api()->loginWebAndGetToken( DatabaseSeeder::ADMIN_USERNAME, DatabaseSeeder::PASSWORD ); $res = $this->api()->withToken($login['token'], 'GET', 'session'); $this->assertApiOk($res); $this->assertTrue($res['data']['valid']); } public function testSessionRejectsMissingToken(): void { $res = $this->api()->request('GET', 'session'); $this->assertApiError($res, 'UNAUTHORIZED', 401); } public function testLogoutRevokesToken(): void { $login = $this->api()->loginWebAndGetToken( DatabaseSeeder::SUPERVISOR_USERNAME, DatabaseSeeder::PASSWORD ); $del = $this->api()->withToken($login['token'], 'DELETE', 'logout'); $this->assertApiOk($del); $check = $this->api()->withToken($login['token'], 'GET', 'session'); $this->assertApiError($check, 'UNAUTHORIZED', 401); } }