Merge pull request #234 from DuendeSoftware/ev/atm/extend-expiration-tests

Improve the test coverage of auto cache tuning.

Author: Erwinvandervalk

access-token-management/test/AccessTokenManagement.Tests/AccessTokenHandler/AccessTokenHandlerTests.cs

@@ -47,18 +47,53 @@ public async Task Access_tokens_are_cached(FixtureType type)
     }
 
     [Fact]
-    public async Task Caching_of_tokens_is_optimized()
+    public async Task Uses_auto_tuning_in_cache_expiration()
     {
-        var fixture = await GetInitializedFixture(FixtureType.ClientCredentialsWithAutotuning);
+        // hybrid cache doesn't allow us to set the cache expiration based on the
+        // lifetime of a token after it's retrieved. To circumvent this, we implemented cache autotuning. 
+        // Cache Auto tuning does the following:
+        // the first time a token is retrieved, the cache expiration from the default setting is used
+        // however, after that, it will remember the lifetime of the token, and use that to set the cache expiration
 
+        var fixture = (ClientCredentialsFixtureWithAutotuning)
+            await GetInitializedFixture(FixtureType.ClientCredentialsWithAutotuning);
+
+        // We get an access token. The cache interval is not known, so we expect it to be cached for the default cache duration
+        await EnsureTokenNumber(fixture, 1);
+
+        // Ensure it's cached. 
         await fixture.HttpClient.GetAsync("/").CheckHttpStatusCode();
-        await Task.Delay(100);
-        await fixture.HttpClient.GetAsync("/").CheckHttpStatusCode();
-        await Task.Delay(100);
-        await fixture.HttpClient.GetAsync("/").CheckHttpStatusCode();
+        fixture.ApiEndpoint.LastUsedAccessToken.ShouldBe("access_token_1");
+        await EnsureTokenNumber(fixture, 1);
 
-        fixture.ApiEndpoint.LastUsedAccessToken.ShouldBe("access_token_2");
+        // Increase the time by too little time
+        AdvanceTimeBy(fixture, fixture.CacheExpiration - TimeSpan.FromSeconds(2));
+        await EnsureTokenNumber(fixture, 1);
+
+        // Increase the time by a bit more - now we expect the token to be expired, and a new one to be fetched
+        AdvanceTimeBy(fixture, TimeSpan.FromSeconds(2));
+        await EnsureTokenNumber(fixture, 2);
+
+        // Now increase the time by the cache expiration again. It should NOT be expired now
+        // because the auto tuning has kicked in and has used the token expiration lifetime
+        // (which is much longer)
+        AdvanceTimeBy(fixture, fixture.CacheExpiration);
+        await EnsureTokenNumber(fixture, 2);
+
+        // But if we wait for the token expiration, then it should expire. 
+        AdvanceTimeBy(fixture, fixture.TokenExpiration);
+        await EnsureTokenNumber(fixture, 3);
     }
+
+    private static void AdvanceTimeBy(AccessTokenHandlingBaseFixture fixture, TimeSpan by)
+        => fixture.The.CurrentDate += by;
+
+    private static async Task EnsureTokenNumber(AccessTokenHandlingBaseFixture fixture, int number)
+    {
+        await fixture.HttpClient.GetAsync("/").CheckHttpStatusCode();
+        fixture.ApiEndpoint.LastUsedAccessToken.ShouldBe("access_token_" + number);
+    }
+
     [Theory]
     [MemberData(nameof(AllFixtures))]
     public async Task Will_refresh_token_when_access_token_is_rejected(FixtureType type)

access-token-management/test/AccessTokenManagement.Tests/AccessTokenHandler/Fixtures/AccessTokenHandlingBaseFixture.cs

@@ -4,6 +4,7 @@
 using Duende.AccessTokenManagement.AccessTokenHandler.Helpers;
 using Duende.AccessTokenManagement.DPoP;
 using Duende.AccessTokenManagement.Framework;
+using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 
@@ -18,6 +19,7 @@ internal abstract class AccessTokenHandlingBaseFixture : IAsyncDisposable
     public readonly ApiHttpMessageHandler ApiEndpoint = new();
 
     public readonly TokenHttpMessageHandler TokenEndpoint = new();
+    public TimeSpan TokenExpiration = TimeSpan.FromSeconds(3600);
 
     protected ServiceCollection Services = null!;
 
