`test_oidc_callback_does_not_store_id_token_in_cookie_session` has been
failing on every CI run with:
AssertionError: assert 'oidc_id_token_key' in
<SecureCookieSession {'_flashes': [('error',
'User account does not exist and self-registration is disabled.')]}>
The OIDC callback flow needs to (a) find or create a User matching the
incoming token's identity, then (b) store the id_token server-side and
put only a short key in the session. The test exercises path (b), but
in the test environment `ALLOW_SELF_REGISTER` is false (the production-
safe default in `app/config.py:45`), so step (a) flashes the
"self-registration disabled" error and short-circuits with a redirect
to /login before the token-storage code under test even runs.
Fix: pre-create a `User` row matching the fake OIDC subject's username
+ email so step (a) finds the user and step (b) executes. The test is
about session bloat, not the user-creation path; making it independent
of the `ALLOW_SELF_REGISTER` setting keeps it focused.
Test plan
- pytest tests/test_oidc_session_cookie_bloat.py::test_oidc_callback_does_not_store_id_token_in_cookie_session
MacJediWizard
2692c0bace