zzstoatzz.io / plyr.fm
music on atproto plyr.fm
fork atom

Update auth tests for refresh lifetime cap

zzstoatzz.io 561f9a56 8b034a8a

options
unified split
Changed files
+14 -6
backend
tests
test_auth.py
+14 -6
backend/tests/test_auth.py
··· 17 create_session, 18 delete_session, 19 get_public_jwks, 20 get_session, 21 is_confidential_client, 22 update_session_tokens, ··· 259 260 261 async def test_create_session_with_custom_expiration(db_session: AsyncSession): 262 - """verify session creation with custom expiration works.""" 263 did = "did:plc:customexp123" 264 handle = "customexp.bsky.social" 265 oauth_data = {"access_token": "token", "refresh_token": "refresh"} ··· 280 assert db_session_record is not None 281 assert db_session_record.expires_at is not None 282 283 - # should expire roughly 30 days from now 284 - expected_expiry = datetime.now(UTC) + timedelta(days=30) 285 actual_expiry = db_session_record.expires_at.replace(tzinfo=UTC) 286 diff = abs((expected_expiry - actual_expiry).total_seconds()) 287 assert diff < 60 # within 1 minute 288 289 290 async def test_create_session_with_no_expiration(db_session: AsyncSession): 291 - """verify session creation with expires_in_days=0 creates non-expiring session.""" 292 did = "did:plc:noexp123" 293 handle = "noexp.bsky.social" 294 oauth_data = {"access_token": "token", "refresh_token": "refresh"} ··· 301 assert session is not None 302 assert session.did == did 303 304 - # verify expires_at is None 305 result = await db_session.execute( 306 select(UserSession).where(UserSession.session_id == session_id) 307 ) 308 db_session_record = result.scalar_one_or_none() 309 assert db_session_record is not None 310 - assert db_session_record.expires_at is None 311 312 313 async def test_create_session_default_expiration(db_session: AsyncSession):
··· 17 create_session, 18 delete_session, 19 get_public_jwks, 20 + get_refresh_token_lifetime_days, 21 get_session, 22 is_confidential_client, 23 update_session_tokens, ··· 260 261 262 async def test_create_session_with_custom_expiration(db_session: AsyncSession): 263 + """verify session creation with custom expiration is capped by refresh lifetime.""" 264 did = "did:plc:customexp123" 265 handle = "customexp.bsky.social" 266 oauth_data = {"access_token": "token", "refresh_token": "refresh"} ··· 281 assert db_session_record is not None 282 assert db_session_record.expires_at is not None 283 284 + expected_days = min(30, get_refresh_token_lifetime_days(None)) 285 + # should expire roughly expected_days from now 286 + expected_expiry = datetime.now(UTC) + timedelta(days=expected_days) 287 actual_expiry = db_session_record.expires_at.replace(tzinfo=UTC) 288 diff = abs((expected_expiry - actual_expiry).total_seconds()) 289 assert diff < 60 # within 1 minute 290 291 292 async def test_create_session_with_no_expiration(db_session: AsyncSession): 293 + """verify session creation with expires_in_days=0 caps to refresh lifetime.""" 294 did = "did:plc:noexp123" 295 handle = "noexp.bsky.social" 296 oauth_data = {"access_token": "token", "refresh_token": "refresh"} ··· 303 assert session is not None 304 assert session.did == did 305 306 + # verify expires_at is capped to refresh token lifetime 307 result = await db_session.execute( 308 select(UserSession).where(UserSession.session_id == session_id) 309 ) 310 db_session_record = result.scalar_one_or_none() 311 assert db_session_record is not None 312 + assert db_session_record.expires_at is not None 313 + 314 + expected_days = get_refresh_token_lifetime_days(None) 315 + expected_expiry = datetime.now(UTC) + timedelta(days=expected_days) 316 + actual_expiry = db_session_record.expires_at.replace(tzinfo=UTC) 317 + diff = abs((expected_expiry - actual_expiry).total_seconds()) 318 + assert diff < 60 # within 1 minute 319 320 321 async def test_create_session_default_expiration(db_session: AsyncSession):