fix: remove call to _remove_guest_key (#181)

* fix: remove call to _remove_guest_key

* fix: update guest_login to None but not last_login

* Add await args to expired guest key unit test

* fix: extract expired guest key removal function

---------

Co-authored-by: Taesung Hwang <[email protected]>

apps/api/src/auth/guest_auth.py

@@ -91,7 +91,7 @@ async def _get_existing_key(email: EmailStr) -> Optional[str]:
     # Reject expired key
     now = utc_now()
     if now > auth.exp:
-        await _remove_guest_key(uid)
+        await _remove_expired_guest_key(uid)
         return None
 
     return auth.key
@@ -112,6 +112,12 @@ async def _remove_guest_key(uid: str) -> None:
     )
 
 
+async def _remove_expired_guest_key(uid: str) -> None:
+    await mongodb_handler.update_one(
+        Collection.USERS, {"_id": uid}, {"guest_auth": None}
+    )
+
+
 def _generate_confirmation_token() -> str:
     """Generate a confirmation token to use for guest authentication."""
     return secrets.token_urlsafe()

apps/api/tests/test_guest_auth.py

@@ -3,9 +3,11 @@
 from unittest.mock import AsyncMock, patch
 
 from auth import guest_auth
+from services.mongodb_handler import Collection
 
 guest_auth.AUTH_KEY_SALT = "not-a-good-idea".encode()
 SAMPLE_EMAIL = "[email protected]"
+SAMPLE_UID = "com.amazon.jeff"
 
 
 @patch("services.mongodb_handler.retrieve_one", autospec=True)
@@ -73,7 +75,9 @@ async def test_expired_key_is_removed(
 
     key = await guest_auth._get_existing_key(SAMPLE_EMAIL)
     assert key is None
-    mock_mongodb_update_one.assert_awaited_once()
+    mock_mongodb_update_one.assert_awaited_once_with(
+        Collection.USERS, {"_id": SAMPLE_UID}, {"guest_auth": None}
+    )
 
 
 @patch("services.mongodb_handler.retrieve_one", autospec=True)