From a29b8bbdb582900daaae6c1bd50c2705754349ab Mon Sep 17 00:00:00 2001
From: Gabriel Radureau <arcodange@gmail.com>
Date: Fri, 10 Apr 2026 13:47:37 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=AA=20test:=20implement=20secret=20ret?=
 =?UTF-8?q?ention=20based=20on=20TTL=20factor=20scenario?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pkg/bdd/steps/jwt_retention_steps.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/pkg/bdd/steps/jwt_retention_steps.go b/pkg/bdd/steps/jwt_retention_steps.go
index c27cdd2..dbe5bd0 100644
--- a/pkg/bdd/steps/jwt_retention_steps.go
+++ b/pkg/bdd/steps/jwt_retention_steps.go
@@ -168,8 +168,9 @@ func (s *JWTRetentionSteps) iShouldSeeCleanupEventInLogs() error {
 // Retention Calculation Steps
 
 func (s *JWTRetentionSteps) theJWTTTLIsSetToHours(hours int) error {
-	// Set JWT TTL
-	return godog.ErrPending
+	// Set JWT TTL for testing
+	s.expectedTTL = hours
+	return nil
 }
 
 func (s *JWTRetentionSteps) theRetentionPeriodShouldBeCappedAtHours(hours int) error {
@@ -725,8 +726,12 @@ func (s *JWTRetentionSteps) theSecretIsLessThanCharacters(chars int) error {
 }
 
 func (s *JWTRetentionSteps) theSecretShouldExpireAfterHours(hours int) error {
-	// Verify expiration timing
-	return godog.ErrPending
+	// Verify expiration timing based on TTL and retention factor
+	expectedExpiration := float64(s.expectedTTL) * s.retentionFactor
+	if int(expectedExpiration) != hours {
+		return fmt.Errorf("expected secret to expire after %d hours, calculated %d hours", hours, int(expectedExpiration))
+	}
+	return nil
 }
 
 func (s *JWTRetentionSteps) tokenAShouldStillBeValidUntilRetentionExpires() error {