test(auth): improve session store test coverage and QQQ standards

- Remove unused PROVIDER_INTERFACE constant from QSessionStoreHelper
- Extend BaseTest in QSessionStoreHelperTest per QQQ conventions
- Add flower-box Javadoc comments to all test methods
- Add memoization test for isSessionStoreAvailable
- Add integration tests for sessionStoreEnabled graceful fallback

Author: KofTwentyTwo

qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/QSessionStoreHelper.java

@@ -32,14 +32,16 @@
 
 /*******************************************************************************
  ** Helper class for optionally interacting with the QSessionStore QBit.
+ **
  ** Uses reflection to avoid a hard dependency on the qbit-session-store module.
+ ** All methods are designed to fail silently (returning empty/default values)
+ ** when the QBit is not on the classpath, ensuring backwards compatibility.
  *******************************************************************************/
 public class QSessionStoreHelper
 {
    private static final QLogger LOG = QLogger.getLogger(QSessionStoreHelper.class);
 
    private static final String CONTEXT_CLASS = "com.kingsrook.qbits.sessionstore.QSessionStoreQBitContext";
-   private static final String PROVIDER_INTERFACE = "com.kingsrook.qbits.sessionstore.QSessionStoreProviderInterface";
 
    private static Boolean sessionStoreAvailable = null;
 

qqq-backend-core/src/test/java/com/kingsrook/qqq/backend/core/modules/authentication/QSessionStoreHelperTest.java

@@ -24,48 +24,49 @@
 
 import java.time.Duration;
 import java.util.Optional;
+import com.kingsrook.qqq.backend.core.BaseTest;
 import com.kingsrook.qqq.backend.core.model.session.QSession;
 import org.junit.jupiter.api.Test;
 import static org.assertj.core.api.Assertions.assertThat;
 
 
 /*******************************************************************************
- ** Tests for QSessionStoreHelper.
+ ** Unit test for QSessionStoreHelper.
+ **
+ ** These tests verify the behavior when the qbit-session-store module is NOT
+ ** on the classpath, ensuring graceful degradation and backwards compatibility.
  *******************************************************************************/
-class QSessionStoreHelperTest
+class QSessionStoreHelperTest extends BaseTest
 {
 
-   /***************************************************************************
+   /*******************************************************************************
     ** Test that session store is not available when QBit is not on classpath.
-    ***************************************************************************/
+    *******************************************************************************/
    @Test
-   void testSessionStoreNotAvailable()
+   void testIsSessionStoreAvailable_returnsFalseWhenQBitNotPresent()
    {
-      //////////////////////////////////////////////////////////////////////////
-      // without the qbit-session-store dependency, the store is unavailable //
-      //////////////////////////////////////////////////////////////////////////
       assertThat(QSessionStoreHelper.isSessionStoreAvailable()).isFalse();
    }
 
 
 
-   /***************************************************************************
-    ** Test that load returns empty when store is not available.
-    ***************************************************************************/
+   /*******************************************************************************
+    ** Test that load returns empty Optional when store is not available.
+    *******************************************************************************/
    @Test
-   void testLoadReturnsEmptyWhenNotAvailable()
+   void testLoadSession_returnsEmptyWhenNotAvailable()
    {
       Optional<QSession> result = QSessionStoreHelper.loadSession("test-uuid");
       assertThat(result).isEmpty();
    }
 
 
 
-   /***************************************************************************
-    ** Test that store is a no-op when not available.
-    ***************************************************************************/
+   /*******************************************************************************
+    ** Test that store is a no-op when QBit is not available.
+    *******************************************************************************/
    @Test
-   void testStoreIsNoOpWhenNotAvailable()
+   void testStoreSession_isNoOpWhenNotAvailable()
    {
       ///////////////////////////////////////////
       // should not throw, just silently no-op //
@@ -77,11 +78,11 @@ void testStoreIsNoOpWhenNotAvailable()
 
 
 
-   /***************************************************************************
-    ** Test that touch is a no-op when not available.
-    ***************************************************************************/
+   /*******************************************************************************
+    ** Test that touch is a no-op when QBit is not available.
+    *******************************************************************************/
    @Test
-   void testTouchIsNoOpWhenNotAvailable()
+   void testTouchSession_isNoOpWhenNotAvailable()
    {
       ///////////////////////////////////////////
       // should not throw, just silently no-op //
@@ -91,14 +92,30 @@ void testTouchIsNoOpWhenNotAvailable()
 
 
 
-   /***************************************************************************
-    ** Test that getDefaultTtl returns 1 hour when not available.
-    ***************************************************************************/
+   /*******************************************************************************
+    ** Test that getDefaultTtl returns 1 hour fallback when QBit is not available.
+    *******************************************************************************/
    @Test
-   void testGetDefaultTtlReturnsOneHourWhenNotAvailable()
+   void testGetDefaultTtl_returnsOneHourFallbackWhenNotAvailable()
    {
       Duration ttl = QSessionStoreHelper.getDefaultTtl();
       assertThat(ttl).isEqualTo(Duration.ofHours(1));
    }
 
