Implement refresh token logic with fingerprint + rotation

server/test/logout_test.go

@@ -2,6 +2,7 @@ package test
 
 import (
 	"fmt"
+	"net/url"
 	"testing"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -9,6 +10,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/utils"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -27,12 +30,22 @@ func logoutTests(t *testing.T, s TestSetup) {
 			Token: verificationRequest.Token,
 		})
 
+		sessions := sessionstore.GetUserSessions(verifyRes.User.ID)
+		fingerPrint := ""
+		refreshToken := ""
+		for key, val := range sessions {
+			fingerPrint = key
+			refreshToken = val
+		}
+
+		fingerPrintHash, _ := utils.EncryptAES([]byte(fingerPrint))
+
 		token := *verifyRes.AccessToken
-		req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName), token))
+		cookie := fmt.Sprintf("%s=%s;%s=%s;%s=%s", envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".fingerprint", url.QueryEscape(string(fingerPrintHash)), envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".refresh_token", refreshToken, envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".access_token", token)
+
+		req.Header.Set("Cookie", cookie)
 		_, err = resolvers.LogoutResolver(ctx)
 		assert.Nil(t, err)
-		_, err = resolvers.ProfileResolver(ctx)
-		assert.NotNil(t, err, "unauthorized")
 		cleanData(email)
 	})
 }