feat(sso-persisted-grants) [PM-23572]: Add additional tests.

enmande · enmande · commit 6b9558875e1d · 2025-11-21T17:14:44.000-05:00
diff --git a/bitwarden_license/src/Sso/IdentityServer/DistributedCachePersistedGrantStore.cs b/bitwarden_license/src/Sso/IdentityServer/DistributedCachePersistedGrantStore.cs
@@ -39,11 +39,14 @@ public DistributedCachePersistedGrantStore(
 
         var grant = result.Value;
 
-        // Check expiration
-        if (!grant.Expiration.HasValue || grant.Expiration.Value >= DateTime.UtcNow) return grant;
-        await RemoveAsync(key);
-        return null;
+        // Check if grant has expired - remove expired grants from cache
+        if (grant.Expiration.HasValue && grant.Expiration.Value < DateTime.UtcNow)
+        {
+            await RemoveAsync(key);
+            return null;
+        }
 
+        return grant;
     }
 
     public Task<IEnumerable<PersistedGrant>> GetAllAsync(PersistedGrantFilter filter)
diff --git a/bitwarden_license/test/SSO.Test/IdentityServer/DistributedCachePersistedGrantStoreTests.cs b/bitwarden_license/test/SSO.Test/IdentityServer/DistributedCachePersistedGrantStoreTests.cs
@@ -85,6 +85,74 @@ await _cache.Received(1).SetAsync(
                 opts.SkipDistributedCacheReadWhenStale == false));
     }
 
+    [Fact]
+    public async Task GetAsync_WithValidGrant_ReturnsGrant()
+    {
+        // Arrange
+        var grant = CreateTestGrant("valid-key", expiration: DateTime.UtcNow.AddMinutes(5));
+        _cache.TryGetAsync<PersistedGrant>("valid-key")
+            .Returns(MaybeValue<PersistedGrant>.FromValue(grant));
+
+        // Act
+        var result = await _sut.GetAsync("valid-key");
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal("valid-key", result.Key);
+        Assert.Equal("authorization_code", result.Type);
+        Assert.Equal("test-subject", result.SubjectId);
+        await _cache.DidNotReceive().RemoveAsync(Arg.Any<string>());
+    }
+
+    [Fact]
+    public async Task GetAsync_WithNonExistentKey_ReturnsNull()
+    {
+        // Arrange
+        _cache.TryGetAsync<PersistedGrant>("nonexistent-key")
+            .Returns(MaybeValue<PersistedGrant>.None);
+
+        // Act
+        var result = await _sut.GetAsync("nonexistent-key");
+
+        // Assert
+        Assert.Null(result);
+        await _cache.DidNotReceive().RemoveAsync(Arg.Any<string>());
+    }
+
+    [Fact]
+    public async Task GetAsync_WithExpiredGrant_RemovesAndReturnsNull()
+    {
+        // Arrange
+        var expiredGrant = CreateTestGrant("expired-key", expiration: DateTime.UtcNow.AddMinutes(-1));
+        _cache.TryGetAsync<PersistedGrant>("expired-key")
+            .Returns(MaybeValue<PersistedGrant>.FromValue(expiredGrant));
+
+        // Act
+        var result = await _sut.GetAsync("expired-key");
+
+        // Assert
+        Assert.Null(result);
+        await _cache.Received(1).RemoveAsync("expired-key");
+    }
+
+    [Fact]
+    public async Task GetAsync_WithNoExpiration_ReturnsGrant()
+    {
+        // Arrange
+        var grant = CreateTestGrant("no-expiry-key", expiration: null);
+        _cache.TryGetAsync<PersistedGrant>("no-expiry-key")
+            .Returns(MaybeValue<PersistedGrant>.FromValue(grant));
+
+        // Act
+        var result = await _sut.GetAsync("no-expiry-key");
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal("no-expiry-key", result.Key);
+        Assert.Null(result.Expiration);
+        await _cache.DidNotReceive().RemoveAsync(Arg.Any<string>());
+    }
+
     [Fact]
     public async Task RemoveAsync_RemovesGrantFromCache()
     {
