idp_oidc: use sesssion accessor in Token.is_valid() (#85643)

2024-01-15 11:33:20 +01:00 · 2024-01-15 11:33:20 +01:00 · aa554eccea
parent 62a9500192
commit aa554eccea
2 changed files with 14 additions and 3 deletions
--- a/src/authentic2_idp_oidc/models.py
+++ b/src/authentic2_idp_oidc/models.py
@ -339,6 +339,11 @@ class SessionMixin:
            self.session_key = ''
            self._session = None

+    def refresh_from_db(self, *args, **kwargs):
+        if hasattr(self, '_session'):
+            del self._session
+        return super().refresh_from_db(*args, **kwargs)
+

 class OIDCCode(SessionMixin, models.Model):
    CODE_CHALLENGE_METHOD_PLAIN = 1
@ -419,10 +424,9 @@ class OIDCAccessToken(SessionMixin, models.Model):
            return False
        if not self.session_key:
            return True
-        session = get_session(self.session_key)
-        if session is None:
+        if self.session is None:
            return False
-        if session.get('_auth_user_id') != str(self.user_id):
+        if self.session.get('_auth_user_id') != str(self.user_id):
            return False
        return True

--- a/tests/idp_oidc/test_models.py
+++ b/tests/idp_oidc/test_models.py
@ -98,6 +98,7 @@ def test_access_token_is_valid_session(simple_oidc_client, simple_user, session)

    assert token.is_valid()
    session.flush()
+    token.refresh_from_db()
    assert not token.is_valid()


@ -111,8 +112,10 @@ def test_access_token_is_valid_expired(simple_oidc_client, simple_user, freezer)

    assert token.is_valid()
    freezer.move_to(expired)
+    token.refresh_from_db()
    assert token.is_valid()
    freezer.move_to(expired + datetime.timedelta(seconds=1))
+    token.refresh_from_db()
    assert not token.is_valid()


@ -130,12 +133,16 @@ def test_access_token_is_valid_session_and_expired(simple_oidc_client, simple_us

    assert token.is_valid()
    freezer.move_to(expired)
+    token.refresh_from_db()
    assert token.is_valid()
    freezer.move_to(expired + datetime.timedelta(seconds=1))
+    token.refresh_from_db()
    assert not token.is_valid()
    freezer.move_to(start)
+    token.refresh_from_db()
    assert token.is_valid()
    session.flush()
+    token.refresh_from_db()
    assert not token.is_valid()