def post(self):
# get auth token
auth_header = request.headers.get('Authorization')
if (auth_header is not None) and (' ' in auth_header):
auth_token = auth_header.split(" ")[1]
else:
auth_token = auth_header
if auth_token:
resp = User.decode_auth_token(auth_token)
if isinstance(resp, str) and ('Signature expired'
not in resp) and ('Token blacklisted'
not in resp):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
blacklist_token.save()
responseObject = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(responseObject)), 200
except Exception as e:
responseObject = {'status': 'fail', 'message': e}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 403
def test_valid_blacklisted_token_logout(self):
""" Test for logout after a valid token gets blacklisted """
with self.client:
# user registration
resp_register = self.register_user("*****@*****.**", "password")
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['auth_token'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
# user login
resp_login = self.login_user("*****@*****.**", "password")
data_login = json.loads(resp_login.data.decode())
self.assertTrue(data_login['status'] == 'success')
self.assertTrue(data_login['message'] == 'Successfully logged in.')
self.assertTrue(data_login['auth_token'])
self.assertTrue(resp_login.content_type == 'application/json')
self.assertEqual(resp_login.status_code, 200)
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_login.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
# blacklisted valid token logout
response = self.client.post(
'/auth/logout',
headers=dict(
Authorization='Bearer ' +
json.loads(resp_login.data.decode())['auth_token']))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.')
def post(self, user=None, token_response=None, **kwargs):
# get auth token
auth_token = get_auth_token(request)
# mark the token as blacklisted
try:
blacklist_token = BlacklistToken(token=auth_token)
blacklist_token.save()
# insert the token
responseObject = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(responseObject)), 200
except Exception as e:
responseObject = {'status': 'fail', 'message': e}
return make_response(jsonify(responseObject)), 200
def test_valid_blacklisted_token_logout(self):
""" Test for logout after a valid token gets blacklisted """
with self.client:
# user registration
resp_register = self.register_user('*****@*****.**',
'crackthisidareyou')
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['auth_token'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
# user login
resp_login = self.login_user('*****@*****.**', 'crackthisidareyou')
data_login = json.loads(resp_login.data.decode())
self.assertTrue(data_login['status'] == 'success')
self.assertTrue(data_login['message'] == 'Successfully logged in.')
self.assertTrue(data_login['auth_token'])
self.assertTrue(resp_login.content_type == 'application/json')
self.assertEqual(resp_login.status_code, 200)
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_login.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
# blacklisted valid token logout
response = self.logout_user(resp_login.data.decode())
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def post(self):
# get auth token
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(responseObject)), 200 #OK
except Exception as e:
responseObject = {'status': 'fail', 'message': e}
return make_response(jsonify(responseObject)), 200 #OK
else:
responseObject = {'status': 'fail', 'message': resp}
return make_response(
jsonify(responseObject)), 401 #Unauthorized
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 403 #Forbidden
def test_valid_blacklisted_token_user(self):
""" Test for user status with a blacklisted valid token """
with self.client:
# Registering a user
resp_register = register_user(self, '*****@*****.**', 'test123')
# Blacklisting the token
blacklist_token = BlacklistToken(
token=json.loads(resp_register.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
# Checking user status
response = self.client.get(
'/auth/status',
headers = dict(
Authorization = 'Bearer ' + json.loads(
resp_register.data.decode()
)['auth_token']
)
)
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_user(self):
""" Test for user status with a blacklisted valid token """
with self.client:
resp_register = self.client.post(
'/auth/register',
data=json.dumps(dict(
email='*****@*****.**',
password='******'
)),
content_type='application/json'
)
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_register.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
response = self.client.get(
'/auth/status',
headers=dict(
Authorization='Bearer ' + json.loads(
resp_register.data.decode()
)['auth_token']
)
)
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_logout(self):
""" Test for logout after a valid token gets blacklisted """
with self.client:
# user registration
data_register, resp_register = self.register_user(
'*****@*****.**', '123456')
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['auth_token'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
# user login
data_login, resp_login = self.login_user('*****@*****.**', '123456')
self.assertTrue(data_login['status'] == 'success')
self.assertTrue(data_login['message'] == 'Successfully logged in.')
