def test_update_disable_2fa(app, client): utils = Utils(app, client) utils.enable_2fa() headers = {'Authorization': f'Bearer {utils.generate_access_token()}'} # check if 2fa is enabled # resp = client.get('/api/auth', headers=headers) resp = client.get( '/api/auth', headers={'Authorization': f'Bearer {utils.generate_access_token()}'}) assert json.loads(resp.data.decode()).get('data').get('2fa') # disable 2fa resp = client.put(f'/api/users/me', headers=headers, json={ 'totp_enabled': False, 'totp_token': utils.generate_2fa_token() }) assert resp.status_code == 200 assert not json.loads(resp.data.decode()).get('data').get('2fa')
def test_authentication_with_2fa(app, client): utils = Utils(app, client) utils.enable_2fa() # request should result in an error, because the 2fa token is missing resp = client.post('/api/auth', json={ 'username': '******', 'password': '******' }) assert resp.status_code == 401 assert json.loads( resp.data.decode('utf8')).get('message') == 'Missing 2fa token' # the 2fa token is in the data of this request, so it should work resp = client.post('/api/auth', json={ 'username': '******', 'password': '******', 'token': utils.generate_2fa_token() }) assert resp.status_code == 200 assert 'accessToken' in json.loads(resp.data.decode()) assert 'refreshToken' in json.loads(resp.data.decode())