fix: make MagicLink.expires_at required, document validation test TODOs

src/fastapi_oidc_op/models.py

@@ -1,4 +1,4 @@
-from datetime import UTC, datetime, timedelta
+from datetime import UTC, datetime
 from enum import StrEnum
 
 from pydantic import BaseModel, Field
@@ -8,10 +8,6 @@ def _utcnow() -> datetime:
     return datetime.now(UTC)
 
 
-def _default_expiry() -> datetime:
-    return datetime.now(UTC) + timedelta(hours=24)
-
-
 class CredentialType(StrEnum):
     WEBAUTHN = "webauthn"
     PASSWORD = "password"
@@ -56,7 +52,7 @@ class PasswordCredential(BaseModel):
 class MagicLink(BaseModel):
     token: str
     username: str
-    expires_at: datetime = Field(default_factory=_default_expiry)
+    expires_at: datetime
     used: bool = False
     created_by: str | None = None
     note: str | None = None

tests/test_models.py

@@ -1,4 +1,4 @@
-from datetime import UTC, datetime
+from datetime import UTC, datetime, timedelta
 
 from fastapi_oidc_op.models import (
     CredentialType,
@@ -8,6 +8,12 @@ from fastapi_oidc_op.models import (
     WebAuthnCredential,
 )
 
+# TODO: Add model validation tests:
+# - Required fields reject missing values (userid, username, etc.)
+# - CredentialType rejects invalid enum values
+# - WebAuthnCredential requires credential_id and public_key
+# - sign_count rejects negative values
+
 
 def test_user_creation() -> None:
     user = User(
@@ -68,12 +74,14 @@ def test_password_credential() -> None:
 
 
 def test_magic_link() -> None:
+    expires = datetime.now(UTC) + timedelta(hours=24)
     link = MagicLink(
         token="abc123def456",
         username="newuser",
+        expires_at=expires,
     )
     assert link.token == "abc123def456"
     assert link.username == "newuser"
     assert link.used is False
     assert link.created_by is None
-    assert link.expires_at > datetime.now(UTC)
+    assert link.expires_at == expires