propro-utils 1.3.15 → 1.3.16

package/.idea/jsLibraryMappings.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="JavaScriptLibraryMappings">
+    <includedPredefinedLibrary name="Node.js Core" />
+  </component>
+</project>

package/middlewares/index.js

@@ -0,0 +1 @@
+module.exports.refreshAccessToken = require('./refresh_token');

package/middlewares/refresh_token.js

@@ -0,0 +1,77 @@
+const axios = require('axios');
+const rateLimit = require('express-rate-limit');
+require('dotenv').config();
+
+// Rate limiter configuration
+const refreshLimiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+    message: 'Too many refresh requests from this IP, please try again after 15 minutes',
+});
+
+const refreshTokenCache = new Map();
+
+/**
+ * Middleware to refresh access token using refresh token.
+ *
+ * @param {Object} req - The request object.
+ * @param {Object} res - The response object.
+ * @param {Function} next - The next middleware function.
+ * @returns {void}
+ */
+async function refreshTokenMiddleware(req, res, next) {
+    const refreshToken = req.cookies['x-refresh-token'];
+    if (!refreshToken) {
+        return res.status(401).json({ error: 'No refresh token provided' });
+    }
+
+    if (!isValidRefreshTokenFormat(refreshToken)) {
+        return res.status(400).json({ error: 'Invalid refresh token format' });
+    }
+
+    if (refreshTokenCache.has(refreshToken)) {
+        req.newAccessToken = refreshTokenCache.get(refreshToken);
+        return next();
+    }
+
+    try {
+        const response = await axios.post(
+            `${process.env.AUTH_URL}/oauth/token`,
+            new URLSearchParams({
+                grant_type: 'refresh_token',
+                refresh_token: refreshToken,
+                client_id: process.env.CLIENT_ID,
+                client_secret: process.env.CLIENT_SECRET,
+            }),
+            { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }
+        );
+
+        if (response.data && response.data.access_token) {
+            refreshTokenCache.set(refreshToken, response.data.access_token);
+            req.newAccessToken = response.data.access_token;
+            next();
+        } else {
+            res.status(401).json({ error: 'Unable to refresh token' });
+        }
+    } catch (error) {
+        const statusCode = error.response?.status || 500;
+        res.status(statusCode).json({ error: error.response?.data?.error || 'Error refreshing token' });
+    }
+}
+
+/**
+ * Checks if the given token has a valid refresh token format.
+ *
+ * @param {string} token - The token to validate.
+ *
+ * @return {boolean} - Returns true if the token has a valid refresh token format, otherwise false.
+ */
+function isValidRefreshTokenFormat(token) {
+    const jwtPattern = /^[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+$/;
+    return jwtPattern.test(token);
+}
+
+module.exports = {
+    refreshTokenMiddleware,
+    refreshLimiter
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "propro-utils",
-  "version": "1.3.15",
+  "version": "1.3.16",
   "description": "Auth middleware for propro-auth",
   "main": "src/index.js",
   "scripts": {

package/src/server/index.js

@@ -1,80 +1,8 @@
 require("dotenv").config();
 const {
-  verifyJWT,
   exchangeToken,
-  VerifyAccount,
 } = require("./middleware/verifyToken");
-// const {refreshTokenMiddleware} = require("./middleware");
 
