Apply MCP token review feedback fixes

Agent-Logs-Url: https://github.com/IntelliTect/EssentialCSharp.Web/sessions/1309ce59-f673-4f1a-b124-e849af2f4737

Co-authored-by: BenjaminMichaelis <22186029+BenjaminMichaelis@users.noreply.github.com>

Author: Copilot

EssentialCSharp.Web.Tests/McpApiTokenServiceTests.cs

@@ -45,10 +45,10 @@ public async Task CreateTokenAsync_WithExpiryBeyondSixMonths_Throws()
 
         using var scope = factory.Services.CreateScope();
         var tokenService = scope.ServiceProvider.GetRequiredService<McpApiTokenService>();
-        DateTime requestedExpiry = McpApiTokenService.GetDefaultExpirationUtc(DateTime.UtcNow).AddDays(1);
+        DateTime requestedExpiry = McpApiTokenService.GetDefaultExpirationUtc(DateTime.UtcNow).AddDays(2);
 
         await Assert.That(() => tokenService.CreateTokenAsync(userId, "too-long", requestedExpiry))
             .Throws<ArgumentOutOfRangeException>()
-            .WithMessageContaining("6 months");
+            .WithMessageContaining(McpApiTokenService.MaxExpiryValidationMessage);
     }
 }

EssentialCSharp.Web/Areas/Identity/Pages/Account/Manage/McpAccess.cshtml

@@ -1,6 +1,7 @@
 @page
 @model McpAccessModel
 @using EssentialCSharp.Web.Models
+@using EssentialCSharp.Web.Services
 @{
     ViewData["Title"] = "MCP Access";
     ViewData["ActivePage"] = ManageNavPages.McpAccess;
@@ -61,7 +62,7 @@
                     <label asp-for="ExpiresOn" class="form-label">Expiry Date</label>
                     <input asp-for="ExpiresOn" type="date" class="form-control" max="@Model.MaxExpiresOn.ToString("yyyy-MM-dd")" />
                     <span asp-validation-for="ExpiresOn" class="text-danger"></span>
-                    <div class="form-text">MCP tokens default to 6 months and cannot exceed 6 months from today. The token expires at end of day (23:59:59) UTC on the selected date.</div>
+                    <div class="form-text">MCP tokens default to @McpApiTokenService.DefaultLifetimeMonths months and cannot exceed @McpApiTokenService.DefaultLifetimeMonths months from today. The token expires at end of day (UTC) on the selected date.</div>
                 </div>
                 <button type="submit" class="btn btn-primary">Create Token</button>
             </form>

EssentialCSharp.Web/Areas/Identity/Pages/Account/Manage/McpAccess.cshtml.cs

@@ -33,7 +33,8 @@ public class McpAccessModel(
     public async Task<IActionResult> OnGetAsync()
     {
         DisableCaching();
-        InitializeExpiryBounds();
+        DateTime nowUtc = DateTime.UtcNow;
+        InitializeExpiryBounds(nowUtc);
         ApplyDefaultExpiryIfMissing();
         string? userId = userManager.GetUserId(User);
         if (userId is null) return Challenge();
@@ -44,7 +45,9 @@ public async Task<IActionResult> OnGetAsync()
     public async Task<IActionResult> OnPostCreateAsync()
     {
         DisableCaching();
-        InitializeExpiryBounds();
+        DateTime nowUtc = DateTime.UtcNow;
+        DateOnly todayUtc = DateOnly.FromDateTime(nowUtc);
+        InitializeExpiryBounds(nowUtc);
         ApplyDefaultExpiryIfMissing();
         string? userId = userManager.GetUserId(User);
         if (userId is null) return Challenge();
@@ -54,7 +57,7 @@ public async Task<IActionResult> OnPostCreateAsync()
 
         if (ExpiresOn.HasValue)
         {
-            if (ExpiresOn.Value < DateOnly.FromDateTime(DateTime.UtcNow))
+            if (ExpiresOn.Value < todayUtc)
                 ModelState.AddModelError(nameof(ExpiresOn), "Expiry date must be today or in the future.");
             if (ExpiresOn.Value > MaxExpiresOn)
                 ModelState.AddModelError(nameof(ExpiresOn), McpApiTokenService.MaxExpiryValidationMessage);
@@ -97,9 +100,9 @@ private void DisableCaching()
         Response.Headers.Expires = "0";
     }
 
-    private void InitializeExpiryBounds()
+    private void InitializeExpiryBounds(DateTime nowUtc)
     {
-        MaxExpiresOn = McpApiTokenService.GetDefaultExpiryDate();
+        MaxExpiresOn = McpApiTokenService.GetDefaultExpiryDate(nowUtc);
     }
 
     private void ApplyDefaultExpiryIfMissing()

EssentialCSharp.Web/Controllers/McpTokenController.cs

@@ -26,11 +26,13 @@ public async Task<IActionResult> CreateToken(
         if (name.Length > 256)
             return BadRequest(new { Error = "Token name must be 256 characters or fewer." });
 
+        DateTime nowUtc = DateTime.UtcNow;
+        DateOnly todayUtc = DateOnly.FromDateTime(nowUtc);
         DateTime? expiresAt = null;
-        DateOnly maxExpiresOn = McpApiTokenService.GetDefaultExpiryDate();
+        DateOnly maxExpiresOn = McpApiTokenService.GetDefaultExpiryDate(nowUtc);
         if (request?.ExpiresOn is DateOnly expiresOn)
         {
-            if (expiresOn < DateOnly.FromDateTime(DateTime.UtcNow))
+            if (expiresOn < todayUtc)
                 return BadRequest(new { Error = "ExpiresOn must be today or in the future." });
             if (expiresOn > maxExpiresOn)
                 return BadRequest(new { Error = McpApiTokenService.MaxExpiryValidationMessage });

EssentialCSharp.Web/Services/McpApiTokenService.cs

@@ -10,7 +10,7 @@ namespace EssentialCSharp.Web.Services;
 public class McpApiTokenService(EssentialCSharpWebContext db)
 {
     public const int DefaultLifetimeMonths = 6;
-    public const string MaxExpiryValidationMessage = "MCP tokens can expire at most 6 months from today.";
+    public static string MaxExpiryValidationMessage => $"MCP tokens can expire at most {DefaultLifetimeMonths} months from today.";
 
     public sealed record ResolvedMcpApiToken(Guid TokenId, string UserId);