malpercio.dev / ezpds
An easy-to-host PDS on the ATProtocol, iPhone and MacOS. Maintain control of your keys and data, always.
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

test: add refresh_token nonce retry test (H2)

Directly tests the nonce retry path inside refresh_token(): when the token endpoint
returns 400+DPoP-Nonce, the function retries exactly once. Uses hits()==2 to verify
the retry happened without requiring different responses per call in httpmock 0.7.

authored by

Malpercio and committed by
Tangled aa580523 61866af9

+34 -6
+34 -6
apps/identity-wallet/src-tauri/src/oauth_client.rs
··· 522 522 ); 523 523 } 524 524 525 - // Note: Full test for refresh_token() nonce retry path would require: 526 - // - Mock server that returns 400 with DPoP-Nonce header on first request 527 - // - Mock server that returns 200 on second request 528 - // - Verification that nonce was extracted and used in retry 529 - // This is covered indirectly through oauth.rs::exchange_code_with_retry which 530 - // uses the same nonce retry logic and is tested in the oauth module. 525 + #[tokio::test] 526 + async fn refresh_token_nonce_retry_sends_exactly_two_requests() { 527 + // Verifies: refresh_token() retries exactly once when the token endpoint returns 528 + // 400 with a DPoP-Nonce header. The retry itself also gets 400 (no success mock 529 + // available in a single-response httpmock setup), so the function returns 530 + // TokenRefreshFailed — but the nonce retry path is proven by hits() == 2. 531 + let server = MockServer::start(); 532 + 533 + let token_mock = server.mock(|when, then| { 534 + when.method(POST).path("/oauth/token"); 535 + then.status(400).header("DPoP-Nonce", "server-nonce"); 536 + }); 537 + 538 + let keypair = DPoPKeypair::get_or_create().expect("keypair must exist"); 539 + // expires_in_secs = 0 → expires_at = now; satisfies the < now + 60 check, 540 + // but we're calling refresh_token() directly to test it in isolation. 541 + let session = make_session("access_token", "refresh_token_value", 0); 542 + let client = OAuthClient::new_for_test(keypair, session, server.base_url()); 543 + 544 + // Both the initial request and the nonce retry get 400 → TokenRefreshFailed. 545 + let result = client.refresh_token().await; 546 + assert!( 547 + matches!(result, Err(OAuthError::TokenRefreshFailed)), 548 + "expected TokenRefreshFailed, got: {:?}", 549 + result 550 + ); 551 + 552 + // Exactly 2 requests: initial attempt + one nonce retry. 553 + assert_eq!( 554 + token_mock.hits(), 555 + 2, 556 + "must make exactly 2 requests: initial + nonce retry" 557 + ); 558 + } 531 559 }