-const refreshLimiter = rateLimit({
-  windowMs: 15 * 60 * 1000, // 15 minutes
-  max: 100, // Limit each IP to 100 requests per 15 minutes
-  message: "Too many refresh requests from this IP, please try again after 15 minutes",
-});
-
-const refreshTokenCache = new Map();
-
-/**
- * Middleware to refresh access token using refresh token.
- *
- * @param {Object} req - The request object.
- * @param {Object} res - The response object.
- * @param {Function} next - The next middleware function.
- * @returns {void}
- */
-async function refreshTokenMiddleware(req, res, next) {
-  refreshLimiter(req, res, async () => {
-    const refreshToken = req.cookies['x-refresh-token'];
-    if (!refreshToken) {
-      return res.status(401).json({ error: "No refresh token provided" });
-    }
-
-    if (!isValidRefreshTokenFormat(refreshToken)) {
-      return res.status(400).json({ error: "Invalid refresh token format" });
-    }
-
-    if (refreshTokenCache.has(refreshToken)) {
-      req.newAccessToken = refreshTokenCache.get(refreshToken);
-      return next();
-    }
-
-    try {
-      const response = await axios.post(
-          `${process.env.AUTH_URL}/oauth/token`,
-          new URLSearchParams({
-            grant_type: "refresh_token",
-            refresh_token: refreshToken,
-            client_id: process.env.CLIENT_ID,
-            client_secret: process.env.CLIENT_SECRET,
-          }),
-          { headers: { "Content-Type": "application/x-www-form-urlencoded" } }
-      );
-
-      if (response.data && response.data.access_token) {
-        refreshTokenCache.set(refreshToken, response.data.access_token);
-        req.newAccessToken = response.data.access_token;
-        next();
-      } else {
-        res.status(401).json({ error: "Unable to refresh token" });
-      }
-    } catch (error) {
-      const statusCode = error.response?.status || 500;
-      res.status(statusCode).json({ error: error.response?.data?.error || "Error refreshing token" });
-    }
-  });
-}
-
-/**
- * Checks if the given token has a valid refresh token format.
- *
- * @param {string} token - The token to validate.
- *
- * @return {boolean} - Returns true if the token has a valid refresh token format, otherwise false.
- */
-function isValidRefreshTokenFormat(token) {
-  const jwtPattern = /^[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+$/;
-  return jwtPattern.test(token);
-}
 /**
  * Middleware for handling authentication and authorization.
  *
@@ -150,4 +78,4 @@ function proproAuthMiddleware(options = {}) {
   };
 }
 
-module.exports = {proproAuthMiddleware, refreshTokenMiddleware};
+module.exports = proproAuthMiddleware;

package/src/server/middleware/index.js

@@ -1,3 +1,2 @@
-module.exports.refreshTokenMiddleware = require("./refreshToken");
 module.exports.verifyTokenMiddleware = require("./verifyToken");
 module.exports.validateEnv = require("./validateEnv");

