From 1675fc521b9e2f6c3116387bb0471dd51f1a1442 Mon Sep 17 00:00:00 2001 From: Chris Coutinho Date: Tue, 4 Nov 2025 10:06:06 +0100 Subject: [PATCH] fix: use valid Fernet encryption keys in token exchange tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix three tests in test_token_exchange.py that were using invalid Fernet encryption keys (b"test-key-" + b"0" * 32), causing ValueError due to invalid base64 encoding. Root cause: - Tests manually created invalid Fernet keys - token_storage and token_broker fixtures generated different keys - Encryption/decryption operations failed due to key mismatch Solution: - Expose valid encryption key from token_storage fixture via _test_encryption_key - Update token_broker fixture to use same encryption key from token_storage - Update all tests to use token_storage._test_encryption_key Tests fixed: - test_get_background_token - test_session_background_separation - test_background_token_different_scopes All 13 tests in test_token_exchange.py now pass. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- tests/server/oauth/test_token_exchange.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/tests/server/oauth/test_token_exchange.py b/tests/server/oauth/test_token_exchange.py index ddef2b9..fe79391 100644 --- a/tests/server/oauth/test_token_exchange.py +++ b/tests/server/oauth/test_token_exchange.py @@ -34,6 +34,10 @@ async def token_storage(): storage = RefreshTokenStorage(db_path=db_path, encryption_key=encryption_key) await storage.initialize() + + # Expose encryption key for tests that need to manually encrypt/decrypt + storage._test_encryption_key = encryption_key + yield storage # Cleanup @@ -59,9 +63,7 @@ async def token_exchange_service(token_storage): async def token_broker(token_storage): """Create test token broker service.""" # Use the same encryption key as storage - from cryptography.fernet import Fernet - - encryption_key = Fernet.generate_key() + encryption_key = token_storage._test_encryption_key broker = TokenBrokerService( storage=token_storage, @@ -235,7 +237,8 @@ class TestTokenBroker: # Store encrypted refresh token for user from cryptography.fernet import Fernet - fernet = Fernet(b"test-key-" + b"0" * 32) + # Use the same encryption key as token_storage/token_broker + fernet = Fernet(token_storage._test_encryption_key) encrypted_token = fernet.encrypt(b"background_refresh_token").decode() await token_storage.store_refresh_token( @@ -279,7 +282,8 @@ class TestTokenBroker: # Store refresh token from cryptography.fernet import Fernet - fernet = Fernet(b"test-key-" + b"0" * 32) + # Use the same encryption key as token_storage/token_broker + fernet = Fernet(token_storage._test_encryption_key) encrypted_token = fernet.encrypt(b"master_refresh_token").decode() await token_storage.store_refresh_token( @@ -388,7 +392,8 @@ class TestScopeDownscoping: """Test background tokens can request different scopes than session.""" from cryptography.fernet import Fernet - fernet = Fernet(b"test-key-" + b"0" * 32) + # Use the same encryption key as token_storage/token_broker + fernet = Fernet(token_storage._test_encryption_key) encrypted_token = fernet.encrypt(b"refresh_token").decode() await token_storage.store_refresh_token(