From dd4f392c028166d49874d30d65d82a078961b7a0 Mon Sep 17 00:00:00 2001
From: Rohan Weeden <reweeden@alaska.edu>
Date: Fri, 8 Dec 2023 11:25:41 -0500
Subject: [PATCH 1/4] Allow floating point values for session_ttl_in_hours

---
 rain_api_core/auth.py |  4 ++--
 tests/test_auth.py    | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/rain_api_core/auth.py b/rain_api_core/auth.py
index 63270da..49b0b9e 100644
--- a/rain_api_core/auth.py
+++ b/rain_api_core/auth.py
@@ -56,13 +56,13 @@ def __init__(
         private_key: str,
         cookie_name: str,
         blacklist={},
-        session_ttl_in_hours: int = 7 * 24
+        session_ttl_in_hours: float = 7 * 24
     ):
         self.algorithm = algorithm
         self.public_key = public_key
         self.private_key = private_key
         self.cookie_name = cookie_name
-        self.session_ttl = session_ttl_in_hours * 60 * 60
+        self.session_ttl = int(session_ttl_in_hours * 60 * 60)
         self.black_list = blacklist
 
     def _get_auth_cookie(self, headers: Mapping[str, str]):
diff --git a/tests/test_auth.py b/tests/test_auth.py
index 512eac2..6ae1b3d 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -175,3 +175,35 @@ def test_get_header_to_set_auth_cookie(
 def test_get_header_to_set_auth_cookie_logout(jwt_manager):
     header = jwt_manager.get_header_to_set_auth_cookie(None, 'DOMAIN')
     assert header == {'SET-COOKIE': 'auth-cookie=expired; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; Domain=DOMAIN'}
+
+
+@mock.patch(f'{MODULE}.time', autospec=True)
+def test_jwt_manager_session_ttl_sub_hour(mock_time):
+    jwt_manager = JwtManager(
+        "RSA256",
+        "",
+        "private_key",
+        "cookie_name",
+        session_ttl_in_hours=0.5
+    )
+    profile = UserProfile(
+        user_id='test_user_id',
+        token='test_token',
+        groups=['test_group1', 'test_group2'],
+        first_name='test_first_name',
+        last_name='test_last_name',
+        email='test_email',
+    )
+    mock_time.return_value = 1
+
+    payload = jwt_manager._jwt_payload_from_user_profile(profile)
+    assert payload == {
+        'urs-user-id': 'test_user_id',
+        'first_name': 'test_first_name',
+        'last_name': 'test_last_name',
+        'email': 'test_email',
+        'urs-access-token': 'test_token',
+        'urs-groups': ['test_group1', 'test_group2'],
+        'iat': 1,
+        'exp': 1801,
+    }

From 71ad59128831ce7574f30af1e915d6c0bdf55555 Mon Sep 17 00:00:00 2001
From: Rohan Weeden <reweeden@alaska.edu>
Date: Fri, 8 Dec 2023 11:30:08 -0500
Subject: [PATCH 2/4] Remove unused fixtures

---
 tests/test_auth.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tests/test_auth.py b/tests/test_auth.py
index 6ae1b3d..fada2d2 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -31,7 +31,7 @@ def test_decode_jwt_expired(jwt_manager, jwt_priv_key):
     assert jwt_manager._decode_jwt(encoded) is None
 
 
-def test_decode_jwt_invalid(jwt_manager, jwt_priv_key):
+def test_decode_jwt_invalid(jwt_manager):
     encoded = b".".join((
         jwt.utils.base64url_encode(b'{"alg": "RS256"}'),
         jwt.utils.base64url_encode(b'{"not valid'),
@@ -144,7 +144,6 @@ def test_get_header_to_set_auth_cookie(
     mock_time,
     mock_encode_jwt,
     jwt_manager,
-    jwt_priv_key,
 ):
     jwt_manager.cookie_name = 'auth-cookie'
     jwt_manager.session_ttl = 1

From bbcef6595460e639e93b7448f372fa1359857e98 Mon Sep 17 00:00:00 2001
From: Rohan Weeden <reweeden@alaska.edu>
Date: Fri, 8 Dec 2023 11:32:18 -0500
Subject: [PATCH 3/4] Fix gramatical error in log message

---
 rain_api_core/aws_util.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rain_api_core/aws_util.py b/rain_api_core/aws_util.py
index ea4c475..f536470 100644
--- a/rain_api_core/aws_util.py
+++ b/rain_api_core/aws_util.py
@@ -72,7 +72,7 @@ def retrieve_secret(secret_name: str) -> dict:
             duration=duration(timer)
         ))
     except ClientError as e:
-        log.error("Encountered fatal error trying to reading URS Secret: {0}".format(e))
+        log.error("Encountered fatal error trying to read URS Secret: {0}".format(e))
         raise e
     else:
         # Decrypts secret using the associated KMS CMK.

From a291d1b9ce2a75753e7cc66b6ce051c7a0340916 Mon Sep 17 00:00:00 2001
From: Rohan Weeden <reweeden@alaska.edu>
Date: Fri, 8 Dec 2023 11:32:24 -0500
Subject: [PATCH 4/4] Fix indent

---
 rain_api_core/aws_util.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/rain_api_core/aws_util.py b/rain_api_core/aws_util.py
index f536470..7170bd5 100644
--- a/rain_api_core/aws_util.py
+++ b/rain_api_core/aws_util.py
@@ -214,9 +214,10 @@ def get_role_session(creds: dict = None, user_id: str = None) -> boto_Session:
     if session_id not in session_cache:
         now = time()
         session_cache[session_id] = boto_Session(
-                                        aws_access_key_id=sts_resp['Credentials']['AccessKeyId'],
-                                        aws_secret_access_key=sts_resp['Credentials']['SecretAccessKey'],
-                                        aws_session_token=sts_resp['Credentials']['SessionToken'])
+            aws_access_key_id=sts_resp['Credentials']['AccessKeyId'],
+            aws_secret_access_key=sts_resp['Credentials']['SecretAccessKey'],
+            aws_session_token=sts_resp['Credentials']['SessionToken']
+        )
         log.info(return_timing_object(service="boto3", endpoint="boto3.session()", duration=duration(now)))
     else:
         log.info("Reusing session {0}".format(session_id))