chore: update tests

boikoa-gl · boikoa-gl · commit 966b31354c49 · 2026-01-21T17:55:49.000+01:00
diff --git a/firebase_admin/fpnv.py b/firebase_admin/fpnv.py
@@ -21,10 +21,9 @@
 
 import jwt
 from jwt import PyJWKClient, InvalidTokenError, DecodeError, InvalidSignatureError, \
-    InvalidAudienceError, InvalidIssuerError, ExpiredSignatureError
+    PyJWKClientError, InvalidAudienceError, InvalidIssuerError, ExpiredSignatureError
 
 from firebase_admin import _utils
-from firebase_admin.exceptions import InvalidArgumentError
 
 _FPNV_ATTRIBUTE = '_fpnv'
 _FPNV_JWKS_URL = 'https://fpnv.googleapis.com/v1beta/jwks'
@@ -155,7 +154,7 @@ def verify(self, token) -> Dict[str, Any]:
             self._validate_headers(jwt.get_unverified_header(token))
             signing_key = self._jwks_client.get_signing_key_from_jwt(token)
             claims = self._validate_payload(token, signing_key.key)
-        except (InvalidTokenError, DecodeError) as exception:
+        except (InvalidTokenError, DecodeError, PyJWKClientError) as exception:
             raise ValueError(
                 f'Verifying FPNV token failed. Error: {exception}'
             ) from exception
@@ -230,4 +229,4 @@ class _Validators:
     def check_string(cls, label: str, value: Any):
         """Checks if the given value is a string."""
         if not isinstance(value, str) or not value:
-            raise ValueError(f'{label} must be a non-empty string.')
+            raise ValueError(f'{label} must be a non-empty string.')
diff --git a/tests/test_fpnv.py b/tests/test_fpnv.py
@@ -14,7 +14,6 @@
 
 """Test cases for the firebase_admin.fpnv module."""
 
-import base64
 from unittest import mock
 
 import jwt
@@ -44,6 +43,7 @@
     "other": 'other'
 }
 
+
 @pytest.fixture
 def client():
     app = firebase_admin.get_app()
@@ -56,7 +56,6 @@ def setup_class(cls):
         cred = testutils.MockCredential()
         firebase_admin.initialize_app(cred, {'projectId': _PROJECT_ID})
 
-
     @classmethod
     def teardown_class(cls):
         testutils.cleanup_apps()
@@ -155,17 +154,21 @@ def test_verify_token_wrong_alg(self, mock_header, client):
         with pytest.raises(ValueError, match="incorrect alg"):
             client.verify_token('token')
 
-    @mock.patch('jwt.PyJWKClient')
-    @mock.patch('jwt.get_unverified_header')
-    def test_verify_token_jwk_error(self, mock_header, mock_jwks_cls, client):
-        mock_header.return_value = {'kid': 'k', 'typ': 'JWT', 'alg': 'ES256'}
-        mock_jwks_instance = mock_jwks_cls.return_value
-        # Simulate Key not found or other PyJWKClient error
-        mock_jwks_instance.get_signing_key_from_jwt.side_effect = jwt.PyJWKClientError(
-            "Key not found")
+    def test_verify_token_jwk_error(self, client):
+        # Access the ACTUAL client instance used by the verifier
+        # (Assuming internal structure: client -> _verifier -> _jwks_client)
+        jwks_client = client._verifier._jwks_client
 
-        with pytest.raises(ValueError, match="Verifying FPNV token failed"):
-            client.verify_token('token')
+        # Mock the method on the existing instance
+        with mock.patch.object(jwks_client, 'get_signing_key_from_jwt') as mock_method:
+            mock_method.side_effect = jwt.PyJWKClientError("Key not found")
+
+            # Mock header is still needed if _get_signing_key calls it before the client
+            with mock.patch('jwt.get_unverified_header') as mock_header:
+                mock_header.return_value = {'kid': 'k', 'typ': 'JWT', 'alg': 'ES256'}
+
+                with pytest.raises(ValueError, match="Verifying FPNV token failed"):
+                    client.verify_token('token')
 
     @mock.patch('jwt.PyJWKClient')
     @mock.patch('jwt.decode')
@@ -176,7 +179,6 @@ def test_verify_token_expired(self, mock_header, mock_decode, mock_jwks_cls, cli
         mock_jwks_instance.get_signing_key_from_jwt.return_value.key = _PUBLIC_KEY
         client._verifier._jwks_client = mock_jwks_instance
 
-
         # Simulate ExpiredSignatureError
         mock_decode.side_effect = jwt.ExpiredSignatureError("Expired")
 
@@ -211,4 +213,4 @@ def test_verify_token_invalid_issuer(self, mock_header, mock_decode, mock_jwks_c
         mock_decode.side_effect = jwt.InvalidIssuerError("Wrong Iss")
 
         with pytest.raises(ValueError, match="incorrect \"iss\""):
-            client.verify_token('token')
+            client.verify_token('token')
