Timezone bug in generate_jwt_token

I hit this issue when trying to embed my bokeh application into a Django app.

If your Django app users a different timezone than the bokeh server there is a conflict between the token session expiration times.

This can happen if running on the same computer, as in my case, if the Django server is set to use TIME_ZONE = "UTC" in the settings.py

This could also potentially happen if the Django server and bokeh server are running on different computers in seperate timezones.

For example.
On the Django server using UTC timezone the session expiration time is calculated in the Django view

with  pull_session(url="mybokerserverurl") as session:
    script = server_sessions(session_id=session.id, url="mybokerserverurl")

However my bokeh server uses local time of my computer (UTC+10) when determining if the token session expiration time is valid, and promptly fails with ProtocolError("Token is expired")

To solve this session expiration calculations should use datetime.utcnow() rather than datetime.now() to avoid timezone conflicts.

I have created a pragmatic unittest capture the issue.
Changed the code locally in 2-3 places to use datetime.utcnow() and the tests all pass when I run them manually.

Do you want me to issue a PR?, I am having issues with the pre-commit hook that I may need help with sorting out first though

@scaine1 yes please submit a PR and we can help with or sort out any of linter issues there

Reading through the guides I should first open an issue in github.

In the issue I should have “Complete, minimal, self-contained example code that reproduces the issue”

For this bug, as it occurs via an interaction between a Django app and the Bokeh server. Will I require full code to setup a Django project? or can I just copy/paste my original message from here?

I would just link to this in the issue. If you can provide failing unit tests that are fixed but the changes in the PR that’s sufficient (maybe link/include failing output before the PR)

I have submitted a PR.

The original test I wrote just checked that that the session expiration time matched datetime.utcnow() rather than datetime.now().

However, I realised that if the testing server was using UTC time this would pass without exposing the bug.

Therefore the unit test mocks the datetime module as in https://blog.xelnor.net/python-mocking-datetime/

All the tests passed using the Simple solution so I didn’t bother with implementing the better solution, as this would make the test code much bigger and harder to comprehend

Further, I think the failing tests when running the pre-commit hook I mentioned above are related to import order of modules in bokeh/bokeh/server/django/consumers.py

and and issue with tests/codebase/test_python_execution_with_OO.py

Both of these issues were failing in the master branch when I pulled them down and I am not sure how to fix them.

As I had my pre-commit turned off it does seem like I accidentally got my import order of patch and Mock wrong in my unit test though, sorry about that.