fix: tests based on updated implementation

VaibhavSingh8 · VaibhavSingh8 · commit 4b524dea0362 · 2025-07-06T23:40:18.000+05:30
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -12,12 +12,10 @@ jobs:
     env:
       MONGODB_URI: mongodb://db:27017
       DB_NAME: todo-app
-      GOOGLE_JWT_SECRET_KEY: "test-secret-key-for-jwt"
       GOOGLE_JWT_ACCESS_LIFETIME: "3600"
       GOOGLE_JWT_REFRESH_LIFETIME: "604800"
       GOOGLE_OAUTH_CLIENT_ID: "test-client-id"
       GOOGLE_OAUTH_CLIENT_SECRET: "test-client-secret"
-      GOOGLE_OAUTH_REDIRECT_URI: "http://localhost:3000/auth/callback"
       COOKIE_SECURE: "False"
       COOKIE_SAMESITE: "Lax"
 
diff --git a/todo/tests/integration/base_mongo_test.py b/todo/tests/integration/base_mongo_test.py
@@ -22,6 +22,7 @@ def setUpClass(cls):
         cls.override = override_settings(
             MONGODB_URI=cls.mongo_url,
             DB_NAME="testdb",
+            FRONTEND_URL="http://localhost:4000"
         )
         cls.override.enable()
         DatabaseManager.reset()
@@ -76,4 +77,4 @@ def get_user_model(self) -> UserModel:
             name=self.user_data["name"],
             createdAt=datetime.now(timezone.utc),
             updatedAt=datetime.now(timezone.utc),
-        )
+        )
diff --git a/todo/tests/unit/middlewares/test_jwt_auth.py b/todo/tests/unit/middlewares/test_jwt_auth.py
@@ -17,9 +17,6 @@ def setUp(self):
         self.request.path = "/v1/tasks"
         self.request.headers = {}
         self.request.COOKIES = {}
-        self._original_public_paths = settings.PUBLIC_PATHS
-        settings.PUBLIC_PATHS = ["/v1/auth/google/login"]
-        self.addCleanup(setattr, settings, "PUBLIC_PATHS", self._original_public_paths)
 
     def test_public_path_authentication_bypass(self):
         """Test that requests to public paths bypass authentication"""
diff --git a/todo/tests/unit/views/test_auth.py b/todo/tests/unit/views/test_auth.py
@@ -4,14 +4,10 @@
 from unittest.mock import patch, Mock, PropertyMock
 from bson.objectid import ObjectId
 
-from todo.views.auth import (
-    GoogleCallbackView,
-)
-
-from todo.utils.google_jwt_utils import (
-    generate_google_token_pair,
-)
-from todo.constants.messages import AppMessages, AuthErrorMessages
+from todo.views.auth import GoogleCallbackView
+from todo.utils.google_jwt_utils import generate_google_token_pair
+from todo.constants.messages import AppMessages
+from todo.tests.fixtures.user import google_auth_user_payload, users_db_data
 
 
 class GoogleLoginViewTests(APITestCase):
@@ -21,7 +17,7 @@ def setUp(self):
         self.url = reverse("google_login")
 
     @patch("todo.services.google_oauth_service.GoogleOAuthService.get_authorization_url")
-    def test_get_returns_redirect_url_for_html_request(self, mock_get_auth_url):
+    def test_get_returns_redirect_for_html_request(self, mock_get_auth_url):
         mock_auth_url = "https://accounts.google.com/o/oauth2/auth"
         mock_state = "test_state"
         mock_get_auth_url.return_value = (mock_auth_url, mock_state)
@@ -41,12 +37,31 @@ def test_get_returns_json_for_json_request(self, mock_get_auth_url):
         response = self.client.get(self.url, HTTP_ACCEPT="application/json")
 
         self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["statusCode"], status.HTTP_200_OK)
+        self.assertEqual(response.data["message"], "Google OAuth URL generated successfully")
         self.assertEqual(response.data["data"]["authUrl"], mock_auth_url)
         self.assertEqual(response.data["data"]["state"], mock_state)
         mock_get_auth_url.assert_called_once_with(None)
 
