fix(auth): fail closed when deleting user tokens fails (#3733)

tests/test_delete_user_invalidates_token_cache.py

@@ -36,6 +36,17 @@ def _auth_manager(delete_result):
     )
 
 
+def _auth_manager_raising():
+    def _delete_user(_username, _requesting_user):
+        raise RuntimeError("auth save failed after token purge")
+
+    return types.SimpleNamespace(
+        get_username_for_token=lambda token: "admin",
+        is_admin=lambda user: True,
+        delete_user=_delete_user,
+    )
+
+
 def test_successful_delete_invalidates_cache():
     invalidations = []
     router = setup_auth_routes(_auth_manager(delete_result=True))
@@ -56,3 +67,16 @@ def test_refused_delete_does_not_invalidate_cache():
         raised = True
     assert raised, "a refused delete should raise (HTTP 400)"
     assert invalidations == [], "a refused delete must not touch the token cache"
+
+
+def test_delete_exception_invalidates_cache_for_partial_token_purge():
+    invalidations = []
+    router = setup_auth_routes(_auth_manager_raising())
+    handler = _handler(router)
+    try:
+        asyncio.run(handler(DeleteUserRequest(username="bob"), _fake_request(invalidations)))
+        raised = False
+    except RuntimeError:
+        raised = True
+    assert raised, "delete_user exception should still propagate"
+    assert invalidations == [True], "partial token purge must dirty the bearer cache"