From bf029bc74154eb600e9a040740e879199930bc3a Mon Sep 17 00:00:00 2001
From: Bubka <858858+Bubka@users.noreply.github.com>
Date: Wed, 29 May 2019 11:04:12 +0200
Subject: [PATCH] API User details and logout

---
 app/Http/Controllers/UserController.php | 30 ++++++++++++-
 routes/api.php                          |  6 +--
 tests/Unit/UserTest.php                 | 59 ++++++++++++++++++++++---
 3 files changed, 83 insertions(+), 12 deletions(-)

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 614c581e..95322e1d 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -11,7 +11,10 @@
 class UserController extends Controller
 {
 
-
+    /**
+     * log a user in
+     * @return [type] [description]
+     */
     public function login()
     {
         $credentials = [
@@ -30,6 +33,25 @@ public function login()
     }
 
 
+    /**
+     * log out current user
+     * @param  Request $request
+     * @return json
+     */
+    public function logout()
+    {
+        $accessToken = Auth::user()->token();
+        $accessToken->revoke();
+
+        return response()->json(['success' => 'signed out']);
+    }
+
+
+    /**
+     * register new user
+     * @param  Request $request [description]
+     * @return json
+     */
     public function register(Request $request)
     {
         $validator = Validator::make($request->all(), [
@@ -53,8 +75,12 @@ public function register(Request $request)
     }
 
 
+    /**
+     * get detailed information about a user
+     * @return [type] [description]
+     */
     public function getDetails()
     {
-        return response()->json(['success' => Auth::user()]);
+        return response()->json(Auth::user(), 200);
     }
 }
\ No newline at end of file
diff --git a/routes/api.php b/routes/api.php
index 7fa091ce..18a83b8d 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -16,11 +16,9 @@
 Route::post('login', 'UserController@login');
 Route::post('register', 'UserController@register');
 
-Route::middleware('auth:api')->get('/user', function (Request $request) {
-    return $request->user();
-});
-
 Route::group(['middleware' => 'auth:api'], function(){
+    Route::post('logout', 'UserController@logout');
+    Route::get('user', 'UserController@getDetails');
     Route::apiResource('twofaccounts', 'TwoFAccountController');
     Route::get('twofaccounts/{twofaccount}/totp', 'TwoFAccountController@generateTOTP')->name('twofaccounts.generateTOTP');
     Route::delete('twofaccounts/force/{id}', 'TwoFAccountController@forceDestroy')->name('twofaccounts.forceDestroy');
diff --git a/tests/Unit/UserTest.php b/tests/Unit/UserTest.php
index 2f027ded..0673949a 100644
--- a/tests/Unit/UserTest.php
+++ b/tests/Unit/UserTest.php
@@ -3,10 +3,12 @@
 namespace Tests\Unit;
 
 use Tests\TestCase;
+use App\User;
 use Illuminate\Support\Facades\Artisan;
 use Illuminate\Foundation\Testing\WithFaker;
 use Illuminate\Foundation\Testing\DatabaseTransactions;
 use Illuminate\Auth\Authenticatable;
+use Illuminate\Support\Facades\Auth;
 
 class UserTest extends TestCase
 {
@@ -41,9 +43,10 @@ public function testUserCreation()
             'password' => 'test',
         ]);
 
-        $response->assertStatus(200)->assertJsonStructure([
-            'success' => ['token', 'name']
-        ]);
+        $response->assertStatus(200)
+            ->assertJsonStructure([
+                'success' => ['token', 'name']
+            ]);
     }
 
 
@@ -59,9 +62,53 @@ public function testUserLogin()
             'password' => 'test'
         ]);
 
-        $response->assertStatus(200)->assertJsonStructure([
-            'success' => ['token']
-        ]);
+        $response->assertStatus(200)
+            ->assertJsonStructure([
+                'success' => ['token']
+            ]);
+    }
+
+
+    /**
+     * test User logout via API
+     *
+     * @return void
+     */
+    public function testUserLogout()
+    {
+        $user = ['email' => 'test@test.com',
+            'password' => 'test'
+        ];
+
+        Auth::attempt($user);
+        $token = Auth::user()->createToken('testToken')->accessToken;
+        $headers = ['Authorization' => "Bearer $token"];
+
+        $response = $this->json('POST', '/api/logout', [], $headers)
+            ->assertStatus(200)
+            ->assertJson([
+                'success' => 'signed out',
+            ]);
+    }
+
+
+    /**
+     * test User logout via API
+     *
+     * @return void
+     */
+    public function testGetUserDetails()
+    {
+        $user = \App\User::find(1);
+
+        $response = $this->actingAs($user, 'api')
+            ->json('GET', '/api/user')
+            ->assertStatus(200)
+            ->assertJsonFragment([
+                'id' => 1,
+                'name' => 'testLogin',
+                'email' => 'test@test.com',
+            ]);
     }
 
 }