bito-code-review[bot] commented on PR #40651:
URL: https://github.com/apache/superset/pull/40651#issuecomment-4598377063
<!-- Bito Reply -->
The `test_jwt_needs_refresh` test currently covers scenarios for missing,
malformed, legacy (no `exp`), and near-expiry tokens. However, it does not
explicitly test for expired tokens. To ensure that regressions (e.g., catching
the wrong exception type) are detected, an explicit expired-token assertion
should be added to the test. This will validate that the `_jwt_needs_refresh`
function correctly identifies and handles expired tokens.
**superset/async_events/async_query_manager.py**
```
def _jwt_needs_refresh(self, token: Optional[str]) -> bool:
"""
Return True when the async-queries cookie should be (re)issued.
The token is refreshed proactively, once it is past the first half of
its lifetime, so that an active session keeps a valid token while a
leaked token (which is not being refreshed by the user's session) still
expires within ``GLOBAL_ASYNC_QUERIES_JWT_EXP_SECONDS``. Missing,
malformed, expired, or legacy (no ``exp``) tokens are also refreshed.
"""
if not token:
return True
try:
claims = jwt.decode(token, self._jwt_secret, algorithms=["HS256"])
except jwt.PyJWTError:
return True
exp = claims.get("exp")
if not exp:
return True
seconds_remaining = exp - datetime.now(tz=timezone.utc).timestamp()
return seconds_remaining < self._jwt_exp_seconds / 2
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
