Commit 2d9b18c

jonathanedeygoogle-labs-jules[bot]

and

authored

chore: Use mock time for consistent token generation and verification tests (#881)

* Fix(tests): Use mock time for consistent token generation and verification tests Patches time.time and google.auth.jwt._helpers.utcnow to use a fixed timestamp (MOCK_CURRENT_TIME) throughout tests/test_token_gen.py. This addresses test flakiness and inconsistencies by ensuring that: 1. Tokens and cookies are generated with predictable `iat` and `exp` claims based on MOCK_CURRENT_TIME. 2. The verification logic within the Firebase Admin SDK and the underlying google-auth library also uses MOCK_CURRENT_TIME. Helper functions _get_id_token and _get_session_cookie were updated to default to using MOCK_CURRENT_TIME for their internal time calculations, simplifying test code. Relevant fixtures and token definitions were updated to rely on these new defaults and the fixed timestamp. The setup_method in TestVerifyIdToken, TestVerifySessionCookie, TestCertificateCaching, and TestCertificateFetchTimeout now mock time.time and google.auth.jwt._helpers.utcnow to ensure that all time-sensitive operations during testing use the MOCK_CURRENT_TIME. * Fix(tests): Apply time mocking to test_tenant_mgt.py Extends the time mocking strategy (using a fixed MOCK_CURRENT_TIME) to tests in `tests/test_tenant_mgt.py` to ensure consistency with changes previously made in `tests/test_token_gen.py`. Specifically: - Imported `MOCK_CURRENT_TIME` from `tests.test_token_gen`. - Added `setup_method` (and `teardown_method`) to the `TestVerifyIdToken` and `TestCreateCustomToken` classes. - These setup methods patch `time.time` and `google.auth.jwt._helpers.utcnow` to return `MOCK_CURRENT_TIME` (or its datetime equivalent). This ensures that token generation (for custom tokens) and token verification within `test_tenant_mgt.py` align with the mocked timeline, preventing potential flakiness or failures due to time inconsistencies. All tests in `test_tenant_mgt.py` pass with these changes. * fix lint and refactor --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

1 parent 70013c8 commit 2d9b18cCopy full SHA for 2d9b18c

File tree

2 files changed

+92

-20

lines changed

tests
- test_tenant_mgt.py
- test_token_gen.py

2 files changed

+92

-20

lines changed

`‎tests/test_tenant_mgt.py‎`

Lines changed: 24 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@`
`15`	`15`	`"""Test cases for the firebase_admin.tenant_mgt module."""`
`16`	`16`
`17`	`17`	`import json`
	`18`	`+import unittest.mock`
`18`	`19`	`from urllib import parse`
`19`	`20`
`20`	`21`	`import pytest`
`@@ -29,6 +30,7 @@`
`29`	`30`	`from firebase_admin import _utils`
`30`	`31`	`from tests import testutils`
`31`	`32`	`from tests import test_token_gen`
	`33`	`+from tests.test_token_gen import MOCK_CURRENT_TIME, MOCK_CURRENT_TIME_UTC`
`32`	`34`
`33`	`35`
`34`	`36`	`GET_TENANT_RESPONSE = """{`
`@@ -964,6 +966,17 @@ def _assert_saml_provider_config(self, provider_config, want_id='saml.provider')`
`964`	`966`
`965`	`967`	`class TestVerifyIdToken:`
`966`	`968`
	`969`	`+ def setup_method(self):`
	`970`	`+ self.time_patch = unittest.mock.patch('time.time', return_value=MOCK_CURRENT_TIME)`
	`971`	`+ self.mock_time = self.time_patch.start()`
	`972`	`+ self.utcnow_patch = unittest.mock.patch(`
	`973`	`+ 'google.auth.jwt._helpers.utcnow', return_value=MOCK_CURRENT_TIME_UTC)`
	`974`	`+ self.mock_utcnow = self.utcnow_patch.start()`
	`975`	`+`
	`976`	`+ def teardown_method(self):`
	`977`	`+ self.time_patch.stop()`
	`978`	`+ self.utcnow_patch.stop()`
	`979`	`+`
`967`	`980`	`def test_valid_token(self, tenant_mgt_app):`
`968`	`981`	`client = tenant_mgt.auth_for_tenant('test-tenant', app=tenant_mgt_app)`
`969`	`982`	`client._token_verifier.request = test_token_gen.MOCK_REQUEST`
`@@ -997,6 +1010,17 @@ def tenant_aware_custom_token_app():`
`997`	`1010`
`998`	`1011`	`class TestCreateCustomToken:`
`999`	`1012`
	`1013`	`+ def setup_method(self):`
	`1014`	`+ self.time_patch = unittest.mock.patch('time.time', return_value=MOCK_CURRENT_TIME)`
	`1015`	`+ self.mock_time = self.time_patch.start()`
	`1016`	`+ self.utcnow_patch = unittest.mock.patch(`
	`1017`	`+ 'google.auth.jwt._helpers.utcnow', return_value=MOCK_CURRENT_TIME_UTC)`
	`1018`	`+ self.mock_utcnow = self.utcnow_patch.start()`
	`1019`	`+`
	`1020`	`+ def teardown_method(self):`
	`1021`	`+ self.time_patch.stop()`
	`1022`	`+ self.utcnow_patch.stop()`
	`1023`	`+`
`1000`	`1024`	`def test_custom_token(self, tenant_aware_custom_token_app):`
`1001`	`1025`	`client = tenant_mgt.auth_for_tenant('test-tenant', app=tenant_aware_custom_token_app)`
`1002`	`1026`