+
+
+   /*******************************************************************************
+    ** Test that repeated calls to isSessionStoreAvailable are consistent.
+    *******************************************************************************/
+   @Test
+   void testIsSessionStoreAvailable_isMemoized()
+   {
+      ///////////////////////////////////////////////////////////////////////
+      // call multiple times to verify the memoization doesn't break state //
+      ///////////////////////////////////////////////////////////////////////
+      assertThat(QSessionStoreHelper.isSessionStoreAvailable()).isFalse();
+      assertThat(QSessionStoreHelper.isSessionStoreAvailable()).isFalse();
+      assertThat(QSessionStoreHelper.isSessionStoreAvailable()).isFalse();
+   }
+
 }

qqq-backend-core/src/test/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/OAuth2AuthenticationModuleIntegrationTest.java

@@ -222,6 +222,89 @@ void testSessionResume_finalCustomizeSessionIsCalled() throws Exception
 
 
 
+   /***************************************************************************
+    ** Test that session store integration works gracefully when QBit not present
+    ** When sessionStoreEnabled=true but qbit-session-store is not on classpath,
+    ** the module should fall back to the standard flow without errors.
+    ***************************************************************************/
+   @Test
+   void testSessionResume_sessionStoreEnabled_gracefulFallbackWhenQBitNotPresent() throws Exception
+   {
+      ///////////////////////////////////////////////////////////////////////
+      // Enable session store on the auth metadata                         //
+      ///////////////////////////////////////////////////////////////////////
+      OAuth2AuthenticationMetaData authMetaData = (OAuth2AuthenticationMetaData) qInstance.getAuthentication();
+      authMetaData.setSessionStoreEnabled(true);
+
+      ///////////////////////////////////////////////////////////////////////
+      // Create session the normal way                                     //
+      ///////////////////////////////////////////////////////////////////////
+      String accessToken = createTestJwt("store-test@example.com", "Store Test User", Map.of());
+      String sessionUuid = "store-test-uuid-11111";
+      insertUserSession(sessionUuid, accessToken, "store-test@example.com");
+
+      OAuth2AuthenticationModule module = new OAuth2AuthenticationModule();
+      Map<String, String> context = new HashMap<>();
+      context.put("sessionUUID", sessionUuid);
+
+      ///////////////////////////////////////////////////////////////////////
+      // Should complete successfully even though QBit is not on classpath //
+      ///////////////////////////////////////////////////////////////////////
+      QSession session = module.createSession(qInstance, context);
+
+      assertNotNull(session);
+      assertNotNull(session.getUser());
+      assertEquals("store-test@example.com", session.getUser().getIdReference());
+      assertEquals("Store Test User", session.getUser().getFullName());
+
+      ///////////////////////////////////////////////////////////////////////
+      // Customizers should still be called                                //
+      ///////////////////////////////////////////////////////////////////////
+      assertTrue(session.hasSecurityKeyValue("testSecurityKey", "fromCustomizer"));
+      assertTrue(session.hasSecurityKeyValue("finalSecurityKey", "fromFinalCustomizer"));
+   }
+
+
+
+   /***************************************************************************
+    ** Test that token exchange works with sessionStoreEnabled=true
+    ***************************************************************************/
+   @Test
+   void testTokenExchange_sessionStoreEnabled_gracefulFallbackWhenQBitNotPresent() throws Exception
+   {
+      ///////////////////////////////////////////////////////////////////////
+      // Enable session store on the auth metadata                         //
+      ///////////////////////////////////////////////////////////////////////
+      OAuth2AuthenticationMetaData authMetaData = (OAuth2AuthenticationMetaData) qInstance.getAuthentication();
+      authMetaData.setSessionStoreEnabled(true);
+
+      ///////////////////////////////////////////////////////////////////////
+      // Set up mocks for token exchange                                   //
+      ///////////////////////////////////////////////////////////////////////
+      String accessToken = createTestJwt("pkce-store@example.com", "PKCE Store User", Map.of());
+      stubOidcDiscovery();
+      stubTokenEndpoint(accessToken);
+
+      ///////////////////////////////////////////////////////////////////////
+      // Create session via PKCE flow with session store enabled           //
+      ///////////////////////////////////////////////////////////////////////
+      OAuth2AuthenticationModule module = new OAuth2AuthenticationModule();
+      Map<String, String> context = new HashMap<>();
+      context.put("code", "test-authorization-code-2");
+      context.put("redirectUri", "http://localhost:3000/callback");
+      context.put("codeVerifier", "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk");
+
+      QSession session = module.createSession(qInstance, context);
+
+      ///////////////////////////////////////////////////////////////////////
+      // Should complete successfully                                       //
+      ///////////////////////////////////////////////////////////////////////
+      assertNotNull(session);
+      assertEquals("pkce-store@example.com", session.getUser().getIdReference());
+   }
+
+
+
    /***************************************************************************
     ** Build a QInstance configured for OAuth2 with memory backend
     ***************************************************************************/