CMR-11116: adds tests for launchpad token caching behavior

daniel-zamora · daniel-zamora · commit 3d77b747dac5 · 2026-03-09T16:07:38.000-04:00
diff --git a/mock-echo-app/src/cmr/mock_echo/api/routes.clj b/mock-echo-app/src/cmr/mock_echo/api/routes.clj
@@ -1,12 +1,8 @@
 (ns cmr.mock-echo.api.routes
   "Defines the HTTP URL routes for the application."
   (:require
-   [cheshire.core :as json]
-   [clojure.set :as set]
    [cmr.common.api.context :as context]
    [cmr.common.api.errors :as errors]
-   [cmr.common.log :refer (debug info warn error)]
-   [cmr.common.services.errors :as svc-errors]
    [cmr.mock-echo.api.acls :as acls-api]
    [cmr.mock-echo.api.providers :as providers-api]
    [cmr.mock-echo.api.tokens :as token-api]
@@ -25,7 +21,8 @@
   (token-db/reset context)
   (provider-db/reset context)
   (acl-db/reset context)
-  (urs-db/reset context))
+  (urs-db/reset context)
+  (urs-api/reset-launchpad-tokens!))
 
 (defn- build-routes [system]
   (routes
diff --git a/mock-echo-app/src/cmr/mock_echo/api/urs.clj b/mock-echo-app/src/cmr/mock_echo/api/urs.clj
@@ -2,15 +2,28 @@
   "Defines routes for mocking URS"
   (:require
    [cheshire.core :as json]
+   [clj-time.core :as t]
    [clojure.data.codec.base64 :as b64]
    [clojure.string :as string]
    [cmr.common.mime-types :as mt]
    [cmr.common.services.errors :as errors]
+   [cmr.common.time-keeper :as time-keeper]
+   [cmr.common.util :as common-util]
    [cmr.common.xml :as cx]
    [cmr.mock-echo.data.urs-db :as urs-db]
    [cmr.transmit.config :as transmit-config]
    [compojure.core :refer :all]))
 
+(def launchpad-token-validations
+  "Tracks when launchpad tokens were first validated to simulate absolute token expiration.
+  Map of {token -> {:first-validated-at timestamp :expires-in seconds}}"
+  (atom {}))
+
+(defn reset-launchpad-tokens!
+  "Resets the launchpad token validation tracking. Called by test fixtures."
+  []
+  (reset! launchpad-token-validations {}))
+
 (defn get-user
   "Processes a request to get a user."
   [context name]
@@ -44,11 +57,33 @@
     {:status 404 :body "Not found.\n"}))
 
 (defn get-launchpad-user
-  "Processes a request to get a user using their launchpad token."
+  "Processes a request to get a user using their launchpad token.
+  Supports specific test tokens that return different status codes for testing error handling.
+  Simulates real EDL behavior where tokens have absolute expiration times."
   [token]
   (case token
       "ABC-1ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
-      {:status 200 :body {:uid "user1" :lp_token_expires_in 1600}}
+      (let [expires-in 1600
+            validation-info (get @launchpad-token-validations token)]
+        (if validation-info
+          (let [elapsed-seconds (t/in-seconds (t/interval (:first-validated-at validation-info) (time-keeper/now)))]
+            (if (>= elapsed-seconds expires-in)
+              {:status 401 :body {:error (format "Launchpad token (partially redacted) [%s] has expired."
+                                                  (common-util/scrub-token token))}}
+              {:status 200 :body {:uid "user1" :lp_token_expires_in (- expires-in elapsed-seconds)}}))
+          (do
+            (swap! launchpad-token-validations assoc token {:first-validated-at (time-keeper/now) :expires-in expires-in})
+            {:status 200 :body {:uid "user1" :lp_token_expires_in expires-in}})))
+
+      "ABC-429-ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
+      {:status 429 :body {:error "Rate limit exceeded"}}
+
+      "ABC-504-ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
+      {:status 504 :body {:error "Gateway timeout"}}
+
+      "ABC-INV-ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
+      {:status 401 :body {:error "Invalid token"}}
+
       {:status 400 :body {:error "Launchpad SSO authentication failed"}}))
 
 (defn get-user-info
diff --git a/system-int-test/test/cmr/system_int_test/misc/launchpad_user_cache.clj b/system-int-test/test/cmr/system_int_test/misc/launchpad_user_cache.clj
@@ -68,7 +68,7 @@
                 (index/wait-until-indexed)
                 (is (= 401 (:status resp)))
                 (is (= ["Launchpad token (partially redacted) [ABC-1ZZZZZXXXZZZZZ] has expired."] (:errors resp)))
-                (is (not= expiration-time (cache-util/list-cache-keys (url/ingest-read-caches-url) "launchpad-user" transmit-config/mock-echo-system-token)))))
+                (is (empty? (cache-util/list-cache-keys (url/ingest-read-caches-url) "launchpad-user" transmit-config/mock-echo-system-token)))))
 
             (testing "urs cache clears after 24 hours"
               (dev-sys-util/advance-time! (* 60 60 24))
@@ -79,3 +79,32 @@
                       "cmr"
                       transmit-config/mock-echo-system-token
                       404))))))))))
+
+(deftest transient-errors-not-cached-test
+  (testing "Transient errors (429, 504) are not cached"
+    (let [resp (ingest/ingest-concept (data-umm-c/collection-concept {}) {:token "ABC-429-ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"})]
+      (is (= 429 (:status resp)))
+      (is (some #(re-find #"Rate limit exceeded" %) (:errors resp))))
+
+    (is (empty? (cache-util/list-cache-keys (url/ingest-read-caches-url) "launchpad-user" transmit-config/mock-echo-system-token))))
+
+  (testing "Gateway timeout errors (504) are not cached"
+    (let [resp (ingest/ingest-concept (data-umm-c/collection-concept {}) {:token "ABC-504-ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"})]
+      (is (= 504 (:status resp)))
+      (is (some #(re-find #"Gateway timeout" %) (:errors resp))))
+
+    (is (empty? (cache-util/list-cache-keys (url/ingest-read-caches-url) "launchpad-user" transmit-config/mock-echo-system-token)))))
+
+(deftest non-transient-errors-are-cached-test
+  (testing "Non-transient errors are cached for 5 minutes"
+    (let [token "ABC-INV-ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
+          token-key (hash token)]
+      (let [resp (ingest/ingest-concept (data-umm-c/collection-concept {}) {:token token})]
+        (is (= 401 (:status resp))))
+
+      (is (seq (cache-util/list-cache-keys (url/ingest-read-caches-url) "launchpad-user" transmit-config/mock-echo-system-token)))
+
+      (dev-sys-util/advance-time! 301)
+
+      (let [resp (ingest/ingest-concept (data-umm-c/collection-concept {}) {:token token})]
+        (is (= 401 (:status resp)))))))
