken).toBe(token);
+    });
+    (0, globals_1.it)("should retrieve a refresh token from request cookies", () => {
+        const token = jwt_tools_1.JwtTools.generateRefreshToken(payload, config.refreshToken);
+        const context = { req: { cookies: { refreshToken: token } } };
+        const extractedToken = jwt_tools_1.JwtTools.getRefreshToken(context);
+        (0, globals_1.expect)(extractedToken).toBe(token);
+    });
+});