UT: Add failing test for TokenValidator.validate_token()

If a new refresh token is generated, even if the old token isn't expired yet, the new one should be invalidated. We shouldn't have two valid refresh tokens for a user.
guardicore · Mar 31, 2023 · c6c31ca · c6c31ca
1 parent 18b3d79
commit c6c31ca
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/...unit_tests/monkey_island/cc/services/authentication_service/token/test_token_validator.py b/...unit_tests/monkey_island/cc/services/authentication_service/token/test_token_validator.py
@@ -24,6 +24,26 @@ def test_validate_token__valid(freezer):
     token_validator.validate_token(token)
 
 
+def test_validate_token__old_token_invalid_on_new_token_generated():
+    token_expiration_timedelta = 1 * 60  # 1 minute
+    payload = "fake_user_id"
+
+    app, _ = build_app()
+    token_generator = TokenGenerator(app.security)
+    token_validator = TokenValidator(app.security, token_expiration_timedelta)
+
+    token_1 = token_generator.generate_token(payload)
+    token_validator.validate_token(token_1)
+
+    token_2 = token_generator.generate_token(payload)
+    token_validator.validate_token(token_2)
+
+    with pytest.raises(SignatureExpired):
+        # this is still valid according to the expiration time but since
+        # a new refresh token has been generated, it should be invalid
+        token_validator.validate_token(token_1)
+
+
 def test_validate_refresh_token__expired(freezer):
     token_expiration = 1 * 60  # 1 minute
     generation_time = "2020-01-01 00:00:00"