YunxiaoXu/ea-chatbot-lg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Address technical debt in auth refresh implementation

Browse Source
This commit is contained in:
Yunxiao Xu
2026-02-18 14:36:10 -08:00
parent 341bd08176
commit 6131f27142
4 changed files with 49 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/src/ea_chatbot/api/routers/auth.py
View File

@@ -2,7 +2,7 @@ from typing import Optional
from fastapi import APIRouter, Depends, HTTPException, status, Response, Request
from fastapi.responses import RedirectResponse
from fastapi.security import OAuth2PasswordRequestForm
from ea_chatbot.api.utils import create_access_token, create_refresh_token, settings
from ea_chatbot.api.utils import create_access_token, create_refresh_token, decode_access_token, settings
from ea_chatbot.api.dependencies import history_manager, oidc_client, get_current_user
from ea_chatbot.history.models import User as UserDB
from ea_chatbot.api.schemas import Token, UserCreate, UserResponse, ThemeUpdate
@@ -101,7 +101,6 @@ async def refresh(request: Request, response: Response):
detail="Refresh token missing"
)
from ea_chatbot.api.utils import decode_access_token # Using decode_access_token for both
payload = decode_access_token(refresh_token)
if not payload:

14
backend/tests/api/test_auth_refresh.py
View File

@@ -18,11 +18,17 @@ def test_refresh_token_success(client):
# 2. Set the cookie manually in the client
client.cookies.set("refresh_token", refresh_token)
import time
time.sleep(1.1) # Wait to ensure iat is different
# 3. Call the refresh endpoint with mock
with patch("ea_chatbot.api.routers.auth.history_manager") as mock_hm:
with patch("ea_chatbot.api.routers.auth.history_manager") as mock_hm, \
patch("ea_chatbot.api.utils.datetime") as mock_datetime:
# Mock datetime to ensure the second token has a different timestamp
from datetime import datetime, timezone, timedelta
base_now = datetime.now(timezone.utc)
# First call (inside refresh) gets base_now + 1 second
mock_datetime.now.return_value = base_now + timedelta(seconds=1)
mock_datetime.side_effect = lambda *args, **kwargs: datetime(*args, **kwargs)
mock_hm.get_user_by_id.return_value = User(id=user_id, username="test@test.com")
response = client.post("/api/v1/auth/refresh")