Skip to content

AuthTests: TokenRepository resilience tests #263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
asendra wants to merge 2 commits into
base: main
Choose a base branch
from
Open

AuthTests: TokenRepository resilience tests #263

asendra wants to merge 2 commits into from

Conversation

@asendra
Copy link
Contributor

@asendra asendra commented Oct 3, 2025
edited
Loading

Why

Strengthen coverage for scenarios that historically lead to forced logouts or broken sessions when access tokens expire quickly: rate limiting, concurrent refresh, persistence failures, and repeated transient errors.

What

  • Add TokenRepositoryResilienceTests covering:
    • 429 rate limits: no logout/downgrade when no tokens are stored.
    • Concurrent refresh under repeated 5xx responses: coalescing avoids race-induced downgrade and keeps stored credentials.
    • Persistence failures (load/save): document today’s throwing behavior to guide future soft-fail improvements.
    • Repeated transient failures: surface the current lack of cooldown with an explicit TODO.
  • Introduce focused fakes (FailingFakeTokensStore, SequencedFakeTokenService) to drive the scenarios deterministically.

Notes

  • Stacked on auth/refresh-coalescing (RefreshCoordinator injection).

Tests

  • swift test --filter TokenRepositoryResilienceTests

@asendra asendra force-pushed the auth/edge-case-tests branch 2 times, most recently from 6b5ab36 to 8d40b4c Compare October 3, 2025 15:52
@asendra asendra force-pushed the auth/retry-jitter branch from e0b49ea to e7e1e32 Compare October 6, 2025 07:35
Base automatically changed from auth/retry-jitter to fix/auth-server-error-handling October 6, 2025 07:40
@asendra asendra force-pushed the auth/edge-case-tests branch from 8d40b4c to 0480a2f Compare October 6, 2025 07:40
@asendra asendra changed the base branch from fix/auth-server-error-handling to auth/refresh-coalescing October 6, 2025 07:40
@asendra asendra force-pushed the auth/edge-case-tests branch from 0480a2f to ae28229 Compare October 7, 2025 07:47
@asendra asendra force-pushed the auth/refresh-coalescing branch from 237e28f to 45b76c5 Compare October 13, 2025 14:01
@asendra asendra force-pushed the auth/edge-case-tests branch 4 times, most recently from c11afad to 55b0998 Compare October 13, 2025 14:57
@asendra asendra marked this pull request as ready for review October 13, 2025 15:04
@asendra asendra requested a review from a team as a code owner October 13, 2025 15:04
@asendra asendra mentioned this pull request Oct 13, 2025
Merged
@asendra asendra force-pushed the auth/edge-case-tests branch from 022ca36 to 232cc69 Compare October 13, 2025 18:52
Base automatically changed from auth/refresh-coalescing to main October 14, 2025 09:00
asendra and others added 2 commits October 20, 2025 15:50
@asendra
AuthTests: Add TokenRepository resilience tests (429, coalescing 5xx/…
13d736b 
…401, store failures with XCTExpectFailure, cooldown TODO)
@asendra @claude
AuthTests: Update cooldown test to reflect implicit cooldown behavior
bb71731 
The new coalescing + transient error handling provides implicit cooldown:
- First call on 503: attempts refresh, returns stored credentials
- Second call: credentials not expired, returns cached without refresh

This is improved behavior that prevents hammering the server after
transient failures. Updated test name and assertions to verify this
implicit cooldown via stored credentials pattern.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@asendra asendra force-pushed the auth/edge-case-tests branch from 232cc69 to bb71731 Compare October 20, 2025 13:50
@asendra asendra requested review from bkdl and Copilot October 21, 2025 05:40
Copilot AI reviewed Oct 21, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds comprehensive resilience tests for TokenRepository to validate behavior under edge cases like rate limiting, concurrent refresh operations, persistence failures, and repeated transient errors. These tests document current behavior and help prevent forced logouts or session breakage when access tokens expire quickly.

Key Changes:

  • Introduces TokenRepositoryResilienceTests covering rate limits, concurrent refresh coalescing, persistence failures, and transient error handling
  • Adds specialized test doubles (FailingFakeTokensStore, SequencedFakeTokenService) for deterministic failure scenarios
  • Documents current throwing behavior for persistence failures to guide future soft-fail improvements

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bkdl bkdl Awaiting requested review from bkdl

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asendra