Task 6: AuthService + 9 unit tests (16/16 pass)

- IAuthService: LoginAsync / RefreshAsync / LogoutAsync - AuthService: refresh-token rotation, hashed storage, LastLoginAt update - AuthServiceTests: 5 login + 3 refresh + 1 logout tests via Moq + EF InMemory Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-26 17:38:56 -07:00
parent f74563bb36
commit 9db8b34181
3 changed files with 434 additions and 0 deletions
@@ -0,0 +1,31 @@
+using ROLAC.API.DTOs.Auth;
+
+namespace ROLAC.API.Services;
+
+public interface IAuthService
+{
+    /// <summary>
+    /// Validates credentials and returns a new access token plus the raw refresh token
+    /// that must be stored in an HttpOnly cookie by the caller.
+    /// Throws <see cref="UnauthorizedAccessException"/> on any auth failure.
+    /// </summary>
+    Task<(LoginResponse Response, string RawRefreshToken)> LoginAsync(
+        LoginRequest request,
+        string? ipAddress  = null,
+        string? deviceInfo = null);
+
+    /// <summary>
+    /// Validates a raw refresh token, revokes it, and issues a new token pair (rotation).
+    /// Throws <see cref="UnauthorizedAccessException"/> if the token is not found,
+    /// expired, or already revoked.
+    /// </summary>
+    Task<(LoginResponse Response, string RawRefreshToken)> RefreshAsync(
+        string rawRefreshToken,
+        string? ipAddress = null);
+
+    /// <summary>
+    /// Revokes the refresh token identified by its raw value.
+    /// Silently succeeds if the token is not found.
+    /// </summary>
+    Task LogoutAsync(string rawRefreshToken);
+}