test: improve JwtService test coverage with additional test cases.

backend/nyaysetu-backend/src/test/java/com/nyaysetu/backend/service/JwtServiceTest.java

@@ -2,11 +2,12 @@
 
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.MalformedJwtException;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
+import io.jsonwebtoken.security.SignatureException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.test.util.ReflectionTestUtils;
@@ -20,17 +21,19 @@
 class JwtServiceTest {
 
     private JwtService jwtService;
-    private final String secret = "0123456789ABCDEF0123456789ABCDEF"; // 32 chars -> 256 bits
+    private static final String TEST_SECRET_KEY = "0123456789ABCDEF0123456789ABCDEF"; // 32 chars -> 256 bits
+    private static final String MALFORMED_TOKEN = "this.is.not.a.valid.jwt";
+    private static final long ONE_MINUTE_IN_MILLIS = 60_000L;
 
     @BeforeEach
-    void setup() {
+    void setUp() {
         jwtService = new JwtService();
-        ReflectionTestUtils.setField(jwtService, "secretKey", secret);
+        ReflectionTestUtils.setField(jwtService, "secretKey", TEST_SECRET_KEY);
     }
 
     @Test
     void generateToken_shouldBeSignedAndValid() {
-        UserDetails user = User.withUsername("alice@example.com").password("pw").roles("USER").build();
+        UserDetails user = createUser("alice@example.com");
         String token = jwtService.generateToken(Map.of(), user);
 
         assertNotNull(token);
@@ -40,21 +43,71 @@ void generateToken_shouldBeSignedAndValid() {
 
     @Test
     void expiredToken_shouldThrowExpiredException_whenParsing() {
-        // create an already-expired token
-        Key key = Keys.hmacShaKeyFor(secret.getBytes());
-        String expired = Jwts.builder()
+
+        // Create an already-expired token
+        Key key = Keys.hmacShaKeyFor(TEST_SECRET_KEY.getBytes());
+        String expiredToken = Jwts.builder()
                 .setSubject("bob@example.com")
-                .setIssuedAt(new Date(System.currentTimeMillis() - 10000))
-                .setExpiration(new Date(System.currentTimeMillis() - 1000))
+                .setIssuedAt(new Date())
+                .setExpiration(new Date(System.currentTimeMillis() - ONE_MINUTE_IN_MILLIS))
                 .signWith(key, SignatureAlgorithm.HS256)
                 .compact();
 
-        assertThrows(ExpiredJwtException.class, () -> jwtService.extractUsername(expired));
+        assertThrows(ExpiredJwtException.class, () -> jwtService.extractUsername(expiredToken));
     }
 
     @Test
     void malformedToken_shouldBeRejected() {
-        String bad = "this.is.not.a.valid.jwt";
-        assertThrows(Exception.class, () -> jwtService.extractUsername(bad));
+        assertThrows(MalformedJwtException.class, () -> jwtService.extractUsername(MALFORMED_TOKEN));
+    }
+
+    @Test
+    void generateRefreshToken_shouldBeSignedAndValid() {
+        UserDetails user = createUser("alice@example.com");
+        String refreshToken = jwtService.generateRefreshToken(user);
+
+        assertNotNull(refreshToken);
+        assertEquals("alice@example.com", jwtService.extractUsername(refreshToken));
+        assertTrue(jwtService.isTokenValid(refreshToken, user));
+    }
+
+    @Test
+    void isTokenValid_withDifferentUser_shouldReturnFalse() {
+        UserDetails user1 = createUser("alice@example.com");
+        UserDetails user2 = createUser("alex@example.com");
+        String token = jwtService.generateToken(Map.of(), user1);
+
+        assertFalse(jwtService.isTokenValid(token, user2));
+    }
+
+    @Test
+    void generateToken_withExtraClaims_shouldPreserveThem() {
+        UserDetails user = createUser("alice@example.com");
+        String token = jwtService.generateToken(Map.of("role", "LITIGANT"), user);
+        String role = jwtService.extractClaim(token, claims -> claims.get("role", String.class));
+
+        assertEquals("LITIGANT", role);
+    }
+
+    @Test
+    void tokenSignedWithDifferentKey_shouldBeRejected() {
+
+        // Token is signed with a different key and should fail signature validation
+        Key differentKey = Keys.secretKeyFor(SignatureAlgorithm.HS256);
+        String foreignToken = Jwts.builder()
+                .setSubject("different@example.com")
+                .setIssuedAt(new Date())
+                .setExpiration(new Date(System.currentTimeMillis() + ONE_MINUTE_IN_MILLIS))
+                .signWith(differentKey, SignatureAlgorithm.HS256)
+                .compact();
+
+        assertThrows(SignatureException.class, () -> jwtService.extractUsername(foreignToken));
+    }
+
+    private UserDetails createUser(String username) {
+        return User.withUsername(username)
+                .password("pw")
+                .roles("USER")
+                .build();
     }
 }