Switch ACCESS_TOKEN_EXPIRE_MINUTES to SECONDS

[gantoine]

Description
^{Explain the changes or enhancements you are proposing with this pull request.}

Checklist
^{Please check all that apply.}

• I've tested the changes locally
• I've updated relevant comments
• I've assigned reviewers for this PR
• I've added unit tests that cover the changes

Screenshots (if applicable)

[greptile-apps]

Greptile Summary

This PR refactors the access token expiration constant from ACCESS_TOKEN_EXPIRE_MINUTES = 30 to ACCESS_TOKEN_EXPIRE_SECONDS = 1800 (30 × 60), updating all usages across the auth endpoint and test suite accordingly. There is no behavioral change — the token TTL remains 30 minutes and the expires field in the API response continues to return 1800.

Key changes:

• backend/endpoints/auth.py: Constant renamed and its value changed to seconds; timedelta(minutes=...) updated to timedelta(seconds=...); response expires field simplified from ACCESS_TOKEN_EXPIRE_MINUTES * 60 to ACCESS_TOKEN_EXPIRE_SECONDS
• All test files uniformly updated to import and use the new constant name
• test_device.py gains a bonus defensive assert original is not None guard (unrelated to the rename but a welcome improvement)

The refactor improves clarity by making the unit explicit in both the constant name and the value, and eliminates the previously implicit * 60 multiplication at the call sites.

Confidence Score: 5/5

• This PR is safe to merge — it is a pure rename/refactor with no behavioral change to token lifetimes or API response values.
• The constant value (1800 seconds) and all runtime behavior are identical to the previous code. All references to the old constant name have been updated, confirmed by a codebase-wide search returning zero remaining occurrences of ACCESS_TOKEN_EXPIRE_MINUTES. Tests verify the expires field value is unchanged.
• No files require special attention.

Important Files Changed

Filename	Overview
backend/endpoints/auth.py	Renames ACCESS_TOKEN_EXPIRE_MINUTES to ACCESS_TOKEN_EXPIRE_SECONDS (value changes from 30 to 1800); updates timedelta calls and response expires field to use the new constant directly — no behavioral change, the token TTL stays at 30 minutes.
backend/tests/endpoints/conftest.py	Updates import and timedelta usage to use ACCESS_TOKEN_EXPIRE_SECONDS; straightforward rename.
backend/tests/endpoints/test_oauth.py	Updates import and assertion to compare against ACCESS_TOKEN_EXPIRE_SECONDS instead of ACCESS_TOKEN_EXPIRE_MINUTES * 60; semantically identical assertions.
backend/tests/endpoints/test_device.py	Updates import and timedelta usage to ACCESS_TOKEN_EXPIRE_SECONDS; also adds a defensive assert original is not None guard before accessing original.name.
backend/tests/endpoints/test_identity.py	Updates import and timedelta usage to ACCESS_TOKEN_EXPIRE_SECONDS; no other changes.
backend/tests/endpoints/roms/test_upload.py	Updates import and timedelta usage to ACCESS_TOKEN_EXPIRE_SECONDS; no other changes.
backend/tests/endpoints/test_saves.py	Updates import and timedelta usage to ACCESS_TOKEN_EXPIRE_SECONDS; no other changes.

Sequence Diagram

sequenceDiagram
    participant Client
    participant AuthEndpoint as /api/token
    participant OAuthHandler

    Client->>AuthEndpoint: POST (grant_type=password or refresh_token)
    AuthEndpoint->>OAuthHandler: create_oauth_token(expires_delta=timedelta(seconds=1800))
    OAuthHandler-->>AuthEndpoint: access_token (JWT, exp = now + 1800s)
    AuthEndpoint-->>Client: { access_token, token_type, expires: 1800 }

    Note over AuthEndpoint: ACCESS_TOKEN_EXPIRE_SECONDS = 30 * 60 = 1800<br/>(previously ACCESS_TOKEN_EXPIRE_MINUTES = 30,<br/>used as timedelta(minutes=30) — same duration)

Loading

_{Last reviewed commit: 1f64e84}

[Copilot]

Pull request overview

This PR standardizes the access-token expiry configuration to use seconds (instead of minutes) in the auth endpoint and updates the backend endpoint tests accordingly.

Changes:

• Renames ACCESS_TOKEN_EXPIRE_MINUTES to ACCESS_TOKEN_EXPIRE_SECONDS (set to 30 * 60) in backend/endpoints/auth.py.
• Updates /api/token logic to use timedelta(seconds=...) and returns expires directly as seconds.
• Updates all affected endpoint tests/fixtures to import and use ACCESS_TOKEN_EXPIRE_SECONDS, plus a small test assertion hardening in test_device.py.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
backend/endpoints/auth.py	Switches access token expiry constant to seconds and updates token issuance/response accordingly.
backend/tests/endpoints/conftest.py	Updates test fixtures to build access tokens with timedelta(seconds=...).
backend/tests/endpoints/test_oauth.py	Updates assertions and imports to use seconds-based expiry constant.
backend/tests/endpoints/test_identity.py	Updates token creation to use seconds-based expiry constant.
backend/tests/endpoints/test_device.py	Updates token fixture to seconds; adds original is not None assertion before dereference.
backend/tests/endpoints/test_saves.py	Updates token creation to use seconds-based expiry constant.
backend/tests/endpoints/roms/test_upload.py	Updates token fixture to use seconds-based expiry constant.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Test Results (postgresql)

945 tests  ±0   944 ✅ ±0   2m 15s ⏱️ -4s
  1 suites ±0     1 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 1f64e84. ± Comparison against base commit 4d54673.

[github-actions]

Test Results (mariadb)

945 tests  ±0   944 ✅ ±0   2m 16s ⏱️ -12s
  1 suites ±0     1 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 1f64e84. ± Comparison against base commit 4d54673.

[github-actions]

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines	Covered	Coverage	Threshold	Status
13807	9263	67%	0%	🟢

New Files

No new covered files...

Modified Files

File	Coverage	Status
backend/endpoints/auth.py	64%	🟢
TOTAL	64%	🟢

updated for commit: 1f64e84 by action🐍