def test_auth_cookie_settings(monkeypatch, user, call_auth_endpoint): auth_cookie = "jwt-auth" monkeypatch.setattr(api_settings, "JWT_AUTH_COOKIE", auth_cookie) monkeypatch.setattr(api_settings, "JWT_AUTH_COOKIE_DOMAIN", '.do.main') monkeypatch.setattr(api_settings, "JWT_AUTH_COOKIE_PATH", '/pa/th') monkeypatch.setattr(api_settings, "JWT_AUTH_COOKIE_SECURE", False) monkeypatch.setattr(api_settings, "JWT_AUTH_COOKIE_SAMESITE", 'Strict') response = call_auth_endpoint("username", "password") assert auth_cookie in response.cookies setcookie = response.cookies[auth_cookie] assert setcookie['domain'] == '.do.main' assert setcookie['path'] == '/pa/th' assert 'secure' not in setcookie.items() assert setcookie['httponly'] is True # hardcoded if has_set_cookie_samesite(): assert setcookie['samesite'] == 'Strict'
def test_valid_credentials_with_auth_cookie_enabled_returns_jwt_and_cookie( monkeypatch, user, call_auth_endpoint): auth_cookie = "jwt-auth" monkeypatch.setattr(api_settings, "JWT_AUTH_COOKIE", auth_cookie) response = call_auth_endpoint("username", "password") assert auth_cookie in response.cookies setcookie = response.cookies[auth_cookie] assert 'domain' not in setcookie.items() assert setcookie['path'] == '/' assert setcookie['secure'] is True assert setcookie['httponly'] is True # hardcoded if has_set_cookie_samesite(): assert setcookie['samesite'] == 'Lax' assert response.status_code == status.HTTP_200_OK assert "token" in force_text(response.content) assert auth_cookie in response.client.cookies