package/src/server/middleware/oauth.test.js

@@ -1,203 +0,0 @@
-describe('Test Middleware', () => {
-  // Middleware correctly verifies JWT token and sets user in request object
-  const jwt = require('jsonwebtoken');
-  const middleware = require('../middleware');
-
-  jest.mock('jsonwebtoken');
-
-  describe('Set user if the jwt is valid', () => {
-    it('should set user in request object when JWT token is valid', () => {
-      const req = {
-        headers: {
-          authorization: 'JWT validToken',
-        },
-      };
-      const res = {};
-      const next = jest.fn();
-      const decode = { username: 'testUser' };
-      jwt.verify.mockImplementation((token, secret, callback) => {
-        callback(null, decode);
-      });
-
-      middleware(req, res, next);
-
-      expect(req.user).toEqual(decode);
-      expect(next).toHaveBeenCalled();
-    });
-  });
-
-  // GET request to '/test-refresh-token' returns JSON with message and access token
-  const request = require('supertest');
-  const app = require('..');
-
-  describe('return a message and an access token', () => {
-    it('should return JSON with message and access token', async () => {
-      const response = await request(app)
-        .get('/test-refresh-token')
-        .set('Authorization', 'JWT validToken');
-
-      expect(response.status).toBe(200);
-      expect(response.body.message).toBe('Access granted with a new token');
-      expect(response.body.accessToken).toBeDefined();
-    });
-  });
-
-  // GET request to '/auth' redirects to authorization server URL with correct parameters
-  const request = require('supertest');
-  const app = require('..');
-
-  describe('redirect with correct parameter', () => {
-    it('should redirect to authorization server URL with correct parameters', async () => {
-      process.env.AUTH_URL = 'http://auth-server.com';
-      process.env.CLIENT_ID = 'testClientId';
-      process.env.REDIRECT_URI = 'http://client.com/callback';
-
-      const response = await request(app).get('/auth');
-
-      expect(response.status).toBe(302);
-      expect(response.header.location).toBe(
-        'http://auth-server.com/oauth/authorize?response_type=code&client_id=testClientId&redirect_uri=http%3A%2F%2Fclient.com%2Fcallback',
-      );
-    });
-  });
-
-  // Authorization header is missing or invalid
-  const middleware = require('../middleware');
-
-  describe('Set user to undefined on missing header', () => {
-    it('should set user to undefined when authorization header is missing or invalid', () => {
-      const req = {
-        headers: {},
-      };
-      const res = {};
-      const next = jest.fn();
-
-      middleware(req, res, next);
-
-      expect(req.user).toBeUndefined();
-      expect(next).toHaveBeenCalled();
-    });
-  });
-
-  // No authorization code received in '/callback' endpoint
-  const request = require('supertest');
-  const app = require('..');
-
-  describe('Error when excchange code is received', () => {
-    it('should return 400 when no authorization code is received', async () => {
-      const response = await request(app).get('/callback');
-
-      expect(response.status).toBe(400);
-      expect(response.text).toBe('No code received');
-    });
-  });
-
-  // Error occurs during token exchange in '/callback' endpoint
-  const request = require('supertest');
-  const axios = require('axios');
-  const app = require('..');
-
-  jest.mock('axios');
-
-  describe('Error during token exchange', () => {
-    it('should return 500 when error occurs during token exchange', async () => {
-      const req = {
-        query: {
-          code: 'validCode',
-        },
-      };
-      const res = {};
-      axios.post.mockRejectedValue(new Error('Test error'));
-
-      const response = await request(app).get('/callback').query(req.query);
-
-      expect(response.status).toBe(500);
-      expect(response.text).toBe('Internal Server Error');
-    });
-  });
-
-  // GET request to '/callback' exchanges authorization code for access token and sets cookie
-  it('should exchange authorization code for access token and set cookie', async () => {
-    const req = {
-      query: {
-        code: 'authorizationCode',
-      },
-    };
-    const res = {
-      status: jest.fn().mockReturnThis(),
-      send: jest.fn(),
-      redirect: jest.fn(),
-      cookie: jest.fn(),
-    };
-    const tokenResponse = {
-      data: {
-        access_token: 'accessToken',
-        refresh_token: 'refreshToken',
-      },
-    };
-    axios.post.mockResolvedValue(tokenResponse);
-
-    await callback(req, res);
-
-    expect(axios.post).toHaveBeenCalledWith(
-      `${process.env.AUTH_URL}/oauth/token`,
-      qs.stringify({
-        grant_type: 'authorization_code',
-        code: req.query.code,
-        redirect_uri: process.env.REDIRECT_URI,
-        client_id: process.env.CLIENT_ID,
-        client_secret: process.env.CLIENT_SECRET,
-      }),
-      {
-        headers: {
-          'Content-Type': 'application/json',
-        },
-      },
-    );
-    expect(res.cookie).toHaveBeenCalledWith(
-      'token',
-      tokenResponse.data.access_token,
-      {
-        httpOnly: true,
-        secure: process.env.NODE_ENV === 'production',
-      },
-    );
-    expect(res.redirect).toHaveBeenCalledWith(
-      `${process.env.CLIENT_URL}/?access_token=${tokenResponse.data.access_token}&refresh_token=${tokenResponse.data.refresh_token}`,
-    );
-  });
-
-  // Unauthorized user receives 401 status code
-  it('should return 401 status code for unauthorized user', () => {
-    const req = {};
-    const res = {
-      status: jest.fn().mockReturnThis(),
-      send: jest.fn(),
-    };
-
-    middleware(req, res);
-
-    expect(res.status).toHaveBeenCalledWith(401);
-    expect(res.send).toHaveBeenCalledWith('Unauthorized');
-  });
-
-  // Invalid redirect URI returns error in '/auth' endpoint
-  it('should return error for invalid redirect URI', () => {
-    const req = {};
-    const res = {
-      status: jest.fn().mockReturnThis(),
-      send: jest.fn(),
-    };
-    const authServerUrl = `${process.env.AUTH_URL}/oauth/authorize`;
-    const clientId = process.env.CLIENT_ID;
-    const redirectUri = process.env.REDIRECT_URI;
-
-    auth(req, res);
-
-    expect(res.redirect).toHaveBeenCalledWith(
-      `${authServerUrl}?response_type=code&client_id=${clientId}&redirect_uri=${encodeURIComponent(
-        redirectUri,
-      )}`,
-    );
-  });
-});

package/src/server/middleware/refreshToken.js

@@ -1,92 +0,0 @@
-const axios = require("axios");
-const rateLimit = require("express-rate-limit");
-const refreshTokenCache = new Map();
-
-/**
- * Rate limiter middleware for refresh requests.
- *
- * @type {import('express-rate-limit').RateLimit}
- */
-const refreshLimiter = rateLimit({
-  windowMs: 15 * 60 * 1000, // 15 minutes
-  max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
-  message:
-    "Too many refresh requests from this IP, please try again after 15 minutes",
-});
-
-/**
- * Middleware function to refresh access token using refresh token.
- * @async
- * @function
- * @param {Object} req - Express request object.
- * @param {Object} res - Express response object.
- * @param {Function} next - Express next middleware function.
- * @returns {Promise<void>} - Promise object that represents the completion of the middleware function.
- */
-const refreshTokenMiddleware = async (req, res, next) => {
-  console.log("refreshTokenMiddleware again");
-  // Apply rate limiting
-  refreshLimiter(req, res, async () => {
-    const refreshToken = req.headers["x-refresh-token"];
-
-    console.log("refreshToken", refreshToken);
-    if (!refreshToken) {
-      res.status(401).json({ error: "No refresh token provided" });
-    }
-
-    console.log("isValidRefreshTokenFormat(refreshToken)", isValidRefreshTokenFormat(refreshToken));
-
-    if (!isValidRefreshTokenFormat(refreshToken)) {
-      res.status(400).json({ error: "Invalid refresh token format" });
-    }
-
-    console.log("refreshTokenCache.has(refreshToken)", refreshTokenCache.has(refreshToken));
-
-    if (refreshTokenCache.has(refreshToken)) {
-      req.newAccessToken = refreshTokenCache.get(refreshToken);
-      next();
-    }
-
-    console.log("process.env.AUTH_URL", process.env.AUTH_URL);
-
-    try {
-      const response = await axios.post(
-        `${process.env.AUTH_URL}/oauth/token`,
-        URLSearchParams({
-          grant_type: "refresh_token",
-          refresh_token: refreshToken,
-          client_id: process.env.CLIENT_ID,
-          client_secret: process.env.CLIENT_SECRET,
-        }),
-        { headers: { "Content-Type": "application/x-www-form-urlencoded" } }
-      );
-
-      console.log("response", response);
-
-      if (response.data && response.data.access_token) {
-        refreshTokenCache.set(refreshToken, response.data.access_token);
-        req.newAccessToken = response.data.access_token;
-        next();
-      } else {
-        res.status(401).json({ error: "Unable to refresh token" });
-      }
-    } catch (error) {
-      const statusCode = error.response?.status || 500;
-      const message = error.response?.data?.error || "Error refreshing token";
-      res.status(statusCode).json({ error: message });
-    }
-  });
-};
-
-/**
- * Checks if the given token is in a valid JWT format.
- *
- * @param {string} token - The token to validate.
- * @returns {boolean} - True if the token is in a valid format, false otherwise.
- */
-function isValidRefreshTokenFormat(token) {
-  const jwtPattern = /^[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+$/;
-  return jwtPattern.test(token);
-}
-
-module.exports = refreshTokenMiddleware;

