GTEdgeAI/gt-ai-os-community
3
0
Fork 0
Code Issues Packages Releases Wiki Activity
Files
310491a557552a501803d9b71f6b83eaa9d1f9bb
gt-ai-os-community/apps/tenant-app/test-session-timeout.md
HackWeasel 310491a557 GT AI OS Community v2.0.33 - Add NVIDIA NIM and Nemotron agents 
- Updated python_coding_microproject.csv to use NVIDIA NIM Kimi K2
- Updated kali_linux_shell_simulator.csv to use NVIDIA NIM Kimi K2
  - Made more general-purpose (flexible targets, expanded tools)
- Added nemotron-mini-agent.csv for fast local inference via Ollama
- Added nemotron-agent.csv for advanced reasoning via Ollama
- Added wiki page: Projects for NVIDIA NIMs and Nemotron
2025-12-12 17:47:14 -05:00

5.3 KiB
Raw Blame History

Session Timeout Testing Guide

Quick Test (30 seconds)

Option A: Manual Token Corruption (Fastest)

  1. Login as david@gtedge.ai at http://localhost:3002

  2. Open DevTools (F12 or Cmd+Option+I)

  3. Go to Console tab and run:

    // Set an expired token
localStorage.setItem('gt2_token', 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI4NDdhMGM1Ny1iZjJmLTQ3ODItYTZlOC0wMjA1ZTllNDE1MmUiLCJlbWFpbCI6ImRhdmlkQGd0ZWRnZS5haSIsInVzZXJfdHlwZSI6InRlbmFudF9hZG1pbiIsImV4cCI6MTc2Mjk2MzkxOSwiaWF0IjoxNzYyOTYwMzE5fQ.fake_signature');

// Force a page navigation to trigger auth check
window.location.reload();

  4. Expected Result (immediate):

    • Redirect to /login?session_expired=true
    • Red banner at top: "Your session has expired. Please log in again."
    • URL cleans up to /login after 100ms

Option B: Trigger Token Monitor (30 seconds)

  1. Login as david@gtedge.ai at http://localhost:3002

  2. Stay on any page (don't navigate)

  3. Open DevTools Console and run:

    // Set an expired token
localStorage.setItem('gt2_token', 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI4NDdhMGM1Ny1iZjJmLTQ3ODItYTZlOC0wMjA1ZTllNDE1MmUiLCJlbWFpbCI6ImRhdmlkQGd0ZWRnZS5haSIsInVzZXJfdHlwZSI6InRlbmFudF9hZG1pbiIsImV4cCI6MTc2Mjk2MzkxOSwiaWF0IjoxNzYyOTYwMzE5fQ.fake_signature');

// DON'T reload - wait for monitor
console.log('Token set to expired. Monitor will detect in max 30 seconds...');

  4. Wait up to 30 seconds

  5. Expected Result:

    • Automatic redirect without any user action
    • Session expired message appears
    • Console log: "AuthGuard: Invalid or missing token, logging out"

Option C: 401 Response from API

  1. Login as david@gtedge.ai

  2. Open DevTools Console and run:

    // Corrupt the token to trigger 401
localStorage.setItem('gt2_token', 'invalid_token_will_get_401');

// Make any API call (e.g., fetch agents)
fetch('/api/v1/agents', {
  headers: {
    'Authorization': 'Bearer invalid_token_will_get_401',
    'X-Tenant-Domain': 'test-company'
  }
}).then(() => console.log('API call made - should trigger logout'));

  3. Expected Result (immediate):

    • 401 response from backend
    • Automatic logout and redirect
    • Session expired message

Full Testing Checklist

Test Cases

  • Manual logout - Click logout button, redirect works
  • Expired token (monitor) - Detected within 30 seconds
  • Expired token (navigation) - Detected on page change
  • 401 from API - Immediate redirect on unauthorized response
  • Session message - Banner shows "Your session has expired"
  • URL cleanup - Query param removed after message shown
  • No duplicate redirects - Single, clean redirect
  • Monitor lifecycle - Starts on login, stops on logout

🔍 What to Look For

In Browser Console:

AuthGuard: Invalid or missing token, logging out

In Network Tab:

  • No duplicate /login requests
  • Clean redirect flow

In Application/Storage:

  • gt2_token, gt2_user, gt2_tenant all cleared
  • auth-store localStorage updated to isAuthenticated: false

On Login Page:

  • Red banner at top of page
  • Alert icon visible
  • Message: "Your session has expired. Please log in again."
  • Banner fades after URL cleanup

Debugging

If session timeout isn't working:

  1. Check token monitor is running:

    // In console after login:
const store = JSON.parse(localStorage.getItem('auth-store'));
console.log('Is Authenticated:', store.state.isAuthenticated);

// Monitor should be running - check logs every 30 seconds

  2. Check for errors:

    // Watch for auth errors
window.addEventListener('error', (e) => console.error('Error:', e));

  3. Verify token expiration:

    const token = localStorage.getItem('gt2_token');
if (token) {
  const payload = JSON.parse(atob(token.split('.')[1]));
  const now = Math.floor(Date.now() / 1000);
  console.log('Token expired:', payload.exp < now);
  console.log('Expires at:', new Date(payload.exp * 1000));
}

  4. Check container logs:

    docker logs gentwo-tenant-frontend --tail 50
docker logs gentwo-tenant-backend --tail 50

Implementation Details

Files Modified

  • apps/tenant-app/src/stores/auth-store.ts - Token monitor + centralized logout
  • apps/tenant-app/src/services/api.ts - 401 handler
  • apps/tenant-app/src/lib/providers.tsx - React Query handler
  • apps/tenant-app/src/services/index.ts - Error handler
  • apps/tenant-app/src/components/auth/auth-guard.tsx - Reactive to auth changes
  • apps/tenant-app/src/app/login/login-page-client.tsx - Session expired message

How It Works

  1. On Login: startTokenMonitor() begins checking token every 30 seconds
  2. Monitor Detection: If token expired, calls logout('expired')
  3. API 401: All 401 responses call logout('unauthorized')
  4. Centralized Logout:
    • Stops monitor
    • Clears localStorage
    • Updates Zustand store
    • Redirects to /login?session_expired=true
  5. Login Page: Detects query param, shows banner, cleans URL
  6. AuthGuard: Subscribes to store, redirects if isAuthenticated becomes false

Status: Implemented and running in Docker (hot reload active)

View Git Blame Copy Permalink