feat(auth): Implement OIDCSession helper for secure temporary storage

2026-02-14 04:12:14 -08:00
parent 2220714962
commit 05261e3cda
2 changed files with 71 additions and 0 deletions
--- a/backend/tests/test_oidc_session.py
+++ b/backend/tests/test_oidc_session.py
@@ -0,0 +1,44 @@
+import pytest
+from datetime import timedelta
+from ea_chatbot.auth import OIDCSession
+from ea_chatbot.config import Settings
+
+@pytest.fixture
+def settings():
+    return Settings()
+
+def test_oidc_session_encrypt_decrypt(settings):
+    session_data = {
+        "state": "test_state",
+        "nonce": "test_nonce",
+        "code_verifier": "test_verifier"
+    }
+    
+    # Encrypt
+    token = OIDCSession.encrypt(session_data, settings.secret_key)
+    assert isinstance(token, str)
+    assert token != ""
+    
+    # Decrypt
+    decrypted_data = OIDCSession.decrypt(token, settings.secret_key)
+    assert decrypted_data["state"] == "test_state"
+    assert decrypted_data["nonce"] == "test_nonce"
+    assert decrypted_data["code_verifier"] == "test_verifier"
+
+def test_oidc_session_invalid_signature(settings):
+    session_data = {"state": "test_state"}
+    token = OIDCSession.encrypt(session_data, settings.secret_key)
+    
+    # Tamper with the token
+    tampered_token = token[:-5] + "aaaaa"
+    
+    decrypted_data = OIDCSession.decrypt(tampered_token, settings.secret_key)
+    assert decrypted_data is None
+
+def test_oidc_session_expired(settings):
+    session_data = {"state": "test_state"}
+    # Encrypt with a very short expiration
+    token = OIDCSession.encrypt(session_data, settings.secret_key, expires_delta=timedelta(seconds=-1))
+    
+    decrypted_data = OIDCSession.decrypt(token, settings.secret_key)
+    assert decrypted_data is None