def test_logout_invalid(app, client): utils = Utils(app, client) access_token, refresh_token = utils.generate_access_token(refresh=True) resp = client.get('/api/auth', headers={'Authorization': f'Bearer {access_token}'}) assert resp.status_code == 200 resp = client.delete('/api/auth/refresh/invalid') assert resp.status_code == 401 assert json.loads( resp.data.decode()).get('message') == 'Invalid refresh token'
def test_refresh_token_invalid_data(app, client): utils = Utils(app, client) access_token, refresh_token = utils.generate_access_token(refresh=True) resp = client.get('/api/auth', headers={'Authorization': f'Bearer {access_token}'}) assert resp.status_code == 200 resp = client.post('/api/auth/refresh', json={'invalid': 'invalid'}) assert resp.status_code == 400 assert json.loads( resp.data.decode()).get('message') == 'Payload is invalid'
def test_refresh_token_deleted_account(app, client): utils = Utils(app, client) access_token, refresh_token = utils.generate_access_token(refresh=True) resp = client.get('/api/auth', headers={'Authorization': f'Bearer {access_token}'}) assert resp.status_code == 200 utils.delete_user() resp = client.post('/api/auth/refresh', json={'refreshToken': refresh_token}) assert resp.status_code == 400 assert json.loads( resp.data.decode()).get('message') == 'User does not exist!'
def test_logout(app, client): utils = Utils(app, client) access_token, refresh_token = utils.generate_access_token(refresh=True) resp = client.get('/api/auth', headers={'Authorization': f'Bearer {access_token}'}) assert resp.status_code == 200 resp = client.delete(f'/api/auth/refresh/{refresh_token}') assert resp.status_code == 200 assert json.loads( resp.data.decode()).get('data') == 'Successfully blacklisted token' # refresh token should now be invalid, access token will be still valid til it's expired resp = client.post('/api/auth/refresh', json={'refreshToken': refresh_token}) assert resp.status_code == 401 assert json.loads( resp.data.decode()).get('data') == 'Invalid refresh token'
def test_refresh_token(app, client): utils = Utils(app, client) access_token, refresh_token = utils.generate_access_token(refresh=True) resp = client.get('/api/auth', headers={'Authorization': f'Bearer {access_token}'}) assert resp.status_code == 200 resp = client.post('/api/auth/refresh', json={'refreshToken': refresh_token}) assert resp.status_code == 200 assert json.loads( resp.data.decode()).get('message') == 'Token refresh was successful' assert 'accessToken' in json.loads(resp.data.decode()) access_token = json.loads(resp.data.decode()).get('accessToken') resp = client.get('/api/auth', headers={'Authorization': f'Bearer {access_token}'}) assert resp.status_code == 200