package/src/server/middleware/refreshToken.test.js

@@ -1,121 +0,0 @@
-const rateLimit = require("express-rate-limit");
-const refreshToken = require("./refreshToken");
-
-jest.mock("express-rate-limit");
-
-describe("refreshLimiter", () => {
-  it("should be a rate limiter middleware", () => {
-    expect(rateLimit).toHaveBeenCalledWith({
-      windowMs: 15 * 60 * 1000,
-      max: 100,
-      message:
-        "Too many refresh requests from this IP, please try again after 15 minutes",
-    });
-  });
-
-  it("should be exported as a middleware function", () => {
-    expect(typeof refreshToken).toBe("function");
-  });
-
-  it("should use the rate limiter middleware", () => {
-    const mockUse = jest.fn();
-    const app = { use: mockUse };
-
-    refreshToken(app);
-
-    expect(mockUse).toHaveBeenCalledWith(rateLimit());
-  });
-});
-
-describe("refreshTokenMiddleware", () => {
-  const mockRequest = (refreshToken) => ({
-    headers: { "x-refresh-token": refreshToken },
-  });
-  const mockResponse = () => {
-    const res = {};
-    res.status = jest.fn().mockReturnValue(res);
-    res.json = jest.fn().mockReturnValue(res);
-    return res;
-  };
-  const mockNext = jest.fn();
-
-  beforeEach(() => {
-    jest.clearAllMocks();
-  });
-
-  it("should return 401 if no refresh token is provided", async () => {
-    const req = mockRequest();
-    const res = mockResponse();
-
-    await refreshTokenMiddleware(req, res, mockNext);
-
-    expect(res.status).toHaveBeenCalledWith(401);
-    expect(res.json).toHaveBeenCalledWith({
-      error: "No refresh token provided",
-    });
-    expect(mockNext).not.toHaveBeenCalled();
-  });
-
-  it("should return 400 if refresh token has invalid format", async () => {
-    const req = mockRequest("invalid-token");
-    const res = mockResponse();
-
-    await refreshTokenMiddleware(req, res, mockNext);
-
-    expect(res.status).toHaveBeenCalledWith(400);
-    expect(res.json).toHaveBeenCalledWith({
-      error: "Invalid refresh token format",
-    });
-    expect(mockNext).not.toHaveBeenCalled();
-  });
-
-  it("should return 401 if unable to refresh token", async () => {
-    const req = mockRequest("valid-token");
-    const res = mockResponse();
-    axios.post.mockRejectedValue({ response: { status: 401 } });
-
-    await refreshTokenMiddleware(req, res, mockNext);
-
-    expect(res.status).toHaveBeenCalledWith(401);
-    expect(res.json).toHaveBeenCalledWith({ error: "Unable to refresh token" });
-    expect(mockNext).not.toHaveBeenCalled();
-  });
-
-  it("should return 500 if an error occurs while refreshing token", async () => {
-    const req = mockRequest("valid-token");
-    const res = mockResponse();
-    axios.post.mockRejectedValue(new Error("Some error"));
-
-    await refreshTokenMiddleware(req, res, mockNext);
-
-    expect(res.status).toHaveBeenCalledWith(500);
-    expect(res.json).toHaveBeenCalledWith({ error: "Error refreshing token" });
-    expect(mockNext).not.toHaveBeenCalled();
-  });
-
-  it("should set new access token and call next if refresh token is valid", async () => {
-    const req = mockRequest("valid-token");
-    const res = mockResponse();
-    axios.post.mockResolvedValue({
-      data: { access_token: "new-access-token" },
-    });
-
-    await refreshTokenMiddleware(req, res, mockNext);
-
-    expect(refreshTokenCache.has("valid-token")).toBe(true);
-    expect(refreshTokenCache.get("valid-token")).toBe("new-access-token");
-    expect(req.newAccessToken).toBe("new-access-token");
-    expect(mockNext).toHaveBeenCalled();
-  });
-
-  it("should use cached access token and call next if refresh token is already cached", async () => {
-    refreshTokenCache.set("valid-token", "cached-access-token");
-    const req = mockRequest("valid-token");
-    const res = mockResponse();
-
-    await refreshTokenMiddleware(req, res, mockNext);
-
-    expect(req.newAccessToken).toBe("cached-access-token");
-    expect(mockNext).toHaveBeenCalled();
-  });
-});

