Additional tests for logout (fixes #206). #207
Conversation
backend/tests/test_logout.py
Outdated
| @app.route("/", methods=['GET']) | ||
| @jwt_required | ||
| def protected(): | ||
| return jsonify({"msg": "That it proteced route"}) |
There was a problem hiding this comment.
I would go with "message" (as we would in other situations) I think.
backend/tests/test_logout.py
Outdated
| assert len(tokens) == 1 | ||
| assert tokens[0].revoked | ||
| assert rv.status_code == HTTPStatus.UNAUTHORIZED | ||
| assert response["msg"] == "token has been revoked" |
There was a problem hiding this comment.
It is behavior implemented in endpoint (not related to the test). Biside naming convencion for messages, we should not checking if token was revoked or not manually in every endpoint, as it is now (flask_jwt_extended has method to do it autmomatically). I added #208 targeting that problem.
backend/tests/test_logout.py
Outdated
| }) | ||
| response = rv.get_json() | ||
| assert rv.status_code == HTTPStatus.UNAUTHORIZED | ||
| assert response["msg"] == "token has been revoked" |
backend/tests/test_logout.py
Outdated
| def test_get_protected_route_after_logout( | ||
| app, client, protected_route, access_token | ||
| ): | ||
| """Test access protected route after loggin out.""" |
|
You have still tests failing here @stanislawK |
@magul I think they should. Bug is in our app, not in tests. That why I added #208 and blocked this pr until issue will be resolved. |
backend/tests/test_logout.py
Outdated
| rv = client.delete( | ||
| "/auth/logout/", headers={"Authorization": "Bearer {}".format(access_token)} | ||
| ) | ||
| assert rv.status_code == HTTPStatus.OK | ||
| rv = client.delete( | ||
| "/auth/logout/", headers={"Authorization": "Bearer {}".format(access_token)} | ||
| ) | ||
| tokens = JWTToken.query.all() | ||
| response = rv.get_json() |
There was a problem hiding this comment.
Nitpick: Could you reaname variables on more meaningful? E.g. rv on response and response ( in response = rv.get_json()) on payload
backend/tests/test_logout.py
Outdated
| rv = client.delete( | ||
| "/auth/logout/", headers={"Authorization": "Bearer {}".format(access_token)} | ||
| ) | ||
| assert rv.status_code == HTTPStatus.OK | ||
| rv = client.get("/", headers={"Authorization": "Bearer {}".format(access_token)}) | ||
| response = rv.get_json() |
backend/tests/test_logout.py
Outdated
| @app.route("/", methods=["GET"]) | ||
| @jwt_required | ||
| def protected(): | ||
| return jsonify({"message": "That is proteced route"}) |
|
@stanislawK please resolve conflicts & address comments. |
…tanislawK/codeforpoznan.pl_v3 into 206_additional_test_for_logout
To test:
make start
make test