fix(auth): tighten refresh session revocation

2026-05-13 15:04:37 +08:00
parent b13870f71b
commit 4fecf9c975
36 changed files with 1664 additions and 170 deletions
--- a/server-rs/crates/api-server/src/creation_agent_document_input.rs
+++ b/server-rs/crates/api-server/src/creation_agent_document_input.rs
@@ -375,14 +375,15 @@ mod tests {

        let claims = AccessTokenClaims::from_input(
            AccessTokenClaimsInput {
-                user_id: user.id,
-                session_id: "sess_creation_doc_input".to_string(),
+                user_id: user.id.clone(),
+                session_id: state
+                    .seed_test_refresh_session_for_user(&user, "sess_creation_doc_input"),
                provider: AuthProvider::Password,
                roles: vec!["user".to_string()],
                token_version: user.token_version,
                phone_verified: true,
                binding_status: BindingStatus::Active,
-                display_name: Some(user.display_name),
+                display_name: Some(user.display_name.clone()),
            },
            state.auth_jwt_config(),
            OffsetDateTime::now_utc(),