Ryan Kegel
ebaef16daf
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 3m23s
- Introduced a dual-token system for user authentication: a short-lived access token and a long-lived rotating refresh token. - Created a new RefreshToken model to manage refresh tokens securely. - Updated auth_api.py to handle login, refresh, and logout processes with the new token system. - Enhanced security measures including token rotation and theft detection. - Updated frontend to handle token refresh on 401 errors and adjusted SSE authentication. - Removed CORS middleware as it's unnecessary behind the nginx proxy. - Added tests to ensure functionality and security of the new token system.
19 lines
713 B
Python
19 lines
713 B
Python
import os
|
|
os.environ['DB_ENV'] = 'test'
|
|
os.environ.setdefault('SECRET_KEY', 'test-secret-key')
|
|
os.environ.setdefault('REFRESH_TOKEN_EXPIRY_DAYS', '90')
|
|
import sys
|
|
import pytest
|
|
|
|
# Ensure backend root is in sys.path for imports like 'config.paths'
|
|
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
|
|
|
|
# Shared test constants — import these in test files instead of hardcoding
|
|
TEST_SECRET_KEY = 'test-secret-key'
|
|
TEST_REFRESH_TOKEN_EXPIRY_DAYS = 90
|
|
|
|
@pytest.fixture(scope="session", autouse=True)
|
|
def set_test_db_env():
|
|
os.environ['DB_ENV'] = 'test'
|
|
os.environ['SECRET_KEY'] = TEST_SECRET_KEY
|
|
os.environ['REFRESH_TOKEN_EXPIRY_DAYS'] = str(TEST_REFRESH_TOKEN_EXPIRY_DAYS) |