Skip to content

Commit

Permalink
UT: Add failing test for TokenValidator.validate_token()
Browse files Browse the repository at this point in the history
If a new refresh token is generated, even if the old token isn't expired yet,
the new one should be invalidated. We shouldn't have two valid refresh tokens
for a user.
  • Loading branch information
shreyamalviya authored and VakarisZ committed Mar 31, 2023
1 parent a190163 commit 1cf264a
Showing 1 changed file with 20 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,26 @@ def test_validate_token__valid(freezer):
token_validator.validate_token(token)


def test_validate_token__old_token_invalid_on_new_token_generated():
token_expiration_timedelta = 1 * 60 # 1 minute
payload = "fake_user_id"

app, _ = build_app()
token_generator = TokenGenerator(app.security)
token_validator = TokenValidator(app.security, token_expiration_timedelta)

token_1 = token_generator.generate_token(payload)
token_validator.validate_token(token_1)

token_2 = token_generator.generate_token(payload)
token_validator.validate_token(token_2)

with pytest.raises(SignatureExpired):
# this is still valid according to the expiration time but since
# a new refresh token has been generated, it should be invalid
token_validator.validate_token(token_1)


def test_validate_refresh_token__expired(freezer):
token_expiration = 1 * 60 # 1 minute
generation_time = "2020-01-01 00:00:00"
Expand Down

0 comments on commit 1cf264a

Please sign in to comment.