def test_jwt_auth_non_existent_user(client, credentials):
res = client.post('/api/user/auth',
data=json.dumps(credentials),
content_type='application/json')
assert res.status_code == 404
assert f'User {credentials["username"]} does not exist.' in \
res.data.decode('utf-8')
def test_jwt_auth_missing_password(client, existing_user, credentials):
credentials.pop('password')
res = client.post('/api/user/auth',
data=json.dumps({'username': credentials['username']}),
content_type='application/json')
assert res.status_code == 400
assert 'password field is required.' in res.data.decode('utf-8')
def test_signup_when_user_already_exists(client, credentials):
existing_user = models.User(**credentials)
models.db.session.add(existing_user)
models.db.session.commit()
res = client.post('api/user',
data=json.dumps(credentials),
content_type='application/json')
assert res.status_code == 409
def test_signup_missing_username_and_password(client):
data = {'fake_field1': fake.word(), 'fake_field2': fake.word()}
res = client.post('/api/user',
data=json.dumps(data),
content_type='application/json')
assert res.status_code == 400
# assert that database has remained unchanged
saved_user = models.User.query.all()
assert len(saved_user) == 0
def test_jwt_auth_wrong_password(client, existing_user, credentials):
res = client.post('/api/user/auth',
data=json.dumps({
'username': credentials['username'],
'password': fake.password()
}),
content_type='application/json')
assert res.status_code == 401
assert f'Invalid password for user {credentials["username"]}' in \
res.data.decode('utf-8')
def test_signup(client, credentials):
res = client.post('/api/user',
data=json.dumps(credentials),
content_type='application/json')
assert res.status_code == 201
# assert that user has been persisted in the database
saved_user = models.User.query.all()[0]
assert saved_user.username == credentials['username']
# assert that the password has not been persisted in plain-text form
assert saved_user.password != credentials['password']
def test_jwt_auth(client, existing_user, credentials):
res = client.post('/api/user/auth',
data=json.dumps(credentials),
content_type='application/json')
assert res.status_code == 200
assert 'access_token' in res.json