     @patch("todo.services.google_oauth_service.GoogleOAuthService.get_authorization_url")
-    def test_get_with_redirect_url(self, mock_get_auth_url):
+    def test_get_returns_json_with_format_parameter(self, mock_get_auth_url):
+        """Test that format=json parameter returns JSON response"""
+        mock_auth_url = "https://accounts.google.com/o/oauth2/auth"
+        mock_state = "test_state"
+        mock_get_auth_url.return_value = (mock_auth_url, mock_state)
+
+        response = self.client.get(f"{self.url}?format=json")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["statusCode"], status.HTTP_200_OK)
+        self.assertEqual(response.data["message"], "Google OAuth URL generated successfully")
+        self.assertEqual(response.data["data"]["authUrl"], mock_auth_url)
+        self.assertEqual(response.data["data"]["state"], mock_state)
+        mock_get_auth_url.assert_called_once_with(None)
+
+    @patch("todo.services.google_oauth_service.GoogleOAuthService.get_authorization_url")
+    def test_get_with_redirect_url_html_request(self, mock_get_auth_url):
+        """Test HTML request with redirect URL"""
         mock_auth_url = "https://accounts.google.com/o/oauth2/auth"
         mock_state = "test_state"
         mock_get_auth_url.return_value = (mock_auth_url, mock_state)
@@ -58,6 +73,33 @@ def test_get_with_redirect_url(self, mock_get_auth_url):
         self.assertEqual(response.url, mock_auth_url)
         mock_get_auth_url.assert_called_once_with(redirect_url)
 
+    @patch("todo.services.google_oauth_service.GoogleOAuthService.get_authorization_url")
+    def test_get_with_redirect_url_json_request(self, mock_get_auth_url):
+        """Test JSON request with redirect URL"""
+        mock_auth_url = "https://accounts.google.com/o/oauth2/auth"
+        mock_state = "test_state"
+        mock_get_auth_url.return_value = (mock_auth_url, mock_state)
+        redirect_url = "http://localhost:3000/callback"
+
+        response = self.client.get(f"{self.url}?redirectURL={redirect_url}", HTTP_ACCEPT="application/json")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["data"]["authUrl"], mock_auth_url)
+        self.assertEqual(response.data["data"]["state"], mock_state)
+        mock_get_auth_url.assert_called_once_with(redirect_url)
+
+    @patch("todo.services.google_oauth_service.GoogleOAuthService.get_authorization_url")
+    def test_stores_state_in_session(self, mock_get_auth_url):
+        """Test that state is stored in session for both request types"""
+        mock_auth_url = "https://accounts.google.com/o/oauth2/auth"
+        mock_state = "test_state"
+        mock_get_auth_url.return_value = (mock_auth_url, mock_state)
+
+        response = self.client.get(self.url, HTTP_ACCEPT="application/json")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(self.client.session.get("oauth_state"), mock_state)
+
 
 class GoogleCallbackViewTests(APITestCase):
     def setUp(self):
@@ -66,6 +108,8 @@ def setUp(self):
         self.url = reverse("google_callback")
         self.factory = APIRequestFactory()
         self.view = GoogleCallbackView.as_view()
+        
+        self.test_user_data = users_db_data[0]
 
     def test_get_redirects_for_oauth_error(self):
         error = "access_denied"
@@ -80,67 +124,37 @@ def test_get_redirects_for_missing_code(self):
         self.assertEqual(response.status_code, status.HTTP_302_FOUND)
         self.assertIn("error=missing_code", response.url)
 
