Skip to content

Commit

Permalink
[VI-739] Updating token exchanged session attributes so that exchange…
Browse files Browse the repository at this point in the history
…d session has proper expiration times
  • Loading branch information
bosawt committed Nov 8, 2024
1 parent 7a83ea0 commit 9a58262
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 8 deletions.
8 changes: 6 additions & 2 deletions app/services/sign_in/session_spawner.rb
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ def create_new_access_token
refresh_token_hash:,
parent_refresh_token_hash:,
anti_csrf_token:,
last_regeneration_time: refresh_creation,
last_regeneration_time:,
user_attributes: JSON.parse(user_attributes)
)
end
Expand Down Expand Up @@ -106,7 +106,11 @@ def create_new_session
end

def refresh_expiration_time
@refresh_expiration_time ||= refresh_creation + client_config.refresh_token_duration
@refresh_expiration_time ||= last_regeneration_time + client_config.refresh_token_duration
end

def last_regeneration_time
@last_regeneration_time ||= Time.zone.now
end

def get_hash(object)
Expand Down
14 changes: 11 additions & 3 deletions spec/services/sign_in/session_spawner_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,10 @@
describe '#perform' do
subject { session_spawner.perform }

let(:current_session) { create(:oauth_session, handle: current_session_handle, user_verification:) }
let(:current_session) do
create(:oauth_session, handle: current_session_handle, user_verification:, refresh_creation:)
end
let(:refresh_creation) { 5.minutes.ago }
let(:current_session_handle) { 'edd4c2fc-d776-4596-8dce-71a9848e15e0' }
let(:user_uuid) { current_session.user_verification.backing_credential_identifier }
let(:user_verification) { create(:user_verification, locked:) }
Expand All @@ -25,6 +28,10 @@
let(:enforced_terms) { nil }
let(:device_sso) { false }

before { Timecop.freeze(Time.zone.now.floor) }

after { Timecop.return }

context 'expected credential_lock validation' do
let(:locked) { false }
let(:expected_error) { SignIn::Errors::CredentialLockedError }
Expand Down Expand Up @@ -84,7 +91,8 @@
let(:expected_token_uuid) { SecureRandom.uuid }
let(:expected_parent_token_uuid) { SecureRandom.uuid }
let(:expected_user_uuid) { user_uuid }
let(:expected_expiration_time) { expected_created_time + refresh_token_duration }
let(:expected_last_regeneration_time) { Time.zone.now }
let(:expected_expiration_time) { expected_last_regeneration_time + refresh_token_duration }
let(:expected_user_attributes) { JSON.parse(current_session.user_attributes) }
let(:expected_double_hashed_parent_refresh_token) do
Digest::SHA256.hexdigest(parent_refresh_token_hash)
Expand Down Expand Up @@ -214,7 +222,7 @@
anti_csrf_token: expected_anti_csrf_token)
end
let(:expected_parent_refresh_token_hash) { Digest::SHA256.hexdigest(parent_refresh_token.to_json) }
let(:expected_last_regeneration_time) { current_session.refresh_creation }
let(:expected_last_regeneration_time) { Time.zone.now }

before do
allow(SecureRandom).to receive_messages(hex: stubbed_random_number, uuid: expected_handle)
Expand Down
12 changes: 9 additions & 3 deletions spec/services/sign_in/token_exchanger_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -154,9 +154,10 @@
let(:expected_hashed_refresh_token) do
Digest::SHA256.hexdigest(new_refresh_token.parent_refresh_token_hash)
end
let(:expected_last_regeneration_time) { Time.zone.now }

let(:expected_refresh_expiration) do
expected_refresh_creation + new_client_config.refresh_token_duration
expected_last_regeneration_time + new_client_config.refresh_token_duration
end
let(:expected_session_handle) { Faker::Internet.uuid }
let(:expected_client_id) { new_client_config.client_id }
Expand All @@ -166,7 +167,12 @@
let(:expected_device_secret_hash) { nil }
let(:expected_user_uuid) { current_session.user_verification.backing_credential_identifier }

before { allow(SecureRandom).to receive(:uuid).and_return(expected_session_handle) }
before do
Timecop.freeze(Time.zone.now.floor)
allow(SecureRandom).to receive(:uuid).and_return(expected_session_handle)
end

after { Timecop.return }

it 'creates a session with the expected attributes' do
new_session = token_exchanger.perform.session
Expand All @@ -186,7 +192,7 @@
expect(new_access_token.session_handle).to eq(expected_session_handle)
expect(new_access_token.audience).to eq(expected_audience)
expect(new_access_token.client_id).to eq(expected_client_id)
expect(new_access_token.last_regeneration_time).to eq(expected_refresh_creation)
expect(new_access_token.last_regeneration_time).to eq(expected_last_regeneration_time)
expect(new_access_token.user_attributes).to eq(JSON.parse(expected_user_attributes))
expect(new_access_token.user_uuid).to eq(expected_user_uuid)
expect(new_access_token.device_secret_hash).to eq(expected_device_secret_hash)
Expand Down

0 comments on commit 9a58262

Please sign in to comment.