`‎tests/test_token_gen.py‎`

Lines changed: 68 additions & 20 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@`
`19`	`19`	`import json`
`20`	`20`	`import os`
`21`	`21`	`import time`
	`22`	`+import unittest.mock`
`22`	`23`
`23`	`24`	`from google.auth import crypt`
`24`	`25`	`from google.auth import jwt`
`@@ -36,6 +37,9 @@`
`36`	`37`	`from tests import testutils`
`37`	`38`
`38`	`39`
	`40`	`+MOCK_CURRENT_TIME = 1500000000`
	`41`	`+MOCK_CURRENT_TIME_UTC = datetime.datetime.fromtimestamp(`
	`42`	`+ MOCK_CURRENT_TIME, tz=datetime.timezone.utc)`
`39`	`43`	`MOCK_UID = 'user1'`
`40`	`44`	`MOCK_CREDENTIAL = credentials.Certificate(`
`41`	`45`	`testutils.resource_filename('service_account.json'))`
`@@ -105,16 +109,17 @@ def verify_custom_token(custom_token, expected_claims, tenant_id=None):`
`105`	`109`	`for key, value in expected_claims.items():`
`106`	`110`	`assert value == token['claims'][key]`
`107`	`111`
`108`		`-def _get_id_token(payload_overrides=None, header_overrides=None):`
	`112`	`+def _get_id_token(payload_overrides=None, header_overrides=None, current_time=MOCK_CURRENT_TIME):`
`109`	`113`	`signer = crypt.RSASigner.from_string(MOCK_PRIVATE_KEY)`
`110`	`114`	`headers = {`
`111`	`115`	`'kid': 'mock-key-id-1'`
`112`	`116`	`}`
	`117`	`+ now = int(current_time if current_time is not None else time.time())`
`113`	`118`	`payload = {`
`114`	`119`	`'aud': MOCK_CREDENTIAL.project_id,`
`115`	`120`	`'iss': 'https://securetoken.google.com/' + MOCK_CREDENTIAL.project_id,`
`116`		`- 'iat': int(time.time()) - 100,`
`117`		`- 'exp': int(time.time()) + 3600,`
	`121`	`+ 'iat': now - 100,`
	`122`	`+ 'exp': now + 3600,`
`118`	`123`	`'sub': '1234567890',`
`119`	`124`	`'admin': True,`
`120`	`125`	`'firebase': {`
`@@ -127,12 +132,13 @@ def _get_id_token(payload_overrides=None, header_overrides=None):`
`127`	`132`	`payload = _merge_jwt_claims(payload, payload_overrides)`
`128`	`133`	`return jwt.encode(signer, payload, header=headers)`
`129`	`134`
`130`		`-def _get_session_cookie(payload_overrides=None, header_overrides=None):`
	`135`	`+def _get_session_cookie(`
	`136`	`+ payload_overrides=None, header_overrides=None, current_time=MOCK_CURRENT_TIME):`
`131`	`137`	`payload_overrides = payload_overrides or {}`
`132`	`138`	`if 'iss' not in payload_overrides:`
`133`	`139`	`payload_overrides['iss'] = 'https://session.firebase.google.com/{0}'.format(`
`134`	`140`	`MOCK_CREDENTIAL.project_id)`
`135`		`- return _get_id_token(payload_overrides, header_overrides)`
	`141`	`+ return _get_id_token(payload_overrides, header_overrides, current_time=current_time)`
`136`	`142`
`137`	`143`	`def _instrument_user_manager(app, status, payload):`
`138`	`144`	`client = auth._get_client(app)`
`@@ -205,7 +211,7 @@ def env_var_app(request):`
`205`	`211`	`@pytest.fixture(scope='module')`
`206`	`212`	`def revoked_tokens():`
`207`	`213`	`mock_user = json.loads(testutils.resource('get_user.json'))`
`208`		`- mock_user['users'][0]['validSince'] = str(int(time.time())+100)`
	`214`	`+ mock_user['users'][0]['validSince'] = str(MOCK_CURRENT_TIME+100)`
