core/authorize: check for expired tokens (#4543)

* core/authorize: check for expired tokens * Update pkg/grpc/session/session.go Co-authored-by: Denis Mishin <dmishin@pomerium.com> * lint * fix zero timestamps * fix --------- Co-authored-by: Denis Mishin <dmishin@pomerium.com>
2025-05-31 09:57:17 +02:00 · 2023-09-15 16:06:13 -06:00 · 2023-09-15 16:06:13 -06:00 · 23ea48815f
commit 23ea48815f
parent e5a7b994b6
7 changed files with 127 additions and 1 deletions
--- a/pkg/grpc/session/session_test.go
+++ b/pkg/grpc/session/session_test.go
@ -0,0 +1,32 @@
+package session
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+func TestSession_Validate(t *testing.T) {
+	t.Parallel()
+
+	t0 := timestamppb.New(time.Now().Add(-time.Second))
+	for _, tc := range []struct {
+		name    string
+		session *Session
+		expect  error
+	}{
+		{"valid", &Session{}, nil},
+		{"expired", &Session{ExpiresAt: t0}, ErrSessionExpired},
+		{"expired id token", &Session{IdToken: &IDToken{ExpiresAt: t0}}, ErrSessionExpired},
+		{"expired oauth token", &Session{OauthToken: &OAuthToken{ExpiresAt: t0}}, ErrSessionExpired},
+	} {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			assert.ErrorIs(t, tc.session.Validate(), tc.expect)
+		})
+	}
+}