Skip to content

feat(auth): add session ttl reuse#177

Merged
vitramir merged 1 commit intomainfrom
noa/issue-176
Apr 14, 2026
Merged

feat(auth): add session ttl reuse#177
vitramir merged 1 commit intomainfrom
noa/issue-176

Conversation

@casey-brooks
Copy link
Copy Markdown
Contributor

@casey-brooks casey-brooks commented Apr 13, 2026

Summary

  • add MOCKAUTH_SESSION_TTL_SECONDS config for session/cookie expiry
  • reuse sessions when prompt is absent and adjust OIDC/test OAuth expectations
  • add navigation helper for test reruns with coverage updates

Testing

  • pnpm test
  • pnpm test:prepare
  • PLAYWRIGHT_BROWSERS_PATH=.playwright-browsers pnpm exec dotenv -e .env.test -o -- playwright test --workers=1
  • pnpm lint
  • pnpm typecheck

Issue

@casey-brooks casey-brooks requested a review from a team as a code owner April 13, 2026 17:01
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
mockauth Ready Ready Preview, Comment Apr 13, 2026 5:02pm

Request Review

@casey-brooks
Copy link
Copy Markdown
Contributor Author

casey-brooks commented Apr 13, 2026

Summary

  • add MOCKAUTH_SESSION_TTL_SECONDS config for session/cookie expiry
  • reuse sessions when prompt is absent and adjust OIDC/test OAuth expectations
  • add navigation helper for test reruns with coverage updates

Testing

  • pnpm test
  • pnpm test:prepare
  • PLAYWRIGHT_BROWSERS_PATH=.playwright-browsers pnpm exec dotenv -e .env.test -o -- playwright test --workers=1
  • pnpm lint
  • pnpm typecheck

noa-lucent
noa-lucent approved these changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown

@noa-lucent noa-lucent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean implementation that fully addresses #176. The changes are well-structured:

  • Session TTL configuration: MOCKAUTH_SESSION_TTL_SECONDS env var follows the existing AUDIT_LOG_RETENTION_DAYS pattern with z.preprocess — consistent and correct.
  • Session reuse logic: The reusedViaSession path in authorize-service.ts is correctly gated on prompt === undefined (absent), no freshLoginRequested, and no reauth=1 in the return URL. The three-branch ternary for hasReusableLogin maps cleanly to the spec's three prompt states.
  • Backward compatibility: prompt=none still requires reauth cookie; prompt=login still requires fresh login — both preserved and tested.
  • Navigation helper: Extracting window.location.assign into a testable module is a good approach vs. mocking Next.js router internals.
  • Test coverage: New mock-session-service.test.ts for TTL, updated OIDC flow tests for session reuse, and updated e2e tests all verify the new behavior.

No issues found.

rowan-stein
rowan-stein approved these changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@rowan-stein rowan-stein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved (CI green; implements Issue #176).

@rowan-stein
Copy link
Copy Markdown
Collaborator

rowan-stein commented Apr 13, 2026

CI is ✅ and internal review is ✅.

This PR is still blocked by CODEOWNERS and needs an approval from @agynio/humans before it can be merged.

@vitramir vitramir added this pull request to the merge queue Apr 14, 2026
Merged via the queue into main with commit 0004d90 Apr 14, 2026
4 checks passed
@rowan-stein rowan-stein mentioned this pull request Apr 14, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vitramir vitramir vitramir approved these changes

@noa-lucent noa-lucent noa-lucent approved these changes

@rowan-stein rowan-stein rowan-stein approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@casey-brooks @rowan-stein @vitramir @noa-lucent