`209`	`215`	`return json.dumps(mock_user)`
`210`	`216`
`211`	`217`	`@pytest.fixture(scope='module')`
`@@ -218,7 +224,7 @@ def user_disabled():`
`218`	`224`	`def user_disabled_and_revoked():`
`219`	`225`	`mock_user = json.loads(testutils.resource('get_user.json'))`
`220`	`226`	`mock_user['users'][0]['disabled'] = True`
`221`		`- mock_user['users'][0]['validSince'] = str(int(time.time())+100)`
	`227`	`+ mock_user['users'][0]['validSince'] = str(MOCK_CURRENT_TIME+100)`
`222`	`228`	`return json.dumps(mock_user)`
`223`	`229`
`224`	`230`
`@@ -420,6 +426,17 @@ def test_unexpected_response(self, user_mgt_app):`
`420`	`426`
`421`	`427`	`class TestVerifyIdToken:`
`422`	`428`
	`429`	`+ def setup_method(self):`
	`430`	`+ self.time_patch = unittest.mock.patch('time.time', return_value=MOCK_CURRENT_TIME)`
	`431`	`+ self.time_patch.start()`
	`432`	`+ self.utcnow_patch = unittest.mock.patch(`
	`433`	`+ 'google.auth.jwt._helpers.utcnow', return_value=MOCK_CURRENT_TIME_UTC)`
	`434`	`+ self.utcnow_patch.start()`
	`435`	`+`
	`436`	`+ def teardown_method(self):`
	`437`	`+ self.time_patch.stop()`
	`438`	`+ self.utcnow_patch.stop()`
	`439`	`+`
`423`	`440`	`valid_tokens = {`
`424`	`441`	`'BinaryToken': TEST_ID_TOKEN,`
`425`	`442`	`'TextToken': TEST_ID_TOKEN.decode('utf-8'),`
`@@ -435,14 +452,14 @@ class TestVerifyIdToken:`
`435`	`452`	`'EmptySubject': _get_id_token({'sub': ''}),`
`436`	`453`	`'IntSubject': _get_id_token({'sub': 10}),`
`437`	`454`	`'LongStrSubject': _get_id_token({'sub': 'a' * 129}),`
`438`		`- 'FutureToken': _get_id_token({'iat': int(time.time()) + 1000}),`
	`455`	`+ 'FutureToken': _get_id_token({'iat': MOCK_CURRENT_TIME + 1000}),`
`439`	`456`	`'ExpiredToken': _get_id_token({`
`440`		`- 'iat': int(time.time()) - 10000,`
`441`		`- 'exp': int(time.time()) - 3600`
	`457`	`+ 'iat': MOCK_CURRENT_TIME - 10000,`
	`458`	`+ 'exp': MOCK_CURRENT_TIME - 3600`
`442`	`459`	`}),`
`443`	`460`	`'ExpiredTokenShort': _get_id_token({`
`444`		`- 'iat': int(time.time()) - 10000,`
`445`		`- 'exp': int(time.time()) - 30`
	`461`	`+ 'iat': MOCK_CURRENT_TIME - 10000,`
	`462`	`+ 'exp': MOCK_CURRENT_TIME - 30`
`446`	`463`	`}),`
`447`	`464`	`'BadFormatToken': 'foobar'`
`448`	`465`	`}`
`@@ -618,6 +635,17 @@ def test_certificate_request_failure(self, user_mgt_app):`
`618`	`635`
`619`	`636`	`class TestVerifySessionCookie:`
`620`	`637`
	`638`	`+ def setup_method(self):`
	`639`	`+ self.time_patch = unittest.mock.patch('time.time', return_value=MOCK_CURRENT_TIME)`
	`640`	`+ self.time_patch.start()`
	`641`	`+ self.utcnow_patch = unittest.mock.patch(`
	`642`	`+ 'google.auth.jwt._helpers.utcnow', return_value=MOCK_CURRENT_TIME_UTC)`
	`643`	`+ self.utcnow_patch.start()`
	`644`	`+`
	`645`	`+ def teardown_method(self):`
	`646`	`+ self.time_patch.stop()`
	`647`	`+ self.utcnow_patch.stop()`
	`648`	`+`
`621`	`649`	`valid_cookies = {`
`622`	`650`	`'BinaryCookie': TEST_SESSION_COOKIE,`
`623`	`651`	`'TextCookie': TEST_SESSION_COOKIE.decode('utf-8'),`
`@@ -633,14 +661,14 @@ class TestVerifySessionCookie:`