@@ -32,9 +34,13 @@ internal abstract class AccessTokenHandlingBaseFixture : IAsyncDisposable
     public async ValueTask InitializeAsync(ITestOutputHelper output, DPoPProofKey? dPoPJsonWebKey)
     {
         ApiEndpoint.DefaultRespondOkWithToken();
-        TokenEndpoint.DefaultRespondWithAccessToken();
+        TokenEndpoint.DefaultRespondWithAccessToken((int)TokenExpiration.TotalSeconds);
 
         Services = new ServiceCollection();
+        Services.Configure<MemoryCacheOptions>(options =>
+        {
+            options.Clock = new FakeTimeProvider(() => The.CurrentDate);
+        });
         Services.AddLogging(log => log.AddProvider(new TestLoggerProvider(output.Write, "test")));
         Services.AddHttpClient("tokenHttpClient")
             .ConfigureHttpClient(c =>

access-token-management/test/AccessTokenManagement.Tests/AccessTokenHandler/Fixtures/ClientCredentialsFixtureWithAutoTuning.cs

@@ -2,18 +2,28 @@
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
 using Duende.AccessTokenManagement.DPoP;
+using Duende.AccessTokenManagement.Framework;
+using Duende.AccessTokenManagement.Tests;
+using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.DependencyInjection;
 
 namespace Duende.AccessTokenManagement.AccessTokenHandler.Fixtures;
 
 internal class ClientCredentialsFixtureWithAutotuning : AccessTokenHandlingBaseFixture
 {
+    public TimeSpan CacheExpiration = TimeSpan.FromMinutes(5);
+
     public override ValueTask InitializeAsync(DPoPProofKey? dPoPJsonWebKey)
     {
+        Services.AddDistributedMemoryCache();
+        Services.AddSingleton<IDistributedCache>(new FakeDistributedCache(new FakeTimeProvider(() => The.CurrentDate)));
         Services.AddClientCredentialsTokenManagement(options =>
             {
                 options.UseCacheAutoTuning = true;
-                options.DefaultCacheLifetime = TimeSpan.FromMilliseconds(200);
+
+                // explicitly set the local cache expiration very low. this makes sure the remote cache is used. 
+                options.LocalCacheExpiration = TimeSpan.FromMilliseconds(10);
+                options.DefaultCacheLifetime = CacheExpiration;
             })
             .AddClient("tokenClient", opt =>
             {

access-token-management/test/AccessTokenManagement.Tests/AccessTokenHandler/Helpers/TokenHttpMessageHandler.cs

@@ -39,10 +39,10 @@ public void RespondWithTokenType(string tokenType) => this.Expect(HttpMethod.Pos
                 });
             });
 
-    public void DefaultRespondWithAccessToken() => this.When(HttpMethod.Post, TokenEndpoint.ToString())
-            .Respond(_ =>
+    public void DefaultRespondWithAccessToken(int? expireInSeconds = 3600) => this.When(HttpMethod.Post, TokenEndpoint.ToString())
+            .Respond(request =>
             {
-                var initialTokenResponse = BuildAccessToken();
+                var initialTokenResponse = BuildAccessToken(expireInSeconds);
 
                 return Task.FromResult(new HttpResponseMessage(HttpStatusCode.OK)
                 {

