def test_invalid_token(f_session, f_user):
secret_key = get_secret_key()
s = JSONWebSignatureSerializer(secret_key)
expired_at = arrow.utcnow().replace(hours=-2).timestamp
d = {
'user': {'id': f_user.id, 'email': f_user.email, 'name': f_user.name},
'expired_at': expired_at
}
token = s.dumps(d).decode('utf-8')
with raises(InvalidTokenError):
t = validate_token('dadfa.asdf')
with raises(ExpiredTokenError):
t = validate_token(token)
def test_web_login(f_session, f_user):
email = '*****@*****.**'
password = '******'
with app.test_client() as client:
response = client.post(url_for('login.login'),
data={'email': email, 'password': password})
assert 200 == response.status_code
assert response.data
data = json.loads(response.data)
assert 'user' in data
assert 'id' in data['user']
assert 'email' in data['user']
assert 'name' in data['user']
assert 'token' in data
assert f_user.id == data['user']['id']
assert f_user.email == data['user']['email']
assert f_user.name == data['user']['name']
assert 'token' in data
user_data = validate_token(data['token'])
assert f_user.id == user_data['user']['id']
assert f_user.email == user_data['user']['email']
assert f_user.name == user_data['user']['name']
