def test_logout_token_blacklisted(client, db):
register_user(client)
response = login_user(client)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = logout_user(client, access_token)
assert response.status_code == HTTPStatus.OK
response = logout_user(client, access_token)
assert response.status_code == HTTPStatus.UNAUTHORIZED
assert "message" in response.json and response.json["message"] == TOKEN_BLACKLISTED
assert "WWW-Authenticate" in response.headers
assert response.headers["WWW-Authenticate"] == WWW_AUTH_BLACKLISTED_TOKEN
def test_logout_auth_token_expired(client, db):
register_user(client)
response = login_user(client)
assert "access_token" in response.json
access_token = response.json["access_token"]
time.sleep(6)
response = logout_user(client, access_token)
assert response.status_code == HTTPStatus.UNAUTHORIZED
assert "message" in response.json and response.json["message"] == TOKEN_EXPIRED
assert "WWW-Authenticate" in response.headers
assert response.headers["WWW-Authenticate"] == WWW_AUTH_EXPIRED_TOKEN
def test_logout(client, db):
register_user(client)
response = login_user(client)
assert "access_token" in response.json
access_token = response.json["access_token"]
blacklist = BlacklistedToken.query.all()
assert len(blacklist) == 0
response = logout_user(client, access_token)
assert response.status_code == HTTPStatus.OK
assert "status" in response.json and response.json["status"] == "success"
assert "message" in response.json and response.json["message"] == SUCCESS
blacklist = BlacklistedToken.query.all()
assert len(blacklist) == 1
assert access_token == blacklist[0].token
def test_authlogout_valid_user_expired_token(self, client, db):
""" AuthLogout endpoint should return 200 and message for user with valid token. """
user = dict(user_name="great_user",
email="*****@*****.**",
password="******")
register_user(client, **user)
response = login_user(client, **user)
assert "access_token" in response.json
access_token = response.json["access_token"]
sleep(6)
response = logout_user(client, access_token, **user)
assert response.status_code == 401
def test_authlogout_valid_user(self, client, db):
""" AuthLogout endpoint should return 200 and message for user with valid token. """
user = dict(user_name="great_user",
email="*****@*****.**",
password="******")
register_user(client, **user)
response = login_user(client, **user)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = logout_user(client, access_token, **user)
assert response.status_code == 200
blacklist = BlacklistedTokens.query.all()
assert len(blacklist) == 1
assert access_token == blacklist[0].token