def test_authenticated_users_get_redirected_to_home(app, client_without_db):
client = client_without_db
with set_user(app, as_user(client)):
with app.app_context():
resp = client.get("/auth/login")
assert resp.status_code == 302
assert resp.headers.get("Location") == "http://localhost/"
def test_save_editor_data_as_user(
app, client, query, data, expected_code, expected_response
):
with set_user(app, as_user(client)):
resp = client.post("/api/save_editor_data", json=data, query_string=query)
assert resp.status_code == 403
assert "application/json" in resp.headers["Content-Type"]
assert b"Forbidden" in resp.data
def test_logout_clears_the_session(app, client_without_db):
client = client_without_db
with set_user(app, as_user(client)):
with app.app_context():
with client.session_transaction() as session:
session["something_else"] = True
# request /maintenance as it doesn't use the database
resp = client.get("/maintenance")
assert resp.status_code == 200
with client.session_transaction() as session:
assert "user_info" in session
assert "something_else" in session
resp = client.get("/auth/logout")
assert resp.status_code == 302
assert resp.headers.get("Location") == "http://localhost/"
with client.session_transaction() as session:
assert "user_info" not in session
assert "something_else" not in session
def test_logout_clears_the_session(app, client_without_db):
client = client_without_db
with set_user(app, as_user(client)):
with app.app_context():
with client.session_transaction() as session:
session['something_else'] = True
# request /maintenance as it doesn't use the database
resp = client.get('/maintenance')
assert resp.status_code == 200
with client.session_transaction() as session:
assert 'user_info' in session
assert 'something_else' in session
resp = client.get('/auth/logout')
assert resp.status_code == 302
assert resp.headers.get('Location') == 'http://localhost/'
with client.session_transaction() as session:
assert 'user_info' not in session
assert 'something_else' not in session