From 73f7e1cc09b8eb7f1184147fc24364d55e157c39 Mon Sep 17 00:00:00 2001 From: Peter Onyisi Date: Wed, 21 May 2025 20:51:58 +0000 Subject: [PATCH 1/2] Patch for cases where the bearer token has no expiration --- servicex/servicex_adapter.py | 14 ++++++++++++-- tests/test_servicex_adapter.py | 14 +++++++------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/servicex/servicex_adapter.py b/servicex/servicex_adapter.py index baa7b5b0..6c85e85a 100644 --- a/servicex/servicex_adapter.py +++ b/servicex/servicex_adapter.py @@ -85,11 +85,21 @@ def _get_bearer_token_file(): bearer_token = f.read().strip() return bearer_token + @staticmethod + def _effective_expiration(tok) -> float: + import sys + + decoded_tok = jwt.decode(tok, verify=False) + if "exp" not in decoded_tok: + # Token is missing an expiration. Return the maximum float + return sys.float_info.max + return float(decoded_tok["exp"]) + async def _get_authorization(self, force_reauth: bool = False) -> Dict[str, str]: now = time.time() if ( self.token - and jwt.decode(self.token, verify=False)["exp"] - now > 60 + and self._effective_expiration(self.token) - now > 60 and not force_reauth ): # if less than one minute validity, renew @@ -105,7 +115,7 @@ async def _get_authorization(self, force_reauth: bool = False) -> Dict[str, str] if ( not self.token or force_reauth - or float(jwt.decode(self.token, verify=False)["exp"]) - now < 60 + or self._effective_expiration(self.token) - now < 60 ): await self._get_token() return {"Authorization": f"Bearer {self.token}"} diff --git a/tests/test_servicex_adapter.py b/tests/test_servicex_adapter.py index 99d8f5c0..a9c410a7 100644 --- a/tests/test_servicex_adapter.py +++ b/tests/test_servicex_adapter.py @@ -106,16 +106,16 @@ async def test_get_transforms_wlcg_bearer_token( ) token_file.close() - os.environ["BEARER_TOKEN_FILE"] = token_file.name + with patch.dict(os.environ, {"BEARER_TOKEN_FILE": token_file.name}, clear=True): + print(os.environ) - # Try with an expired token - with pytest.raises(AuthorizationError) as err: - decode.return_value = {"exp": 0.0} - await servicex.get_transforms() - assert "ServiceX access token request rejected:" in str(err.value) + # Try with an expired token + with pytest.raises(AuthorizationError) as err: + decode.return_value = {"exp": 0.0} + await servicex.get_transforms() + assert "ServiceX access token request rejected:" in str(err.value) os.remove(token_file.name) - del os.environ["BEARER_TOKEN_FILE"] @pytest.mark.asyncio From ec271b538fed2acaf25c9b41bad83b8553bed858 Mon Sep 17 00:00:00 2001 From: ponyisi Date: Wed, 21 May 2025 15:54:53 -0500 Subject: [PATCH 2/2] Remove debugging statement Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- tests/test_servicex_adapter.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/test_servicex_adapter.py b/tests/test_servicex_adapter.py index a9c410a7..2c329caf 100644 --- a/tests/test_servicex_adapter.py +++ b/tests/test_servicex_adapter.py @@ -107,7 +107,6 @@ async def test_get_transforms_wlcg_bearer_token( token_file.close() with patch.dict(os.environ, {"BEARER_TOKEN_FILE": token_file.name}, clear=True): - print(os.environ) # Try with an expired token with pytest.raises(AuthorizationError) as err: