tests for refreshSession · retr0.id/millipds@17867ff

retr0.id / millipds

fork atom

A from-scratch atproto PDS implementation in Python (mirrors https://github.com/DavidBuchanan314/millipds)

fork atom

tests for refreshSession

retr0.id 1 year ago 17867ffc 0adccf6d

+52 -3

2 changed files

expand all

unified split

src

millipds

service.py

tests

integration_test.py

+2 -3

src/millipds/service.py

··· 294 294 ) 295 295 request["authed_did"] = token_payload["sub"] 296 296 297 - db = get_db(request) 298 - db.con.execute( 297 + get_db(request).con.execute( 299 298 "INSERT INTO revoked_token (did, jti, expires_at) VALUES (?, ?, ?)", 300 - (request["authed_did"], token_payload["jti"], token_payload["exp"]), 299 + (token_payload["sub"], token_payload["jti"], token_payload["exp"]), 301 300 ) 302 301 return web.json_response( 303 302 session_info(request) | generate_session_tokens(request)

+50

tests/integration_test.py

··· 394 394 ) as r: 395 395 assert r.status == 200 396 396 await r.json() 397 + 398 + 399 + async def test_refreshsession(s, pds_host): 400 + async with s.post( 401 + pds_host + "/xrpc/com.atproto.server.createSession", 402 + json=valid_logins[0], 403 + ) as r: 404 + r = await r.json() 405 + orig_session_token = r["accessJwt"] 406 + orig_refresh_token = r["refreshJwt"] 407 + 408 + # can't refresh using the session token 409 + async with s.post( 410 + pds_host + "/xrpc/com.atproto.server.refreshSession", 411 + headers={"Authorization": "Bearer " + orig_session_token}, 412 + ) as r: 413 + assert r.status != 200 414 + 415 + # correctly refresh using the refresh token 416 + async with s.post( 417 + pds_host + "/xrpc/com.atproto.server.refreshSession", 418 + headers={"Authorization": "Bearer " + orig_refresh_token}, 419 + ) as r: 420 + assert r.status == 200 421 + r = await r.json() 422 + new_session_token = r["accessJwt"] 423 + new_refresh_token = r["refreshJwt"] 424 + 425 + # test if the new session token works 426 + async with s.get( 427 + pds_host + "/xrpc/com.atproto.server.getSession", 428 + headers={"Authorization": "Bearer " + new_session_token}, 429 + ) as r: 430 + assert r.status == 200 431 + await r.json() 432 + 433 + # test that the old session token is invalid 434 + # XXX: in the future we might relax this behaviour 435 + async with s.get( 436 + pds_host + "/xrpc/com.atproto.server.getSession", 437 + headers={"Authorization": "Bearer " + orig_session_token}, 438 + ) as r: 439 + assert r.status != 200 440 + 441 + # test that the old refresh token is invalid 442 + async with s.post( 443 + pds_host + "/xrpc/com.atproto.server.refreshSession", 444 + headers={"Authorization": "Bearer " + orig_refresh_token}, 445 + ) as r: 446 + assert r.status != 200