package/src/server/middleware/verifyToken.test.js

@@ -1,171 +0,0 @@
-describe("isValid", () => {
-  it("should return true when all required permissions are present", () => {
-    const decodedToken = { permissions: ["user", "manageUsers"] };
-    const requiredPermissions = ["user", "manageUsers"];
-
-    const result = isValid(decodedToken, requiredPermissions);
-
-    expect(result).toBe(true);
-  });
-
-  it("should return false when some required permissions are missing", () => {
-    const decodedToken = { permissions: ["user"] };
-    const requiredPermissions = ["user", "manageUsers"];
-
-    const result = isValid(decodedToken, requiredPermissions);
-
-    expect(result).toBe(false);
-  });
-
-  it("should return false when all required permissions are missing", () => {
-    const decodedToken = { permissions: [] };
-    const requiredPermissions = ["user", "manageUsers"];
-
-    const result = isValid(decodedToken, requiredPermissions);
-
-    expect(result).toBe(false);
-  });
-
-  it("should return true when no permissions are required", () => {
-    const decodedToken = { permissions: ["user", "manageUsers"] };
-    const requiredPermissions = [];
-
-    const result = isValid(decodedToken, requiredPermissions);
-
-    expect(result).toBe(true);
-  });
-});
-
-describe("VerifyAccount", () => {
-  // Verify that a valid access token is present in the request header and proceed with the verification process.
-  it("should return a 401 error response when access token is not present in the request header", async () => {
-    const req = { headers: {} };
-    const res = { status: jest.fn().mockReturnThis(), json: jest.fn() };
-    const next = jest.fn();
-
-    await VerifyAccount([])(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(401);
-    expect(res.json).toHaveBeenCalledWith({
-      error: "Access token is required",
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  // Verify that the account has all the required permissions and attach account info to the request object.
-  it("should return a 403 error response when the account does not have all the required permissions", async () => {
-    const requiredPermissions = ["user", "manageUsers"];
-    const account = { id: "123", permissions: ["user"] };
-    const req = { headers: { authorization: "Bearer token" }, account };
-    const res = { status: jest.fn().mockReturnThis(), json: jest.fn() };
-    const next = jest.fn();
-
-    await VerifyAccount(requiredPermissions)(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.json).toHaveBeenCalledWith({
-      error: "Insufficient permissions",
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  // Verify that the function calls the next middleware function after successful verification.
-  it("should call the next middleware function after successful verification", async () => {
-    const requiredPermissions = ["user", "manageUsers"];
-    const account = { id: "123", permissions: ["user", "manageUsers"] };
-    const req = { headers: { authorization: "Bearer token" }, account };
-    const res = { status: jest.fn(), json: jest.fn() };
-    const next = jest.fn();
-
-    await VerifyAccount(requiredPermissions)(req, res, next);
-
-    expect(res.status).not.toHaveBeenCalled();
-    expect(res.json).not.toHaveBeenCalled();
-    expect(next).toHaveBeenCalled();
-  });
-
-  // Verify that the function returns a 500 error response when an unexpected error occurs during verification.
-  it("should return a 500 error response when an unexpected error occurs during verification", async () => {
-    const requiredPermissions = ["user", "manageUsers"];
-    const req = { headers: { authorization: "Bearer token" } };
-    const res = { status: jest.fn().mockReturnThis(), json: jest.fn() };
-    const next = jest.fn();
-
-    await VerifyAccount(requiredPermissions)(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(500);
-    expect(res.json).toHaveBeenCalledWith({ error: "Internal Server Error" });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  // Verify that the function handles errors returned by the external API and returns a 401 error response when the access token is invalid or expired.
-  it("should return a 401 error response when the access token is invalid or expired", async () => {
-    const requiredPermissions = ["user", "manageUsers"];
-    const req = { headers: { authorization: "Bearer token" } };
-    const res = { status: jest.fn().mockReturnThis(), json: jest.fn() };
-    const next = jest.fn();
-
-    axios.get.mockRejectedValueOnce({ response: { status: 401 } });
-
-    await VerifyAccount(requiredPermissions)(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(401);
-    expect(res.json).toHaveBeenCalledWith({
-      error: "Invalid or expired access token",
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  // Verify that the function handles errors returned by the external API and returns a 500 error response when an unexpected error occurs during API call.
-  it("should return a 500 error response when an unexpected error occurs during API call", async () => {
-    const requiredPermissions = ["user", "manageUsers"];
-    const req = { headers: { authorization: "Bearer token" } };
-    const res = { status: jest.fn().mockReturnThis(), json: jest.fn() };
-    const next = jest.fn();
-
-    axios.get.mockRejectedValueOnce(new Error("API error"));
-
-    await VerifyAccount(requiredPermissions)(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(500);
-    expect(res.json).toHaveBeenCalledWith({ error: "Internal Server Error" });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  // Verify that the function retrieves the user from cache when the token is already cached.
-  it("should retrieve the user from cache when the token is already cached", async () => {
-    const requiredPermissions = ["user", "manageUsers"];
-    const account = { id: "123", permissions: ["user", "manageUsers"] };
-    const accessToken = "token";
-    const decoded = { ...account, accessToken };
-    const req = { headers: { authorization: `Bearer ${accessToken}` } };
-    const res = { status: jest.fn(), json: jest.fn() };
-    const next = jest.fn();
-
-    tokenCache.set(accessToken, decoded);
-
-    await VerifyAccount(requiredPermissions)(req, res, next);
-
-    expect(req.user).toEqual(decoded);
-    expect(next).toHaveBeenCalled();
-  });
-
-  // Verify that the function retrieves the user from the external API when the token is not cached.
-  it("should retrieve the user from the external API when the token is not cached", async () => {
-    const requiredPermissions = ["user", "manageUsers"];
-    const account = { id: "123", permissions: ["user", "manageUsers"] };
-    const accessToken = "token";
-    const decoded = { ...account, accessToken };
-    const req = { headers: { authorization: `Bearer ${accessToken}` } };
-    const res = { status: jest.fn(), json: jest.fn() };
-    const next = jest.fn();
-
-    axios.get.mockResolvedValueOnce({ data: decoded });
-
-    await VerifyAccount(requiredPermissions)(req, res, next);
-
-    expect(req.user).toEqual(decoded);
-    expect(tokenCache.get(accessToken)).toEqual(decoded);
-    expect(next).toHaveBeenCalled();
-  });
-});