Added revoking token during logout

api/tests/test_users.py

@@ -81,6 +81,7 @@ def test_get_users(test_client):
     response = test_client.get("/users", headers=headers)
     assert response.status_code == 200 # Admin user should can get all users data
 
+
 def test_get_user_with_token(test_client):
     """Test to get user data before and after auth using JWT token"""
     admin_pass = generate_password_hash("admin_pass")
@@ -111,3 +112,19 @@ def test_get_user_with_token(test_client):
     assert response.status_code == 403 # Common user cannot get other user data
     response = test_client.get(f"/users/{user.id}", headers=admin_headers)
     assert response.status_code == 200 # Admin can access all user data
+
+
+def test_user_logout(test_client):
+    """Test if logout work and JWT token is revoked"""
+    hashed_pass = generate_password_hash("testpass")
+    user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
+    db.session.add(user)
+    db.session.commit()
+
+    access_token = create_access_token(identity=str(user.id))
+    headers = {"Authorization": f"Bearer {access_token}"}
+
+    response = test_client.get(f"/logout", headers=headers)
+    assert response.status_code == 200 # Logged user can logout
+    response = test_client.get(f"/logout", headers=headers)
+    assert response.status_code == 401 # Token should be revoked after logout