-    @patch("todo.services.google_oauth_service.GoogleOAuthService.handle_callback")
-    @patch("todo.services.user_service.UserService.create_or_update_user")
-    def test_get_redirects_for_valid_code_and_state(self, mock_create_user, mock_handle_callback):
-        mock_google_data = {
-            "id": "test_google_id",
-            "email": "test@example.com",
-            "name": "Test User",
-        }
-        user_id = str(ObjectId())
-        mock_user = Mock()
-        mock_user.id = ObjectId(user_id)
-        mock_user.google_id = mock_google_data["id"]
-        mock_user.email_id = mock_google_data["email"]
-        mock_user.name = mock_google_data["name"]
-        type(mock_user).id = PropertyMock(return_value=ObjectId(user_id))
-
-        mock_handle_callback.return_value = mock_google_data
-        mock_create_user.return_value = mock_user
-
-        session = self.client.session
-        session["oauth_state"] = "test_state"
-        session.save()
-
-        response = self.client.get(f"{self.url}?code=test_code&state=test_state")
+    def test_get_redirects_for_missing_state(self):
+        response = self.client.get(f"{self.url}?code=test_code")
 
         self.assertEqual(response.status_code, status.HTTP_302_FOUND)
-        self.assertIn("success=true", response.url)
-        self.assertIn("ext-access", response.cookies)
-        self.assertIn("ext-refresh", response.cookies)
-        self.assertNotIn("oauth_state", self.client.session)
+        self.assertIn("error=missing_state", response.url)
 
-    def test_post_returns_error_for_missing_code(self):
-        response = self.client.post(self.url, {})
-        
-        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
-        self.assertEqual(response.data["message"], "No authorization code received from Google")
-
-    def test_post_returns_error_for_invalid_state(self):
+    def test_get_redirects_for_invalid_state(self):
         session = self.client.session
-        session["oauth_state"] = "different_state"
+        session["oauth_state"] = "correct_state"
         session.save()
 
-        response = self.client.post(self.url, {"code": "test_code", "state": "invalid_state"})
+        response = self.client.get(f"{self.url}?code=test_code&state=wrong_state")
 
-        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
-        self.assertEqual(response.data["message"], "Invalid state parameter")
+        self.assertEqual(response.status_code, status.HTTP_302_FOUND)
+        self.assertIn("error=invalid_state", response.url)
 
     @patch("todo.services.google_oauth_service.GoogleOAuthService.handle_callback")
     @patch("todo.services.user_service.UserService.create_or_update_user")
-    def test_post_handles_callback_successfully(self, mock_create_user, mock_handle_callback):
+    def test_get_redirects_for_valid_code_and_state(self, mock_create_user, mock_handle_callback):
         mock_google_data = {
-            "id": "test_google_id",
-            "email": "test@example.com",
-            "name": "Test User",
+            "id": self.test_user_data["google_id"],
+            "email": self.test_user_data["email_id"],
+            "name": self.test_user_data["name"],
         }
+        
         user_id = str(ObjectId())
         mock_user = Mock()
         mock_user.id = ObjectId(user_id)
-        mock_user.google_id = mock_google_data["id"]
-        mock_user.email_id = mock_google_data["email"]
-        mock_user.name = mock_google_data["name"]
+        mock_user.google_id = self.test_user_data["google_id"]
+        mock_user.email_id = self.test_user_data["email_id"]
+        mock_user.name = self.test_user_data["name"]
         type(mock_user).id = PropertyMock(return_value=ObjectId(user_id))
 
         mock_handle_callback.return_value = mock_google_data
@@ -150,50 +164,26 @@ def test_post_handles_callback_successfully(self, mock_create_user, mock_handle_
         session["oauth_state"] = "test_state"
         session.save()
 
-        response = self.client.post(self.url, {"code": "test_code", "state": "test_state"})
+        response = self.client.get(f"{self.url}?code=test_code&state=test_state")
 
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data["data"]["user"]["id"], user_id)
-        self.assertEqual(response.data["data"]["user"]["name"], mock_user.name)
-        self.assertEqual(response.data["data"]["user"]["email"], mock_user.email_id)
-        self.assertEqual(response.data["data"]["user"]["google_id"], mock_user.google_id)
+        self.assertEqual(response.status_code, status.HTTP_302_FOUND)
+        self.assertIn("success=true", response.url)
         self.assertIn("ext-access", response.cookies)
         self.assertIn("ext-refresh", response.cookies)
         self.assertNotIn("oauth_state", self.client.session)
 
