core/authorize: check for expired tokens (#4543)

* core/authorize: check for expired tokens * Update pkg/grpc/session/session.go Co-authored-by: Denis Mishin <dmishin@pomerium.com> * lint * fix zero timestamps * fix --------- Co-authored-by: Denis Mishin <dmishin@pomerium.com>
2025-06-13 16:24:16 +02:00 · 2023-09-15 16:06:13 -06:00 · 2023-09-15 16:06:13 -06:00 · 23ea48815f
commit 23ea48815f
parent e5a7b994b6
7 changed files with 127 additions and 1 deletions
--- a/pkg/grpc/user/user_test.go
+++ b/pkg/grpc/user/user_test.go
@ -0,0 +1,30 @@
+package user
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+func TestServiceAccount_Validate(t *testing.T) {
+	t.Parallel()
+
+	t0 := timestamppb.New(time.Now().Add(-time.Second))
+	for _, tc := range []struct {
+		name           string
+		serviceAccount *ServiceAccount
+		expect         error
+	}{
+		{"valid", &ServiceAccount{}, nil},
+		{"expired", &ServiceAccount{ExpiresAt: t0}, ErrServiceAccountExpired},
+	} {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			assert.ErrorIs(t, tc.serviceAccount.Validate(), tc.expect)
+		})
+	}
+}