def test_logout_invalid(app, client):
utils = Utils(app, client)
access_token, refresh_token = utils.generate_access_token(refresh=True)
resp = client.get('/api/auth',
headers={'Authorization': f'Bearer {access_token}'})
assert resp.status_code == 200
resp = client.delete('/api/auth/refresh/invalid')
assert resp.status_code == 401
assert json.loads(
resp.data.decode()).get('message') == 'Invalid refresh token'
def test_refresh_token_invalid_data(app, client):
utils = Utils(app, client)
access_token, refresh_token = utils.generate_access_token(refresh=True)
resp = client.get('/api/auth',
headers={'Authorization': f'Bearer {access_token}'})
assert resp.status_code == 200
resp = client.post('/api/auth/refresh', json={'invalid': 'invalid'})
assert resp.status_code == 400
assert json.loads(
resp.data.decode()).get('message') == 'Payload is invalid'
def test_refresh_token_deleted_account(app, client):
utils = Utils(app, client)
access_token, refresh_token = utils.generate_access_token(refresh=True)
resp = client.get('/api/auth',
headers={'Authorization': f'Bearer {access_token}'})
assert resp.status_code == 200
utils.delete_user()
resp = client.post('/api/auth/refresh',
json={'refreshToken': refresh_token})
assert resp.status_code == 400
assert json.loads(
resp.data.decode()).get('message') == 'User does not exist!'
def test_logout(app, client):
utils = Utils(app, client)
access_token, refresh_token = utils.generate_access_token(refresh=True)
resp = client.get('/api/auth',
headers={'Authorization': f'Bearer {access_token}'})
assert resp.status_code == 200
resp = client.delete(f'/api/auth/refresh/{refresh_token}')
assert resp.status_code == 200
assert json.loads(
resp.data.decode()).get('data') == 'Successfully blacklisted token'
# refresh token should now be invalid, access token will be still valid til it's expired
resp = client.post('/api/auth/refresh',
json={'refreshToken': refresh_token})
assert resp.status_code == 401
assert json.loads(
resp.data.decode()).get('data') == 'Invalid refresh token'
def test_refresh_token(app, client):
utils = Utils(app, client)
access_token, refresh_token = utils.generate_access_token(refresh=True)
resp = client.get('/api/auth',
headers={'Authorization': f'Bearer {access_token}'})
assert resp.status_code == 200
resp = client.post('/api/auth/refresh',
json={'refreshToken': refresh_token})
assert resp.status_code == 200
assert json.loads(
resp.data.decode()).get('message') == 'Token refresh was successful'
assert 'accessToken' in json.loads(resp.data.decode())
access_token = json.loads(resp.data.decode()).get('accessToken')
resp = client.get('/api/auth',
headers={'Authorization': f'Bearer {access_token}'})
assert resp.status_code == 200
