test: Add test for ignore protected props in create session

supertokens · Sep 12, 2023 · aa82dbc · aa82dbc
1 parent 97e219c
commit aa82dbc
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/tests/sessions/test_access_token_version.py b/tests/sessions/test_access_token_version.py
@@ -203,6 +203,29 @@ async def test_should_validate_v3_tokens_with_check_database_enabled(app: TestCl
     }
 
 
+async def test_ignore_protected_props_in_create_session(app: TestClient):
+    init(**get_st_init_args([session.init()]))  # type:ignore
+    start_st()
+
+    create_session_res = app.post("/create", data={"sub": "asdf"})
+
+    assert create_session_res.status_code == 200
+
+    info = extract_info(create_session_res)
+    assert info["accessTokenFromAny"] is not None
+    assert info["refreshTokenFromAny"] is not None
+    assert info["frontToken"] is not None
+
+    parsed_token = parse_jwt_without_signature_verification(info["accessTokenFromAny"])
+    assert parsed_token.payload["sub"] != "asdf"
+
+    s = await create_new_session_without_request_response(
+        "public", "user-id", {"sub": "asdf"}
+    )
+    payload = parse_jwt_without_signature_verification(s.access_token).payload
+    assert payload["sub"] != "asdf"
+
+
 async def test_validation_logic_with_keys_that_can_use_json_nulls_values_in_claims():
     """We want to make sure that for access token claims that can be null, the SDK does not fail access token validation if the
     core does not send them as part of the payload. For this we verify that validation passes when the keys are None, empty,