test: Test that use_dynamic_access_token_signing_key works as expected

supertokens · Jul 11, 2023 · 2e639d5 · 2e639d5
1 parent 8b0cb91
commit 2e639d5
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 2 deletions.
diff --git a/tests/sessions/test_jwks.py b/tests/sessions/test_jwks.py
@@ -22,6 +22,7 @@
     teardown_function as default_teardown_function,
     set_key_value_in_config,
     st_init_common_args,
+    reset,
 )
 
 from supertokens_python.recipe.session.jwks import (
@@ -623,3 +624,78 @@ def callback():
     # With cache lifetime being 2s, we expect the cache to be missed 5 times
     assert next(not_returned_from_cache_count) == 1 + 5  # 1 original + 5 misses
     JWKSConfig.update(original_jwks_config)
+
+
+from pytest import fixture
+from fastapi import FastAPI, Request, Depends
+from fastapi.testclient import TestClient
+from supertokens_python.framework.fastapi import get_middleware
+from supertokens_python.recipe.session.framework.fastapi import verify_session
+from supertokens_python.recipe.session.asyncio import create_new_session, get_session
+from supertokens_python.recipe.session import SessionContainer
+
+
+@fixture(scope="function")
+async def client():
+    app = FastAPI()
+    app.add_middleware(get_middleware())
+
+    @app.get("/login")
+    async def login(request: Request):  # type: ignore
+        user_id = "test"
+        s = await create_new_session(request, user_id, {}, {})
+        return {"jwt": s.get_access_token()}
+
+    @app.get("/sessioninfo")
+    async def session_info(s: SessionContainer = Depends(verify_session())):
+        user_id = s.get_user_id()
+        return {"user_id": user_id}
+
+    return TestClient(app)
+
+
+async def test_session_verification_of_jwt_with_dynamic_signing_key_mode_works_as_expected(
+    client: TestClient,
+):
+    args = get_st_init_args(
+        recipe_list=[session.init(use_dynamic_access_token_signing_key=False)]
+    )
+    init(**args)  # type: ignore
+    start_st()
+
+    # Create a session:
+    res = client.get("/login")
+    assert res.status_code == 200
+
+    jwt_with_static_key = res.json()["jwt"]
+
+    res = client.get(
+        "/sessioninfo", headers={"Authorization": f"Bearer {jwt_with_static_key}"}
+    )
+    assert res.status_code == 200
+    assert res.json()["user_id"] == "test"
+
+    reset(stop_core=False)
+
+    # initalize again with use_dynamic_access_token_signing_key=True
+    args = get_st_init_args(
+        recipe_list=[session.init(use_dynamic_access_token_signing_key=True)]
+    )
+    init(**args)  # type: ignore
+
+    from supertokens_python.recipe.session.exceptions import TryRefreshTokenError
+
+    res = client.get(
+        "/sessioninfo", headers={"Authorization": f"Bearer {jwt_with_static_key}"}
+    )
+    assert res.status_code == 401
+    assert res.json() == {"message": "try refresh token"}
+
+    try:
+        res = await get_session_without_request_response(jwt_with_static_key)
+        assert False
+    except TryRefreshTokenError as e:
+        assert (
+            str(e)
+            == "The access token doesn't match the useDynamicAccessTokenSigningKey setting"
+        )
diff --git a/tests/utils.py b/tests/utils.py
@@ -193,8 +193,10 @@ def __get_list_of_process_ids() -> List[str]:
     return process_ids
 
 
-def reset():
-    __stop_st()
+def reset(stop_core: bool = True):
+    if stop_core:
+        __stop_st()
+
     ProcessState.get_instance().reset()
     Supertokens.reset()
     SessionRecipe.reset()