updated to run on Windows and add est capabilities

2026-03-30 11:08:05 -04:00
parent 304cf4fde4
commit 050cd49124
13 changed files with 524 additions and 54 deletions
--- a/tests/test_config.py
+++ b/tests/test_config.py
@@ -0,0 +1,56 @@
+"""Tests for src/config.py — token validation logic (T-14)."""
+
+import logging
+import time
+
+import jwt
+import pytest
+
+from src.config import _validate_chatgpt_token
+
+
+class TestValidateChatGPTToken:
+    def test_expired_token_logs_warning(self, caplog):
+        # T-14: expired JWT must produce a clear warning
+        payload = {"exp": int(time.time()) - 3600}  # expired 1 hour ago
+        token = jwt.encode(payload, "secret", algorithm="HS256")
+        with caplog.at_level(logging.WARNING, logger="src.config"):
+            result = _validate_chatgpt_token(token)
+        assert any("expired" in r.message.lower() for r in caplog.records)
+        assert result is not None  # still returns the expiry datetime
+
+    def test_expiring_within_24h_logs_warning(self, caplog):
+        payload = {"exp": int(time.time()) + 3600}  # expires in 1 hour
+        token = jwt.encode(payload, "secret", algorithm="HS256")
+        with caplog.at_level(logging.WARNING, logger="src.config"):
+            _validate_chatgpt_token(token)
+        assert any("less than 24 hours" in r.message for r in caplog.records)
+
+    def test_valid_token_no_expiry_warning(self, caplog):
+        payload = {"exp": int(time.time()) + 86400 * 5}  # valid for 5 days
+        token = jwt.encode(payload, "secret", algorithm="HS256")
+        with caplog.at_level(logging.WARNING, logger="src.config"):
+            result = _validate_chatgpt_token(token)
+        assert not any("expired" in r.message.lower() for r in caplog.records)
+        assert result is not None
+
+    def test_token_without_exp_claim_logs_warning(self, caplog):
+        payload = {"sub": "user123"}  # no exp
+        token = jwt.encode(payload, "secret", algorithm="HS256")
+        with caplog.at_level(logging.WARNING, logger="src.config"):
+            result = _validate_chatgpt_token(token)
+        assert any("'exp'" in r.message or "no 'exp'" in r.message for r in caplog.records)
+        assert result is None
+
+    def test_jwe_encrypted_token_returns_none(self, caplog):
+        # JWE tokens (alg=dir) cannot be decoded client-side — this is normal for ChatGPT
+        jwe_like = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0.fake.token.data.here"
+        with caplog.at_level(logging.DEBUG, logger="src.config"):
+            result = _validate_chatgpt_token(jwe_like)
+        assert result is None  # cannot decode, but not an error
+
+    def test_non_jwt_string_logs_warning(self, caplog):
+        with caplog.at_level(logging.WARNING, logger="src.config"):
+            result = _validate_chatgpt_token("notajwttoken")
+        assert any("does not look like a JWT" in r.message for r in caplog.records)
+        assert result is None