Disable session cache by default and make it opt-in for single-process deployments

2026-04-09 21:52:57 +02:00
parent 4043cdfa3c
commit e1d741956e
4 changed files with 83 additions and 16 deletions
--- a/backend/tests/test_routers/test_auth.py
+++ b/backend/tests/test_routers/test_auth.py
@@ -165,6 +165,39 @@ class TestRequireAuth:
        self, client: AsyncClient
    ) -> None:
        """Health endpoint is accessible without authentication."""
+        response = await client.get("/api/health")
+        assert response.status_code == 200
+
+    async def test_session_cache_is_disabled_by_default(
+        self, client: AsyncClient
+    ) -> None:
+        """Session validation does not use the in-memory cache unless enabled."""
+        from app.repositories import session_repo
+
+        await _do_setup(client)
+        token = await _login(client)
+
+        call_count = 0
+        original_get_session = session_repo.get_session
+
+        async def _tracking(db, tok):  # type: ignore[no-untyped-def]
+            nonlocal call_count
+            call_count += 1
+            return await original_get_session(db, tok)
+
+        with patch.object(session_repo, "get_session", side_effect=_tracking):
+            resp1 = await client.get(
+                "/api/dashboard/status",
+                headers={"Authorization": f"Bearer {token}"},
+            )
+            resp2 = await client.get(
+                "/api/dashboard/status",
+                headers={"Authorization": f"Bearer {token}"},
+            )
+
+        assert resp1.status_code == 200
+        assert resp2.status_code == 200
+        assert call_count == 2


 # ---------------------------------------------------------------------------
@@ -184,6 +217,13 @@ class TestRequireAuthSessionCache:
        yield
        dependencies.clear_session_cache()

+    @pytest.fixture(autouse=True)
+    def enable_session_cache(self, client: AsyncClient) -> Generator[None, None, None]:
+        """Enable the in-memory auth cache for tests that exercise it."""
+        client._transport.app.state.settings.session_cache_enabled = True
+        client._transport.app.state.settings.session_cache_ttl_seconds = 10.0
+        yield
+
    async def test_second_request_skips_db(self, client: AsyncClient) -> None:
        """Second authenticated request within TTL skips the session DB query.