refactor: rename misleading methods in AuthService

- session_id() -> generate_session_id(): was named as accessor but generates
  a new token via secrets.token_urlsafe(64)
- check_session() -> validate_session(): returns UserResponse not a bool;
  the name suggested a boolean check when it actually retrieves the user

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: agusmdev

template/backend/app/user/auth/permissions.py

@@ -55,7 +55,7 @@ async def get_user(
     ) -> User:
         try:
             if not getattr(request.state, "user", None):
-                user = await auth_service.check_session(http_auth.credentials)
+                user = await auth_service.validate_session(http_auth.credentials)
                 cast("Any", request.state).user = user
                 req_ctx: RequestContext = get_request_context()
                 req_ctx.user_id = str(user.id)

template/backend/app/user/auth/service.py

@@ -90,7 +90,7 @@ def __init__(
         }
 
     @staticmethod
-    def session_id() -> str:
+    def generate_session_id() -> str:
         return f"s_{secrets.token_urlsafe(64)}"
 
     @staticmethod
@@ -103,7 +103,7 @@ async def authenticate(self, email: str, password: str) -> SessionResponse:
 
         created_session = await self.repo.create(
             SessionCreate(
-                id=self.session_id(),
+                id=self.generate_session_id(),
                 user_id=user.id,
                 expires_at=datetime.now() + timedelta(days=365),
             )
@@ -139,7 +139,7 @@ async def oauth_login(
 
         created_session = await self.repo.create(
             SessionCreate(
-                id=self.session_id(),
+                id=self.generate_session_id(),
                 user_id=user.id,
                 expires_at=datetime.now() + timedelta(days=365),
             )
@@ -150,7 +150,7 @@ async def oauth_login(
             expires_at=created_session.expires_at,
         )
 
-    async def check_session(self, session_id: str) -> UserResponse:
+    async def validate_session(self, session_id: str) -> UserResponse:
         session = cast(
             "UserSessionResponse",
             await self.repo.get(

template/backend/tests/unit/services/test_auth_service.py

@@ -24,13 +24,13 @@ class TestAuthServiceSessionId:
 
     def test_session_id_format(self):
         """Test session_id format."""
-        session_id = AuthService.session_id()
+        session_id = AuthService.generate_session_id()
         assert session_id.startswith("s_")
         assert len(session_id) > 10
 
     def test_session_id_unique(self):
         """Test session_id generates unique values."""
-        ids = [AuthService.session_id() for _ in range(100)]
+        ids = [AuthService.generate_session_id() for _ in range(100)]
         assert len(set(ids)) == 100
 
     def test_generate_token_format(self):
@@ -142,7 +142,7 @@ async def test_register_success(
 
 
 class TestAuthServiceCheckSession:
-    """Tests for AuthService.check_session method."""
+    """Tests for AuthService.validate_session method."""
 
     @pytest.fixture
     def auth_service(
@@ -157,7 +157,7 @@ def auth_service(
             email_verification_repo=mock_email_verification_repository,
         )
 
-    async def test_check_session_valid(self, auth_service, mock_session_repository):
+    async def test_validate_session_valid(self, auth_service, mock_session_repository):
         """Test checking valid session."""
         mock_session = MagicMock()
         mock_session.expires_at = datetime.now() + timedelta(days=1)
@@ -166,19 +166,19 @@ async def test_check_session_valid(self, auth_service, mock_session_repository):
         )
         mock_session_repository.get.return_value = mock_session
 
-        result = await auth_service.check_session("s_valid_session")
+        result = await auth_service.validate_session("s_valid_session")
 
         assert result == mock_session.user
 
-    async def test_check_session_expired(self, auth_service, mock_session_repository):
+    async def test_validate_session_expired(self, auth_service, mock_session_repository):
         """Test checking expired session."""
         mock_session = MagicMock()
         mock_session.expires_at = datetime.now() - timedelta(days=1)
         mock_session.user = MagicMock()
         mock_session_repository.get.return_value = mock_session
 
         with pytest.raises(SessionExpiredError):
-            await auth_service.check_session("s_expired_session")
+            await auth_service.validate_session("s_expired_session")
 
 
 class TestAuthServiceLogout:

template/backend/tests/unit/services/test_authenticated_user.py

@@ -58,7 +58,7 @@ async def test_get_user_success(
         self, mock_request, mock_http_auth, mock_auth_service, sample_user_response
     ):
         """Test successful user retrieval."""
-        mock_auth_service.check_session = AsyncMock(return_value=sample_user_response)
+        mock_auth_service.validate_session = AsyncMock(return_value=sample_user_response)
 
         with patch("app.user.auth.permissions.get_request_context") as mock_ctx, \
              patch("app.user.auth.permissions.log_user"):
@@ -68,13 +68,13 @@ async def test_get_user_success(
             )
 
         assert result is sample_user_response
-        mock_auth_service.check_session.assert_called_once_with("s_test_session_token")
+        mock_auth_service.validate_session.assert_called_once_with("s_test_session_token")
 
     async def test_get_user_raises_401_on_exception(
         self, mock_request, mock_http_auth, mock_auth_service
     ):
         """Test that any exception raises 401 HTTPException."""
-        mock_auth_service.check_session = AsyncMock(side_effect=SessionExpiredError())
+        mock_auth_service.validate_session = AsyncMock(side_effect=SessionExpiredError())
 
         with pytest.raises(HTTPException) as exc_info:
             await AuthenticatedUser.get_user(
@@ -93,7 +93,7 @@ async def test_get_user_returns_cached_user(
             mock_request, mock_http_auth, mock_auth_service
         )
 
-        mock_auth_service.check_session.assert_not_called()
+        mock_auth_service.validate_session.assert_not_called()
         assert result is sample_user_response
 
 
@@ -104,7 +104,7 @@ async def test_returns_user_id(
         self, mock_request, mock_http_auth, mock_auth_service, sample_user_response
     ):
         """Test returns user UUID."""
-        mock_auth_service.check_session = AsyncMock(return_value=sample_user_response)
+        mock_auth_service.validate_session = AsyncMock(return_value=sample_user_response)
 
         with patch("app.user.auth.permissions.get_request_context") as mock_ctx, \
              patch("app.user.auth.permissions.log_user"):
@@ -124,7 +124,7 @@ async def test_returns_user_email(
         self, mock_request, mock_http_auth, mock_auth_service, sample_user_response
     ):
         """Test returns user email."""
-        mock_auth_service.check_session = AsyncMock(return_value=sample_user_response)
+        mock_auth_service.validate_session = AsyncMock(return_value=sample_user_response)
 
         with patch("app.user.auth.permissions.get_request_context") as mock_ctx, \
              patch("app.user.auth.permissions.log_user"):