access-token-management/test/AccessTokenManagement.Tests/FakeDistributedCache.cs

@@ -0,0 +1,130 @@
+// Copyright (c) Duende Software. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+using System.Collections.Concurrent;
+using Microsoft.Extensions.Caching.Distributed;
+
+namespace Duende.AccessTokenManagement.Tests;
+
+/// <summary>
+/// Implementation of a IDistributedCache for testing purposes that supports absolute and sliding expiration.
+/// </summary>
+/// <param name="timeProvider"></param>
+public class FakeDistributedCache(TimeProvider timeProvider) : IDistributedCache
+{
+    private readonly TimeProvider _timeProvider = timeProvider ?? throw new ArgumentNullException(nameof(timeProvider));
+    private readonly ConcurrentDictionary<string, CacheItem> _store = new();
+
+    private class CacheItem
+    {
+        public byte[] Value { get; }
+        public DateTimeOffset? AbsoluteExpiration { get; }
+        public TimeSpan? SlidingExpiration { get; }
+        public DateTimeOffset LastAccess { get; set; }
+
+        public CacheItem(byte[] value, DateTimeOffset? absoluteExpiration, TimeSpan? slidingExpiration, DateTimeOffset now)
+        {
+            Value = value;
+            AbsoluteExpiration = absoluteExpiration;
+            SlidingExpiration = slidingExpiration;
+            LastAccess = now;
+        }
+
+        public bool IsExpired(DateTimeOffset now)
+        {
+            if (AbsoluteExpiration.HasValue && now >= AbsoluteExpiration.Value)
+            {
+                return true;
+            }
+
+            if (SlidingExpiration.HasValue && now - LastAccess >= SlidingExpiration.Value)
+            {
+                return true;
+            }
+
+            return false;
+        }
+    }
+
+    public byte[]? Get(string key)
+    {
+        var now = _timeProvider.GetUtcNow();
+        if (_store.TryGetValue(key, out var item))
+        {
+            if (item.IsExpired(now))
+            {
+                _store.TryRemove(key, out _);
+                return null;
+            }
+            if (item.SlidingExpiration.HasValue)
+            {
+                item.LastAccess = now;
+            }
+
+            return item.Value;
+        }
+        return null;
+    }
+
+    public Task<byte[]?> GetAsync(string key, CancellationToken token = default) => Task.FromResult(Get(key));
+
+    public void Set(string key, byte[] value, DistributedCacheEntryOptions options)
+    {
+        var now = _timeProvider.GetUtcNow();
+        DateTimeOffset? absoluteExpiration = null;
+        TimeSpan? slidingExpiration = null;
+
+        if (options.AbsoluteExpirationRelativeToNow.HasValue)
+        {
+            absoluteExpiration = now + options.AbsoluteExpirationRelativeToNow.Value;
+        }
+        else if (options.AbsoluteExpiration.HasValue)
+        {
+            absoluteExpiration = options.AbsoluteExpiration.Value;
+        }
+
+        if (options.SlidingExpiration.HasValue)
+        {
+            slidingExpiration = options.SlidingExpiration.Value;
+        }
+
+        var item = new CacheItem(value, absoluteExpiration, slidingExpiration, now);
+        _store[key] = item;
+    }
+
+    public Task SetAsync(string key, byte[] value, DistributedCacheEntryOptions options, CancellationToken token = default)
+    {
+        Set(key, value, options);
+        return Task.CompletedTask;
+    }
+
+    public void Refresh(string key)
+    {
+        var now = _timeProvider.GetUtcNow();
+        if (_store.TryGetValue(key, out var item))
+        {
+            if (item.IsExpired(now))
+            {
+                _store.TryRemove(key, out _);
+            }
+            else if (item.SlidingExpiration.HasValue)
+            {
+                item.LastAccess = now;
+            }
+        }
+    }
+
+    public Task RefreshAsync(string key, CancellationToken token = default)
+    {
+        Refresh(key);
+        return Task.CompletedTask;
+    }
+
+    public void Remove(string key) => _store.TryRemove(key, out _);
+
+    public Task RemoveAsync(string key, CancellationToken token = default)
+    {
+        Remove(key);
+        return Task.CompletedTask;
+    }
+}

access-token-management/test/AccessTokenManagement.Tests/Framework/FakeTimeProvider.cs

@@ -1,8 +1,11 @@
 // Copyright (c) Duende Software. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
+using Microsoft.Extensions.Internal;
+
 namespace Duende.AccessTokenManagement.Framework;
-internal class FakeTimeProvider(Func<DateTimeOffset> utcNow) : TimeProvider
+internal class FakeTimeProvider(Func<DateTimeOffset> utcNow) : TimeProvider, ISystemClock
 {
     public override DateTimeOffset GetUtcNow() => utcNow();
+    public DateTimeOffset UtcNow => utcNow();
 }

access-token-management/test/AccessTokenManagement.Tests/Framework/TestData.cs

@@ -28,7 +28,7 @@ public partial class TestData
 
     public DPoPProofKey JsonWebKey { get; } = BuildDPoPJsonWebKey();
 
-    public DateTimeOffset CurrentDate { get; } = new(2000, 1, 2, 3, 4, 5, TimeSpan.FromHours(6));
+    public DateTimeOffset CurrentDate { get; set; } = new(2000, 1, 2, 3, 4, 5, TimeSpan.FromHours(6));
 
     public int ExpiresInSeconds { get; set; } = 60;