def test_auth_user(client, db): register_user(client) response = login_user(client) assert "access_token" in response.json access_token = response.json["access_token"] response = get_user(client, access_token) assert response.status_code == HTTPStatus.OK assert "email" in response.json and response.json["email"] == EMAIL assert "admin" in response.json and not response.json["admin"]
def test_logout_auth_token_expired(client, db): register_user(client) response = login_user(client) assert "access_token" in response.json access_token = response.json["access_token"] time.sleep(6) response = logout_user(client, access_token) assert response.status_code == HTTPStatus.UNAUTHORIZED assert "message" in response.json and response.json["message"] == TOKEN_EXPIRED assert "WWW-Authenticate" in response.headers assert response.headers["WWW-Authenticate"] == WWW_AUTH_EXPIRED_TOKEN
def test_logout_token_blacklisted(client, db): register_user(client) response = login_user(client) assert "access_token" in response.json access_token = response.json["access_token"] response = logout_user(client, access_token) assert response.status_code == HTTPStatus.OK response = logout_user(client, access_token) assert response.status_code == HTTPStatus.UNAUTHORIZED assert "message" in response.json and response.json["message"] == TOKEN_BLACKLISTED assert "WWW-Authenticate" in response.headers assert response.headers["WWW-Authenticate"] == WWW_AUTH_BLACKLISTED_TOKEN
def test_login(client, db): register_user(client) response = login_user(client) assert response.status_code == HTTPStatus.OK assert "status" in response.json and response.json["status"] == "success" assert "message" in response.json and response.json["message"] == SUCCESS assert "access_token" in response.json access_token = response.json["access_token"] result = User.decode_access_token(access_token) assert result.success user_dict = result.value assert not user_dict["admin"] user = User.find_by_public_id(user_dict["public_id"]) assert user and user.email == EMAIL
def test_logout(client, db): register_user(client) response = login_user(client) assert "access_token" in response.json access_token = response.json["access_token"] blacklist = BlacklistedToken.query.all() assert len(blacklist) == 0 response = logout_user(client, access_token) assert response.status_code == HTTPStatus.OK assert "status" in response.json and response.json["status"] == "success" assert "message" in response.json and response.json["message"] == SUCCESS blacklist = BlacklistedToken.query.all() assert len(blacklist) == 1 assert access_token == blacklist[0].token
def test_authuser_status_valid_user_expired_token(self, client, db): """ AuthUserStatus endpoint should return 401 and message for expired token. """ user = dict(user_name="great_user", email="*****@*****.**", password="******") register_user(client, **user) response = login_user(client, **user) assert "access_token" in response.json access_token = response.json["access_token"] sleep(6) response = get_user(client, access_token) assert response.status_code == 401
def test_authuser_status_valid_user(self, client, db): """ AuthUserStatus endpoint should return 200 and user data for logged in user. """ user = dict(user_name="great_user", email="*****@*****.**", password="******") register_user(client, **user) response = login_user(client, **user) assert "access_token" in response.json access_token = response.json["access_token"] response = get_user(client, access_token) assert response.status_code == 200 assert "email" in response.json and response.json["email"] == user[ "email"] assert "is_admin" in response.json and not response.json["is_admin"]
def test_authlogout_valid_user(self, client, db): """ AuthLogout endpoint should return 200 and message for user with valid token. """ user = dict(user_name="great_user", email="*****@*****.**", password="******") register_user(client, **user) response = login_user(client, **user) assert "access_token" in response.json access_token = response.json["access_token"] response = logout_user(client, access_token, **user) assert response.status_code == 200 blacklist = BlacklistedTokens.query.all() assert len(blacklist) == 1 assert access_token == blacklist[0].token
def test_auth_register_email_already_registered(client, db): user = User(email=EMAIL, password=PASSWORD) db.session.add(user) db.session.commit() response = register_user(client) assert response.status_code == HTTPStatus.CONFLICT assert ("message" in response.json and response.json["message"] == EMAIL_ALREADY_EXISTS) assert "token_type" not in response.json assert "expires_in" not in response.json assert "access_token" not in response.json
def test_auth_register_invalid_email(client): invalid_email = "first last" response = register_user(client, email=invalid_email) assert response.status_code == HTTPStatus.BAD_REQUEST assert "message" in response.json and response.json["message"] == BAD_REQUEST assert "token_type" not in response.json assert "expires_in" not in response.json assert "access_token" not in response.json assert "errors" in response.json assert "password" not in response.json["errors"] assert "email" in response.json["errors"] assert response.json["errors"]["email"] == f"{invalid_email} is not a valid email"
def test_auth_register(client, db): response = register_user(client) assert response.status_code == HTTPStatus.CREATED assert "status" in response.json and response.json["status"] == "success" assert "message" in response.json and response.json["message"] == SUCCESS assert "token_type" in response.json and response.json["token_type"] == "bearer" assert "expires_in" in response.json and response.json["expires_in"] == 5 assert "access_token" in response.json access_token = response.json["access_token"] result = User.decode_access_token(access_token) assert result.success user_dict = result.value assert not user_dict["admin"] user = User.find_by_public_id(user_dict["public_id"]) assert user and user.email == EMAIL