Skip to content

feat(auth): implement token refresh endpoint#45

Merged
kelleyglenn merged 6 commits into
masterfrom
feature/22-token-refresh
Feb 24, 2026
Merged

feat(auth): implement token refresh endpoint#45
kelleyglenn merged 6 commits into
masterfrom
feature/22-token-refresh

Conversation

@kelleyglenn

@kelleyglenn kelleyglenn commented Feb 23, 2026

Copy link
Copy Markdown
Owner

Summary

  • Implements POST /auth/refresh endpoint (was returning 501)
  • Adds AuthenticationService.refresh() with token rotation (new refresh token hash + reset expiry on each use)
  • Adds InvalidRefreshTokenException with proper 401 / INVALID_REFRESH_TOKEN error code
  • Fixes expiresIn to derive from JwtProperties config instead of hardcoded 900

Closes #22

Test plan

  • Unit tests for AuthenticationService.refresh() (valid token, rotation, invalid token, user not found)
  • Controller tests for 200/401 responses
  • Integration tests: register → refresh → verify new tokens work → verify old token invalidated
  • ./gradlew check passes

🤖 Generated with Claude Code

kelleyglenn and others added 4 commits February 22, 2026 23:46
@kelleyglenn @claude
feat(auth): add InvalidRefreshTokenException and handler (#22)
ad69f25 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kelleyglenn @claude
feat(auth): implement AuthenticationService.refresh() with TDD (#22)
2dcc854 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kelleyglenn @claude
feat(auth): wire up POST /auth/refresh and fix dynamic expiresIn (#22)
207cef2 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kelleyglenn @claude
test(auth): add integration tests for token refresh (#22)
6fb2276 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Feb 23, 2026
edited
Loading

Copy link
Copy Markdown

Coverage Report

Overall Project 97.28% 🍏
Files changed 100% 🍏

File Coverage
AuthenticationService.java 100% 🍏
InvalidRefreshTokenException.java 100% 🍏
GlobalExceptionHandler.java 100% 🍏
AuthController.java 100% 🍏

@kelleyglenn kelleyglenn mentioned this pull request Feb 23, 2026
Open
kelleyglenn and others added 2 commits February 23, 2026 01:09
@kelleyglenn @claude
refactor(auth): add explicit sessionRepository.save() in refresh (#22)
01138a7 
Makes the write intent clear and resilient to future changes that might
break JPA dirty checking (e.g., DTO projections or read-only hints).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kelleyglenn @claude
test(auth): add GlobalExceptionHandler refresh test and AAA comments (#…
2ab26ea 
…22)

Add missing unit test for handleInvalidRefreshToken in GlobalExceptionHandlerTest.
Add consistent // Arrange / // Act / // Assert comments to all tests in
AuthenticationServiceTest.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sonarqubecloud

sonarqubecloud Bot commented Feb 24, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@kelleyglenn kelleyglenn merged commit 4910519 into master Feb 24, 2026
6 checks passed
@kelleyglenn kelleyglenn deleted the feature/22-token-refresh branch February 24, 2026 04:14
@kelleyglenn kelleyglenn mentioned this pull request Feb 24, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement token refresh endpoint (POST /auth/refresh)

1 participant

@kelleyglenn