self.assertTrue(data_login['auth_token'])
self.assertTrue(resp_login.content_type == 'application/json')
self.assertEqual(resp_login.status_code, 200)
# blacklist a valid token
blacklist_token = BlacklistToken(token=data_login['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
# blacklisted valid token logout
data, response = self.client_post('/auth/logout',
token=data_login['auth_token'])
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def post(self):
auth_token = get_token()
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
'status': 'exito',
'message': 'Cierre de sesion exitoso'
}
return make_response(jsonify(responseObject))
except Exception as e:
responseObject = {'status': 'Error', 'message': e}
return make_response(jsonify(responseObject))
else:
responseObject = {'status': 'Error', 'message': resp}
return make_response(jsonify(responseObject))
else:
responseObject = {'status': 'Error', 'message': 'Token invalido'}
return make_response(jsonify(responseObject))
def post(self):
# get auth token
auth_header = request.headers.get("Authorization")
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ""
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
"status": "success",
"message": "Successfully logged out.",
}
return make_response(jsonify(responseObject)), 200
except Exception as e:
responseObject = {"status": "fail", "message": e}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {"status": "fail", "message": resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
"status": "fail",
"message": "Provide a valid auth token.",
}
return make_response(jsonify(responseObject)), 403
def test_comment_ticket_add_not_logged_in(self):
""" Test for creation of a comment when user is not logged in """
with self.client:
create_ticket(self, "*****@*****.**", "byrd", "Hello World",
"Bug Report", "High", "Testing")
# user registration
resp_register = register_user(self, '*****@*****.**', 'byrd')
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['auth_token'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_register.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
# create comment request
response = self.client.post(
'/tickets/1/createComment',
headers=dict(
Authorization='Bearer ' +
json.loads(resp_register.data.decode())['auth_token']))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
def test_ticket_update_not_logged_in(self):
""" Test for ticket update when user is not logged in """
with self.client:
# user registration
resp_register = register_user(self, '*****@*****.**', 'byrd')
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['auth_token'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_register.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
# Ticket Update Request
response = self.client.put(
'/tickets/edit',
headers=dict(
Authorization='Bearer ' +
json.loads(resp_register.data.decode())['auth_token']))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
def test_valid_blacklisted_token_user(self):
""" Test for user status with a blacklisted valid token """
with self.client:
User.delete_one('joe')
resp_register = register_user(self, 'joe', '*****@*****.**',
'123456')
# blacklist a valid token
token = json.loads(resp_register.data.decode())['auth_token']
blacklist_token = BlacklistToken(token=token)
blacklist_token.save()
response = self.client.get('/auth/status',
headers=dict(Authorization='Bearer ' +
token))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def get_user_from_token(auth_token, token_type="access") -> User:
user_token = User.decode_auth_token(auth_token, token_type)
user = User.query.filter_by(uuid=user_token['sub']).first()
if not user:
blacklist_token = BlacklistToken(token=auth_token)
db.session.add(blacklist_token)
db.session.commit()
raise UnauthorizedError('User is unknown.')
return user
def test_user_status_fails_when_token_blacklisted(self):
with self.client:
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(self.resp_register.data.decode())['token'])
blacklist_token.__repr__()
db.session.add(blacklist_token)
db.session.commit()
response = self.client.get(
'/auth/user',
headers=dict(
Authorization='Bearer ' + json.loads(
self.resp_register.data.decode()
)['token']
)
)
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def post(self):
try:
'''
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1] # throw acception is heades is incorrect
else:
auth_token = ''
'''
auth_token = request.query_string
if auth_token:
resp = Сertificate.decode_auth_token(
auth_token) # return action or string
if not isinstance(resp, str):
certificate = Сertificate.query.filter_by(
token=auth_token).first().with_lockmode("update")
if certificate:
if (certificate.shards == 0):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
# insert the token
db.session.add(blacklist_token)
db.session.commit()
return make_response(
jsonify({
'status':
0,
'message':
'Successful end of operation.'
})), 200
elif (certificate.shards > 0):
certificate.token -= 1
db.session.commit()
return make_response(
jsonify({
'status': 0,
'message': 'Successful operation.'
})), 200
return make_response(
jsonify({
'status': 1,
'message': 'Provide a valid auth token.'
})), 403
except IndexError: # if header is incorrect
return make_response(
jsonify({
'status': 1,
'message': 'Bearer token malformed.'
})), 401
except Exception as e:
return make_response(jsonify({'status': 1, 'message': e})), 200
def test_valid_blacklisted_token_user(self):
""" Test for user status with a blacklisted valid token """
with self.client:
resp_register = register_user(self)
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_register.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
response = user_status(self, resp_register)
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def post(self):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=g.auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
response_object = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(response_object)), 200
except Exception as e:
response_object = {'status': 'fail', 'message': e}
return make_response(jsonify(response_object)), 500
def post(self):
try:
auth_token = get_authorization_token(request)
user = get_user_from_token(auth_token=auth_token)
if user:
user.update_last_activity()
blacklist_token = BlacklistToken(token=auth_token)
db.session.add(blacklist_token)
db.session.commit()
return make_response('', 204)
except UnauthorizedError as e:
return make_response(jsonify({'message': str(e)})), 401
def test_valid_blacklisted_token_user(self):
""" Test for user status with a blacklisted valid token """
with self.client:
data_register, resp_register = self.register_user(
'*****@*****.**', '123456')
# blacklist a valid token
blacklist_token = BlacklistToken(token=data_register['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
data, response = self.client_get('/auth/status',
token=data_register['auth_token'])
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_logout(self):
""" Test for logout after a valid token gets blacklisted """
with self.client:
register_user(self, '*****@*****.**', '123456')
blacklist_token = BlacklistToken(token=json.loads(
user_login(self, '*****@*****.**', '123456').data.decode())
['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
# blacklisted valid token logout
response = user_logout(self, '*****@*****.**', '123456')
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_user(self):
""" Test for user status with a blacklisted valid token """
with self.client:
DatabasePrepare.create_new_user()
resp_login = PostHTTP.login_success(self.client)
data_login = json.loads(resp_login.data.decode())
# blacklist a valid token
blacklist_token = BlacklistToken(
token=data_login['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
response = PostHTTP.post_with_token(self.client,'/auth/status',
resp_login.data.decode())
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(data['message'] == 'Token is blacklisted. Please login again.')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_valid_blacklisted_token_logout(self):
with self.client:
resp_register = self.client.post(
'/api/v1/auth/register',
data=json.dumps(
dict(email='*****@*****.**',
password='******',
first_name='monty',
last_name='python',
is_admin='0')),
content_type='application/json',
)
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['auth_token'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
resp_login = self.client.post('/api/v1/auth/login',
data=json.dumps(
dict(email='*****@*****.**',
password='******')),
content_type='application/json')
data_login = json.loads(resp_login.data.decode())
self.assertTrue(data_login['status'] == 'success')
self.assertTrue(data_login['message'] == 'Successfully logged in.')
