Ensure logs dont leak token

Colin-b · Colin-b · commit 81563e79d064 · 2024-06-17T13:59:05.000+02:00
diff --git a/tests/test_json_token_file_cache.py b/tests/test_json_token_file_cache.py
@@ -1,4 +1,6 @@
 import datetime
+import logging
+import pathlib
 
 import pytest
 import jwt
@@ -8,8 +10,8 @@
 
 
 @pytest.fixture
-def token_cache(request) -> requests_auth.JsonTokenFileCache:
-    _token_cache = requests_auth.JsonTokenFileCache(request.node.name + ".cache")
+def token_cache(tmp_path) -> requests_auth.JsonTokenFileCache:
+    _token_cache = requests_auth.JsonTokenFileCache(tmp_path / "my_tokens.cache")
     yield _token_cache
     _token_cache.clear()
 
@@ -36,7 +38,7 @@ def test_add_bearer_tokens(token_cache):
     assert token_cache.get_token("key2") == token2
 
 
-def test_save_bearer_tokens(token_cache, request):
+def test_save_bearer_tokens(token_cache, tmp_path):
     expiry_in_1_hour = datetime.datetime.now(
         datetime.timezone.utc
     ) + datetime.timedelta(hours=1)
@@ -49,12 +51,14 @@ def test_save_bearer_tokens(token_cache, request):
     token2 = jwt.encode({"exp": expiry_in_2_hour}, "secret")
     token_cache._add_bearer_token("key2", token2)
 
-    same_cache = requests_auth.JsonTokenFileCache(request.node.name + ".cache")
+    same_cache = requests_auth.JsonTokenFileCache(tmp_path / "my_tokens.cache")
     assert same_cache.get_token("key1") == token1
     assert same_cache.get_token("key2") == token2
 
 
-def test_save_bearer_token_exception_handling(token_cache, request, monkeypatch):
+def test_save_bearer_token_exception_handling(
+    token_cache, tmp_path, monkeypatch, caplog
+):
     def failing_dump(*args):
         raise Exception("Failure")
 
@@ -65,18 +69,53 @@ def failing_dump(*args):
     ) + datetime.timedelta(hours=1)
     token1 = jwt.encode({"exp": expiry_in_1_hour}, "secret")
 
+    caplog.set_level(logging.DEBUG)
+
     # Assert that the exception is not thrown
     token_cache._add_bearer_token("key1", token1)
 
-    same_cache = requests_auth.JsonTokenFileCache(request.node.name + ".cache")
+    same_cache = requests_auth.JsonTokenFileCache(tmp_path / "my_tokens.cache")
     with pytest.raises(requests_auth.AuthenticationFailed) as exception_info:
         same_cache.get_token("key1")
     assert str(exception_info.value) == "User was not authenticated."
 
+    assert caplog.messages == [
+        "Cannot save tokens.",
+        f'Inserting token expiring on {expiry_in_1_hour:%Y-%m-%d %H:%M:%S+00:00} with "key1" key.',
+        "Cannot load tokens.",
+        'Retrieving token with "key1" key.',
+        "Token cannot be found in cache.",
+        "User was not authenticated: key key1 cannot be found in [].",
+    ]
+
 
-def test_missing_token(token_cache):
+def test_missing_token_on_empty_cache(token_cache, caplog):
+    caplog.set_level(logging.DEBUG)
     with pytest.raises(requests_auth.AuthenticationFailed):
         token_cache.get_token("key1")
+    assert caplog.messages == [
+        'Retrieving token with "key1" key.',
+        "No token loaded. Token cache does not exists.",
+        "Token cannot be found in cache.",
+        "User was not authenticated: key key1 cannot be found in [].",
+    ]
+
+
+def test_missing_token_on_non_empty_cache(token_cache, caplog):
+    expiry_in_1_hour = datetime.datetime.now(
+        datetime.timezone.utc
+    ) + datetime.timedelta(hours=1)
+    token1 = jwt.encode({"exp": expiry_in_1_hour}, "secret")
+    token_cache._add_bearer_token("key0", token1)
+
+    caplog.set_level(logging.DEBUG)
+    with pytest.raises(requests_auth.AuthenticationFailed):
+        token_cache.get_token("key1")
+    assert caplog.messages == [
+        'Retrieving token with "key1" key.',
+        "Token cannot be found in cache.",
+        "User was not authenticated: key key1 cannot be found in ['key0'].",
+    ]
 
 
 def test_missing_token_function(token_cache):
@@ -105,3 +144,16 @@ def test_token_without_refresh_token(token_cache):
     # try to retrieve it
     retrieved_token = token_cache.get_token("key1")
     assert token == retrieved_token
+
+
+def test_unable_to_remove_cache(token_cache, tmp_path, monkeypatch, caplog):
+    def unlink_failure(*args):
+        raise PermissionError("You can create but can't delete")
+
+    monkeypatch.setattr(pathlib.Path, "unlink", unlink_failure)
+
+    caplog.set_level(logging.DEBUG)
+    # Assert that the exception is not thrown
+    token_cache.clear()
+
+    assert caplog.messages == ["Clearing token cache.", "Cannot remove tokens file."]
