store: oidc_state CRUD + 5-minute cleanup

2026-05-05 13:15:45 +01:00
parent 14be63510c
commit e2976a42e6
2 changed files with 129 additions and 0 deletions
@@ -0,0 +1,64 @@
+package store
+
+import (
+	"context"
+	"path/filepath"
+	"testing"
+	"time"
+)
+
+func newOIDCStateTestStore(t *testing.T) *Store {
+	t.Helper()
+	st, err := Open(context.Background(), filepath.Join(t.TempDir(), "rm.db"))
+	if err != nil {
+		t.Fatalf("open: %v", err)
+	}
+	t.Cleanup(func() { _ = st.Close() })
+	return st
+}
+
+func TestOIDCStatePutAndConsume(t *testing.T) {
+	t.Parallel()
+	st := newOIDCStateTestStore(t)
+	ctx := context.Background()
+	now := time.Now().UTC()
+
+	if err := st.PutOIDCState(ctx, "hash1", "verifier-1", now); err != nil {
+		t.Fatalf("put: %v", err)
+	}
+	v, err := st.ConsumeOIDCState(ctx, "hash1")
+	if err != nil {
+		t.Fatalf("consume: %v", err)
+	}
+	if v != "verifier-1" {
+		t.Errorf("verifier: got %q want %q", v, "verifier-1")
+	}
+	if _, err := st.ConsumeOIDCState(ctx, "hash1"); err == nil {
+		t.Error("re-consume should fail")
+	}
+}
+
+func TestOIDCStateCleanup(t *testing.T) {
+	t.Parallel()
+	st := newOIDCStateTestStore(t)
+	ctx := context.Background()
+	now := time.Now().UTC()
+
+	_ = st.PutOIDCState(ctx, "stale", "v-stale", now.Add(-10*time.Minute))
+	_ = st.PutOIDCState(ctx, "fresh", "v-fresh", now)
+
+	cutoff := now.Add(-5 * time.Minute)
+	n, err := st.CleanupExpiredOIDCState(ctx, cutoff)
+	if err != nil {
+		t.Fatalf("cleanup: %v", err)
+	}
+	if n != 1 {
+		t.Errorf("cleanup count: got %d want 1", n)
+	}
+	if _, err := st.ConsumeOIDCState(ctx, "stale"); err == nil {
+		t.Error("stale entry should have been deleted")
+	}
+	if _, err := st.ConsumeOIDCState(ctx, "fresh"); err != nil {
+		t.Errorf("fresh entry should still be readable: %v", err)
+	}
+}