self.assertTrue(data_login['auth_token'])
self.assertTrue(resp_login.content_type == 'application/json')
self.assertEqual(resp_login.status_code, 200)
blacklist_token = BlacklistToken(
token=json.loads(resp_login.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
response = self.client.post(
'/api/v1/auth/logout',
headers=dict(
Authorization='Bearer ' +
json.loads(resp_login.data.decode())['auth_token']))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_logout(self):
""" Test for logout after a valid token gets blacklisted """
with self.client:
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(self.resp_login.data.decode())['token'])
db.session.add(blacklist_token)
db.session.commit()
# blacklisted valid token logout
response = self.client.post(
'/auth/logout',
headers=dict(
Authorization='Bearer ' +
json.loads(self.resp_login.data.decode())['token']))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_user(self):
""" Test for user status with a blacklisted valid token """
with self.client:
resp_register = self.register_user('*****@*****.**', '123456')
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_register.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
response = self.client.get(
'/auth/status',
headers=dict(
Authorization='Bearer ' +
json.loads(resp_register.data.decode())['auth_token']))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def test_ticket_list_not_logged_in(self):
""" Test for obtaining ticket list when user is not logged in """
with self.client:
# user registration
resp_register = register_user(self, '*****@*****.**', 'byrd')
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['auth_token'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_register.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
response = ticket_list(self, resp_register)
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
def test_valid_blacklisted_token_user(self):
""" Test for user status with a blacklisted valid token """
with self.client:
resp_register = register_user(self, "*****@*****.**", "123456")
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_register.data.decode())["auth_token"])
db.session.add(blacklist_token)
db.session.commit()
response = self.client.get(
"/auth/status",
headers=dict(
Authorization="Bearer " +
json.loads(resp_register.data.decode())["auth_token"]),
)
data = json.loads(response.data.decode())
self.assertTrue(data["status"] == "fail")
self.assertTrue(
data["message"] == "Token blacklisted. Please log in again.")
self.assertEqual(response.status_code, 401)
def post(self):
# get auth token
auth_token = RequestUtils.get_access_token(request)
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
DatabaseCheck.remove_key_pair(auth_token)
return CommonResponseObject.logout_success()
except Exception as e:
return CommonResponseObject.logout_exception(e)
else:
return CommonResponseObject.token_response(resp)
else:
return CommonResponseObject.forbiden_token_response()
def post(self):
# get auth token
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = validate_token(auth_header)
# TODO: Think of a better exception to throw here
except Exception:
response_object = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(response_object)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
response_object = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(response_object)), 200
except Exception as e:
response_object = {'status': 'fail', 'message': e}
return make_response(jsonify(response_object)), 200
else:
response_object = {'status': 'fail', 'message': resp}
return make_response(jsonify(response_object)), 401
else:
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(response_object)), 403
def test_valid_blacklisted_token_logout(self):
""" Test for logout after a valid token gets blacklisted """
with self.client:
# Registering a user
resp_register = register_user(self, '*****@*****.**', 'test123')
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['auth_token'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
# Logging in with the created user
resp_login = login_user(self, '*****@*****.**', 'test123')
data_login = json.loads(resp_login.data.decode())
self.assertTrue(data_login['status'] == 'success')
self.assertTrue(data_login['message'] == 'Successfully logged in.')
self.assertTrue(data_login['auth_token'])
self.assertTrue(resp_login.content_type == 'application/json')
self.assertEqual(resp_login.status_code, 200)
# Blacklisting the token
blacklist_token = BlacklistToken(
token=json.loads(resp_login.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
# Logging out with a blacklisted token
response = self.client.post(
'/auth/logout',
headers = dict(
Authorization = 'Bearer ' + json.loads(
resp_login.data.decode()
)['auth_token']
)
)
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