`633`	`661`	`'EmptySubject': _get_session_cookie({'sub': ''}),`
`634`	`662`	`'IntSubject': _get_session_cookie({'sub': 10}),`
`635`	`663`	`'LongStrSubject': _get_session_cookie({'sub': 'a' * 129}),`
`636`		`- 'FutureCookie': _get_session_cookie({'iat': int(time.time()) + 1000}),`
	`664`	`+ 'FutureCookie': _get_session_cookie({'iat': MOCK_CURRENT_TIME + 1000}),`
`637`	`665`	`'ExpiredCookie': _get_session_cookie({`
`638`		`- 'iat': int(time.time()) - 10000,`
`639`		`- 'exp': int(time.time()) - 3600`
	`666`	`+ 'iat': MOCK_CURRENT_TIME - 10000,`
	`667`	`+ 'exp': MOCK_CURRENT_TIME - 3600`
`640`	`668`	`}),`
`641`	`669`	`'ExpiredCookieShort': _get_session_cookie({`
`642`		`- 'iat': int(time.time()) - 10000,`
`643`		`- 'exp': int(time.time()) - 30`
	`670`	`+ 'iat': MOCK_CURRENT_TIME - 10000,`
	`671`	`+ 'exp': MOCK_CURRENT_TIME - 30`
`644`	`672`	`}),`
`645`	`673`	`'BadFormatCookie': 'foobar',`
`646`	`674`	`'IDToken': TEST_ID_TOKEN,`
`@@ -792,6 +820,17 @@ def test_certificate_request_failure(self, user_mgt_app):`
`792`	`820`
`793`	`821`	`class TestCertificateCaching:`
`794`	`822`
	`823`	`+ def setup_method(self):`
	`824`	`+ self.time_patch = unittest.mock.patch('time.time', return_value=MOCK_CURRENT_TIME)`
	`825`	`+ self.time_patch.start()`
	`826`	`+ self.utcnow_patch = unittest.mock.patch(`
	`827`	`+ 'google.auth.jwt._helpers.utcnow', return_value=MOCK_CURRENT_TIME_UTC)`
	`828`	`+ self.utcnow_patch.start()`
	`829`	`+`
	`830`	`+ def teardown_method(self):`
	`831`	`+ self.time_patch.stop()`
	`832`	`+ self.utcnow_patch.stop()`
	`833`	`+`
`795`	`834`	`def test_certificate_caching(self, user_mgt_app, httpserver):`
`796`	`835`	`httpserver.serve_content(MOCK_PUBLIC_CERTS, 200, headers={'Cache-Control': 'max-age=3600'})`
`797`	`836`	`verifier = _token_gen.TokenVerifier(user_mgt_app)`
`@@ -810,6 +849,18 @@ def test_certificate_caching(self, user_mgt_app, httpserver):`
`810`	`849`
`811`	`850`	`class TestCertificateFetchTimeout:`
`812`	`851`
	`852`	`+ def setup_method(self):`
	`853`	`+ self.time_patch = unittest.mock.patch('time.time', return_value=MOCK_CURRENT_TIME)`
	`854`	`+ self.time_patch.start()`
	`855`	`+ self.utcnow_patch = unittest.mock.patch(`
	`856`	`+ 'google.auth.jwt._helpers.utcnow', return_value=MOCK_CURRENT_TIME_UTC)`
	`857`	`+ self.utcnow_patch.start()`
	`858`	`+`
	`859`	`+ def teardown_method(self):`
	`860`	`+ self.time_patch.stop()`
	`861`	`+ self.utcnow_patch.stop()`
	`862`	`+ testutils.cleanup_apps()`
	`863`	`+`
`813`	`864`	`timeout_configs = [`
`814`	`865`	`({'httpTimeout': 4}, 4),`
`815`	`866`	`({'httpTimeout': None}, None),`
`@@ -852,6 +903,3 @@ def _instrument_session(self, app):`
`852`	`903`	`recorder = []`
`853`	`904`	`request.session.mount('https://', testutils.MockAdapter(MOCK_PUBLIC_CERTS, 200, recorder))`
`854`	`905`	`return recorder`
`855`		`-`
`856`		`- def teardown_method(self):`
`857`		`- testutils.cleanup_apps()`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 2d9b18c

File tree

2 files changed

2 files changed

`‎tests/test_tenant_mgt.py‎`

`‎tests/test_token_gen.py‎`

0 commit comments