|
12 | 12 | # License for the specific language governing permissions and limitations |
13 | 13 | # under the License. |
14 | 14 |
|
| 15 | +import asyncio |
15 | 16 | from datetime import datetime, timedelta |
16 | 17 | from typing import Any, Dict, List, Optional |
17 | 18 | from unittest.mock import MagicMock |
|
58 | 59 | revoke_session, |
59 | 60 | ) |
60 | 61 | from supertokens_python.recipe.session.framework.fastapi import verify_session |
61 | | -from tests.utils import clean_st, reset, setup_st, start_st |
| 62 | +from tests.utils import ( |
| 63 | + TEST_ACCESS_TOKEN_MAX_AGE_CONFIG_KEY, |
| 64 | + clean_st, |
| 65 | + reset, |
| 66 | + set_key_value_in_config, |
| 67 | + setup_st, |
| 68 | + start_st, |
| 69 | +) |
62 | 70 |
|
63 | 71 | pytestmark = mark.asyncio |
64 | 72 |
|
@@ -920,10 +928,61 @@ async def test_clear_all_session_tokens_if_refresh_called_without_refresh_token_ |
920 | 928 | cookies = extract_all_cookies(response) |
921 | 929 |
|
922 | 930 | assert "sAccessToken" in cookies |
| 931 | + assert "sRefreshToken" in cookies |
| 932 | + |
| 933 | + assert "anti-csrf" in response.headers |
| 934 | + assert "front-token" in response.headers |
923 | 935 |
|
924 | 936 | response = driver_config_client.post( |
925 | 937 | "/auth/session/refresh", |
926 | 938 | cookies={"sAccessToken ": cookies["sAccessToken"]["value"]}, |
| 939 | + headers={"anti-csrf": response.headers["anti-csrf"]}, |
| 940 | + ) |
| 941 | + |
| 942 | + assert response.status_code == 401 |
| 943 | + response_cookies = extract_all_cookies(response) |
| 944 | + assert response_cookies["sAccessToken"]["value"] == "" |
| 945 | + assert ( |
| 946 | + response_cookies["sAccessToken"]["expires"] == "Thu, 01 Jan 1970 00:00:00 GMT" |
| 947 | + ) |
| 948 | + assert response_cookies["sRefreshToken"]["value"] == "" |
| 949 | + assert ( |
| 950 | + response_cookies["sRefreshToken"]["expires"] == "Thu, 01 Jan 1970 00:00:00 GMT" |
| 951 | + ) |
| 952 | + |
| 953 | + |
| 954 | +async def test_clear_all_session_tokens_if_refresh_called_without_refresh_token_but_with_an_expired_access_token( |
| 955 | + driver_config_client: TestClient, |
| 956 | +): |
| 957 | + set_key_value_in_config(TEST_ACCESS_TOKEN_MAX_AGE_CONFIG_KEY, "1") |
| 958 | + |
| 959 | + init_args = get_st_init_args( |
| 960 | + [ |
| 961 | + session.init( |
| 962 | + anti_csrf="VIA_TOKEN", |
| 963 | + get_token_transfer_method=lambda _, __, ___: "cookie", |
| 964 | + ) |
| 965 | + ] |
| 966 | + ) |
| 967 | + init(**init_args) |
| 968 | + start_st() |
| 969 | + |
| 970 | + response = driver_config_client.post("/create") |
| 971 | + cookies = extract_all_cookies(response) |
| 972 | + |
| 973 | + assert "sAccessToken" in cookies |
| 974 | + assert "sRefreshToken" in cookies |
| 975 | + |
| 976 | + assert "anti-csrf" in response.headers |
| 977 | + assert "front-token" in response.headers |
| 978 | + |
| 979 | + # Wait for the access token to expire |
| 980 | + await asyncio.sleep(2) |
| 981 | + |
| 982 | + response = driver_config_client.post( |
| 983 | + "/auth/session/refresh", |
| 984 | + cookies={"sAccessToken ": cookies["sAccessToken"]["value"]}, |
| 985 | + headers={"anti-csrf": response.headers["anti-csrf"]}, |
927 | 986 | ) |
928 | 987 |
|
929 | 988 | assert response.status_code == 401 |
|
0 commit comments