From 37e89b60afe03ec3fb98e127ff2b0b5bde7bd0da Mon Sep 17 00:00:00 2001 From: Marcin-Ramotowski Date: Sat, 29 Mar 2025 21:18:24 +0000 Subject: [PATCH] Added test for user logout --- api/tests/test_users.py | 17 +++++++++++++ api/tests/tests.py | 55 ----------------------------------------- 2 files changed, 17 insertions(+), 55 deletions(-) delete mode 100644 api/tests/tests.py diff --git a/api/tests/test_users.py b/api/tests/test_users.py index ae5d645..4b18305 100644 --- a/api/tests/test_users.py +++ b/api/tests/test_users.py @@ -81,6 +81,7 @@ def test_get_users(test_client): response = test_client.get("/users", headers=headers) assert response.status_code == 200 # Admin user should can get all users data + def test_get_user_with_token(test_client): """Test to get user data before and after auth using JWT token""" admin_pass = generate_password_hash("admin_pass") @@ -111,3 +112,19 @@ def test_get_user_with_token(test_client): assert response.status_code == 403 # Common user cannot get other user data response = test_client.get(f"/users/{user.id}", headers=admin_headers) assert response.status_code == 200 # Admin can access all user data + + +def test_user_logout(test_client): + """Test if logout work and JWT token is revoked""" + hashed_pass = generate_password_hash("testpass") + user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User") + db.session.add(user) + db.session.commit() + + access_token = create_access_token(identity=str(user.id)) + headers = {"Authorization": f"Bearer {access_token}"} + + response = test_client.get(f"/logout", headers=headers) + assert response.status_code == 200 # Logged user can logout + response = test_client.get(f"/logout", headers=headers) + assert response.status_code == 401 # Token should be revoked after logout diff --git a/api/tests/tests.py b/api/tests/tests.py deleted file mode 100644 index da95b80..0000000 --- a/api/tests/tests.py +++ /dev/null @@ -1,55 +0,0 @@ -import json -from models import User, db -from flask_jwt_extended import create_access_token -from werkzeug.security import generate_password_hash - -def test_create_user(test_client): - """New user registration test""" - response = test_client.post( - "/users", - data=json.dumps({"username": "testuser", "email": "test@example.com", "password": "testpass", "role": "User"}), - content_type="application/json", - ) - assert response.status_code == 201 # User should be created successfully - data = response.get_json() - assert data["username"] == "testuser" - -def test_login(test_client): - """User login test""" - hashed_pass = generate_password_hash("testpass") - user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User") - db.session.add(user) - db.session.commit() - - response = test_client.post( - "/login", - data=json.dumps({"username": "testuser", "password": "wrongpass"}), - content_type="application/json", - ) - assert response.status_code == 401 # User should not be logged - wrong password - response = test_client.post( - "/login", - data=json.dumps({"username": "testuser", "password": "testpass"}), - content_type="application/json", - ) - assert response.status_code == 200 # User should be logged - right password - -def test_get_users(test_client): - """Get all users test - JWT required""" - response = test_client.get("/users") - assert response.status_code == 401 - -def test_get_user_with_token(test_client): - """Test to get user data after auth using JWT token""" - user = User(username="admin", email="admin@example.com", password="hashed_pass", role="Administrator") - print(user.id) - db.session.add(user) - db.session.commit() - - access_token = create_access_token(identity=str(user.id)) - headers = {"Authorization": f"Bearer {access_token}"} - - response = test_client.get(f"/users/{user.id}", headers=headers) - assert response.status_code == 200 - data = response.get_json() - assert data["username"] == "admin"