From 2796e1c9bcd5e674565b597e337b043d698f0f53 Mon Sep 17 00:00:00 2001
From: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Date: Tue, 21 Feb 2023 15:34:50 +0100
Subject: [PATCH] refactor(session): remove duplicate method, token expiry must
 be shorter than inactivity timeout

---
 pkg/session/data.go            | 11 ++++++-----
 pkg/session/data_test.go       | 32 +++++++++++---------------------
 pkg/session/session_manager.go |  2 +-
 3 files changed, 18 insertions(+), 27 deletions(-)

diff --git a/pkg/session/data.go b/pkg/session/data.go
index b744d90..b72c6cd 100644
--- a/pkg/session/data.go
+++ b/pkg/session/data.go
@@ -208,10 +208,6 @@ func (in *Metadata) TokenLifetime() time.Duration {
 	return in.Tokens.ExpireAt.Sub(in.Tokens.RefreshedAt)
 }
 
-func (in *Metadata) ExtendTimeout(duration time.Duration) {
-	in.Session.TimeoutAt = time.Now().Add(duration)
-}
-
 func (in *Metadata) IsTimedOut() bool {
 	if in.Session.TimeoutAt.IsZero() {
 		return false
@@ -221,7 +217,12 @@ func (in *Metadata) IsTimedOut() bool {
 }
 
 func (in *Metadata) WithTimeout(timeoutIn time.Duration) {
-	in.Session.TimeoutAt = time.Now().Add(timeoutIn)
+	timeoutAt := time.Now().Add(timeoutIn)
+	in.Session.TimeoutAt = timeoutAt
+
+	if timeoutAt.Before(in.Tokens.ExpireAt) {
+		in.Tokens.ExpireAt = timeoutAt
+	}
 }
 
 func (in *Metadata) Verbose() MetadataVerbose {
diff --git a/pkg/session/data_test.go b/pkg/session/data_test.go
index b2fd5ae..c5a0a8b 100644
--- a/pkg/session/data_test.go
+++ b/pkg/session/data_test.go
@@ -56,17 +56,24 @@ func TestMetadata_WithTimeout(t *testing.T) {
 	tokenLifetime := 30 * time.Minute
 	sessionLifetime := time.Hour
 	sessionInactivityTimeout := 15 * time.Minute
-
-	metadata := session.NewMetadata(tokenLifetime, sessionLifetime)
-	metadata.WithTimeout(sessionInactivityTimeout)
-
 	maxDelta := time.Second
 
+	metadata := session.NewMetadata(tokenLifetime, sessionLifetime)
+	assert.WithinDuration(t, time.Now().Add(tokenLifetime), metadata.Tokens.ExpireAt, maxDelta)
+
+	metadata.WithTimeout(sessionInactivityTimeout)
 	assert.False(t, metadata.Session.TimeoutAt.IsZero())
+	assert.WithinDuration(t, time.Now().Add(sessionInactivityTimeout), metadata.Tokens.ExpireAt, maxDelta)
+	assert.WithinDuration(t, metadata.Session.TimeoutAt, metadata.Tokens.ExpireAt, maxDelta)
 
 	expected := time.Now().Add(sessionInactivityTimeout)
 	actual := metadata.Session.TimeoutAt
 	assert.WithinDuration(t, expected, actual, maxDelta)
+
+	previousTimeoutAt := metadata.Session.TimeoutAt
+	time.Sleep(100 * time.Millisecond)
+	metadata.WithTimeout(sessionInactivityTimeout)
+	assert.True(t, metadata.Session.TimeoutAt.After(previousTimeoutAt))
 }
 
 func TestMetadata_IsExpired(t *testing.T) {
@@ -338,23 +345,6 @@ func TestMetadata_Verbose_WithTimeout(t *testing.T) {
 	assert.WithinDuration(t, expected, actual, maxDelta)
 }
 
-func TestMetadata_ExtendTimeout(t *testing.T) {
-	tokenLifetime := 30 * time.Minute
-	sessionLifetime := time.Hour
-
-	timeout := 15 * time.Minute
-
-	metadata := session.NewMetadata(tokenLifetime, sessionLifetime)
-	metadata.WithTimeout(timeout)
-
-	previousTimeoutAt := metadata.Session.TimeoutAt
-
-	time.Sleep(100 * time.Millisecond)
-
-	metadata.ExtendTimeout(timeout)
-	assert.True(t, metadata.Session.TimeoutAt.After(previousTimeoutAt))
-}
-
 func TestMetadata_IsTimedOut(t *testing.T) {
 	tokenLifetime := 30 * time.Minute
 	sessionLifetime := time.Hour
diff --git a/pkg/session/session_manager.go b/pkg/session/session_manager.go
index 45b6913..950e559 100644
--- a/pkg/session/session_manager.go
+++ b/pkg/session/session_manager.go
@@ -204,7 +204,7 @@ func (in *manager) Refresh(r *http.Request, sess *Session) (*Session, error) {
 	sess.data.Metadata.Refresh(resp.ExpiresIn)
 
 	if in.cfg.Session.Inactivity {
-		sess.data.Metadata.ExtendTimeout(in.cfg.Session.InactivityTimeout)
+		sess.data.Metadata.WithTimeout(in.cfg.Session.InactivityTimeout)
 	}
 
 	err = in.update(ctx, sess)