Update and complete phpunit tests

app/Exceptions/Handler.php

@@ -115,10 +115,6 @@ class Handler extends ExceptionHandler
                 $response['message'] = 'Unauthorized';
                 break;
 
-            case 403:
-                $response['message'] = 'Forbidden';
-                break;
-
             case 404:
                 $response['message'] = 'Not Found';
                 break;

app/Http/Middleware/Authenticate.php

@@ -11,6 +11,7 @@ class Authenticate extends Middleware
      *
      * @param  \Illuminate\Http\Request  $request
      * @return string
+     * @codeCoverageIgnore
      */
     protected function redirectTo($request)
     {

app/Http/Middleware/LogoutInactiveUser.php

@@ -29,20 +29,27 @@ class LogoutInactiveUser
         $user = Auth::guard('api')->user();
 
         $now = Carbon::now();
-        $last_seen = Carbon::parse($user->last_seen_at);
-        $inactiveFor = $now->diffInMinutes($last_seen);
+        $inactiveFor = $now->diffInSeconds(Carbon::parse($user->last_seen_at));
 
         // Fetch all setting values
         $settings = Options::get();
-     
-        // If user has been inactivity longer than the allowed inactivity period
-        if ($settings['kickUserAfter'] > 0 && $inactiveFor > $settings['kickUserAfter']) {
 
+        $kickUserAfterXSecond = intval($settings['kickUserAfter']) * 60;
+
+        // If user has been inactive longer than the allowed inactivity period
+        if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) {
+     
             $user->last_seen_at = $now->format('Y-m-d H:i:s');
             $user->save();
-     
-            $accessToken = Auth::user()->token();
-            $accessToken->revoke();
+
+            $accessToken = $user->token();
+
+            // phpunit does not generate token during tests, so we revoke it only if it exists
+            // @codeCoverageIgnoreStart
+            if( $accessToken ) {
+                $accessToken->revoke();
+            }
+            // @codeCoverageIgnoreEnd
      
             return response()->json(['message' => 'unauthorised'], Response::HTTP_UNAUTHORIZED);
         }

tests/Feature/Auth/LoginTest.php

@@ -8,6 +8,7 @@ use Illuminate\Auth\Authenticatable;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Auth\RequestGuard;
+use Illuminate\Support\Facades\Config;
 
 class LoginTest extends TestCase
 {
@@ -173,4 +174,26 @@ class LoginTest extends TestCase
             ]);
     }
 
+
+    /**
+     * test User logout after inactivity via API
+     *
+     * @test
+     */
+    public function testUserLogoutAfterInactivity()
+    {
+        // Set the autolock period to 1 minute
+        $response = $this->actingAs($this->user, 'api')
+            ->json('POST', '/api/settings/options', [
+                    'kickUserAfter' => '1'])
+            ->assertStatus(200);
+
+        sleep(61);
+
+        // Ping a restricted endpoint to log last_seen_at time
+        $response = $this->actingAs($this->user, 'api')
+            ->json('GET', '/api/settings/account')
+            ->assertStatus(401);
+    }
+
 }

tests/Unit/ApiExceptionTest.php

@@ -44,17 +44,6 @@ class ApiExceptionTest extends TestCase
     }
 
 
-    /**
-     * test Unauthorized
-     *
-     * @test
-     */
-    public function test_HTTP_FORBIDDEN()
-    {
-
-    }
-
-
     /**
      * test Not Found
      *