refactor(session): remove duplicate method, token expiry must be shorter than inactivity timeout

pkg/session/data.go

@@ -208,10 +208,6 @@ func (in *Metadata) TokenLifetime() time.Duration {
 	return in.Tokens.ExpireAt.Sub(in.Tokens.RefreshedAt)
 }
 
-func (in *Metadata) ExtendTimeout(duration time.Duration) {
-	in.Session.TimeoutAt = time.Now().Add(duration)
-}
-
 func (in *Metadata) IsTimedOut() bool {
 	if in.Session.TimeoutAt.IsZero() {
 		return false
@@ -221,7 +217,12 @@ func (in *Metadata) IsTimedOut() bool {
 }
 
 func (in *Metadata) WithTimeout(timeoutIn time.Duration) {
-	in.Session.TimeoutAt = time.Now().Add(timeoutIn)
+	timeoutAt := time.Now().Add(timeoutIn)
+	in.Session.TimeoutAt = timeoutAt
+
+	if timeoutAt.Before(in.Tokens.ExpireAt) {
+		in.Tokens.ExpireAt = timeoutAt
+	}
 }
 
 func (in *Metadata) Verbose() MetadataVerbose {

pkg/session/data_test.go

@@ -56,17 +56,24 @@ func TestMetadata_WithTimeout(t *testing.T) {
 	tokenLifetime := 30 * time.Minute
 	sessionLifetime := time.Hour
 	sessionInactivityTimeout := 15 * time.Minute
-
-	metadata := session.NewMetadata(tokenLifetime, sessionLifetime)
-	metadata.WithTimeout(sessionInactivityTimeout)
-
 	maxDelta := time.Second
 
+	metadata := session.NewMetadata(tokenLifetime, sessionLifetime)
+	assert.WithinDuration(t, time.Now().Add(tokenLifetime), metadata.Tokens.ExpireAt, maxDelta)
+
+	metadata.WithTimeout(sessionInactivityTimeout)
 	assert.False(t, metadata.Session.TimeoutAt.IsZero())
+	assert.WithinDuration(t, time.Now().Add(sessionInactivityTimeout), metadata.Tokens.ExpireAt, maxDelta)
+	assert.WithinDuration(t, metadata.Session.TimeoutAt, metadata.Tokens.ExpireAt, maxDelta)
 
 	expected := time.Now().Add(sessionInactivityTimeout)
 	actual := metadata.Session.TimeoutAt
 	assert.WithinDuration(t, expected, actual, maxDelta)
+
+	previousTimeoutAt := metadata.Session.TimeoutAt
+	time.Sleep(100 * time.Millisecond)
+	metadata.WithTimeout(sessionInactivityTimeout)
+	assert.True(t, metadata.Session.TimeoutAt.After(previousTimeoutAt))
 }
 
 func TestMetadata_IsExpired(t *testing.T) {
@@ -338,23 +345,6 @@ func TestMetadata_Verbose_WithTimeout(t *testing.T) {
 	assert.WithinDuration(t, expected, actual, maxDelta)
 }
 
-func TestMetadata_ExtendTimeout(t *testing.T) {
-	tokenLifetime := 30 * time.Minute
-	sessionLifetime := time.Hour
-
-	timeout := 15 * time.Minute
-
-	metadata := session.NewMetadata(tokenLifetime, sessionLifetime)
-	metadata.WithTimeout(timeout)
-
-	previousTimeoutAt := metadata.Session.TimeoutAt
-
-	time.Sleep(100 * time.Millisecond)
-
-	metadata.ExtendTimeout(timeout)
-	assert.True(t, metadata.Session.TimeoutAt.After(previousTimeoutAt))
-}
-
 func TestMetadata_IsTimedOut(t *testing.T) {
 	tokenLifetime := 30 * time.Minute
 	sessionLifetime := time.Hour

pkg/session/session_manager.go

@@ -204,7 +204,7 @@ func (in *manager) Refresh(r *http.Request, sess *Session) (*Session, error) {
 	sess.data.Metadata.Refresh(resp.ExpiresIn)
 
 	if in.cfg.Session.Inactivity {
-		sess.data.Metadata.ExtendTimeout(in.cfg.Session.InactivityTimeout)
+		sess.data.Metadata.WithTimeout(in.cfg.Session.InactivityTimeout)
 	}
 
 	err = in.update(ctx, sess)