Merge pull request #50 from openfga/fix/token-exp-check

fix: fix token validity check for expiry
openfga · Jan 25, 2024 · d05ef22 · d05ef22
2 parents 2b4dec3 + 04e564e
commit d05ef22
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 3 deletions.
diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES
@@ -254,6 +254,7 @@ src/test-integration/resources/auth-model.json
 src/test-integration/resources/example1-auth-model.json
 src/test/java/dev/openfga/sdk/api/OpenFgaApiTest.java
 src/test/java/dev/openfga/sdk/api/OpenFgaApiTest.java
+src/test/java/dev/openfga/sdk/api/auth/AccessTokenTest.java
 src/test/java/dev/openfga/sdk/api/auth/OAuth2ClientTest.java
 src/test/java/dev/openfga/sdk/api/client/OpenFgaClientTest.java
 src/test/java/dev/openfga/sdk/api/configuration/ClientCredentialsTest.java

diff --git a/src/main/java/dev/openfga/sdk/api/auth/AccessToken.java b/src/main/java/dev/openfga/sdk/api/auth/AccessToken.java
@@ -30,9 +30,9 @@ class AccessToken {
     public boolean isValid() {
         return !isNullOrWhitespace(token)
                 && (expiresAt == null
-                        || expiresAt.isBefore(Instant.now()
-                                .plusSeconds(TOKEN_EXPIRY_BUFFER_THRESHOLD_IN_SEC)
-                                .plusSeconds(random.nextLong() % TOKEN_EXPIRY_JITTER_IN_SEC)));
+                        || expiresAt.isAfter(Instant.now()
+                                .minusSeconds(TOKEN_EXPIRY_BUFFER_THRESHOLD_IN_SEC)
+                                .minusSeconds(random.nextLong() % TOKEN_EXPIRY_JITTER_IN_SEC)));
     }
 
     public String getToken() {

diff --git a/src/test/java/dev/openfga/sdk/api/auth/AccessTokenTest.java b/src/test/java/dev/openfga/sdk/api/auth/AccessTokenTest.java
@@ -0,0 +1,43 @@
+/*
+ * OpenFGA
+ * A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar.
+ *
+ * The version of the OpenAPI document: 0.1
+ * Contact: community@openfga.dev
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+package dev.openfga.sdk.api.auth;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.stream.Stream;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
+class AccessTokenTest {
+
+    private static Stream<Arguments> expTimeAndResults() {
+        return Stream.of(
+                Arguments.of(Instant.now().plus(1, ChronoUnit.HOURS), true),
+                Arguments.of(Instant.now().minus(1, ChronoUnit.HOURS), false),
+                Arguments.of(Instant.now().minus(10, ChronoUnit.MINUTES), false),
+                Arguments.of(Instant.now().plus(10, ChronoUnit.MINUTES), true),
+                Arguments.of(Instant.now(), true));
+    }
+
+    @MethodSource("expTimeAndResults")
+    @ParameterizedTest
+    public void testTokenValid(Instant exp, boolean valid) {
+        AccessToken accessToken = new AccessToken();
+        accessToken.setToken("token");
+        accessToken.setExpiresAt(exp);
+        assertEquals(valid, accessToken.isValid());
+    }
+}