-class GoogleRefreshViewTests(APITestCase):
-    def setUp(self):
-        super().setUp()
-        self.client = APIClient()
-        self.url = reverse("google_refresh")
-
-    def test_get_returns_401_when_no_refresh_token(self):
-        response = self.client.get(self.url)
-
-        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
-        self.assertEqual(response.data["message"], AuthErrorMessages.NO_REFRESH_TOKEN)
-        self.assertEqual(response.data["authenticated"], False)
-        self.assertEqual(response.data["statusCode"], status.HTTP_401_UNAUTHORIZED)
-
-    @patch("todo.utils.google_jwt_utils.validate_google_refresh_token")
-    def test_get_refreshes_token_successfully(self, mock_validate_token):
-        user_data = {
-            "user_id": str(ObjectId()),
-            "google_id": "test_google_id",
-            "email": "test@example.com",
-            "name": "Test User",
-        }
-        tokens = generate_google_token_pair(user_data)
-        mock_validate_token.return_value = user_data
+    @patch("todo.services.google_oauth_service.GoogleOAuthService.handle_callback")
+    def test_get_redirects_for_callback_exception(self, mock_handle_callback):
+        mock_handle_callback.side_effect = Exception("OAuth service error")
 
-        self.client.cookies["ext-refresh"] = tokens["refresh_token"]
+        session = self.client.session
+        session["oauth_state"] = "test_state"
+        session.save()
 
-        response = self.client.get(self.url, HTTP_ACCEPT="application/json")
+        response = self.client.get(f"{self.url}?code=test_code&state=test_state")
 
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data["data"]["success"], True)
-        self.assertEqual(response.data["message"], AppMessages.TOKEN_REFRESHED)
-        self.assertIn("ext-access", response.cookies)
+        self.assertEqual(response.status_code, status.HTTP_302_FOUND)
+        self.assertIn("error=auth_failed", response.url)
 
 
 class GoogleLogoutViewTests(APITestCase):
@@ -202,52 +192,57 @@ def setUp(self):
         self.client = APIClient()
         self.url = reverse("google_logout")
 
-    def test_get_returns_success_and_clears_cookies(self):
-        user_data = {
-            "user_id": str(ObjectId()),
-            "google_id": "test_google_id",
-            "email": "test@example.com",
-            "name": "Test User",
-        }
-        tokens = generate_google_token_pair(user_data)
-        self.client.cookies["ext-access"] = tokens["access_token"]
-        self.client.cookies["ext-refresh"] = tokens["refresh_token"]
-
-        response = self.client.get(self.url, HTTP_ACCEPT="application/json")
-            
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data["data"]["success"], True)
-        self.assertEqual(response.data["message"], AppMessages.GOOGLE_LOGOUT_SUCCESS)
-        self.assertEqual(response.cookies.get("ext-access").value, "")
-        self.assertEqual(response.cookies.get("ext-refresh").value, "")
-
-    def test_get_redirects_when_not_json_request(self):
+    def test_get_returns_json_response(self):
         redirect_url = "http://localhost:3000"
         self.client.cookies["ext-access"] = "test_access_token"
         self.client.cookies["ext-refresh"] = "test_refresh_token"
 
         response = self.client.get(f"{self.url}?redirectURL={redirect_url}")
 
-        self.assertEqual(response.status_code, status.HTTP_302_FOUND)
-        self.assertEqual(response.url, redirect_url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["data"]["success"], True)
+        self.assertEqual(response.data["message"], AppMessages.GOOGLE_LOGOUT_SUCCESS)
         self.assertEqual(response.cookies.get("ext-access").value, "")
         self.assertEqual(response.cookies.get("ext-refresh").value, "")
 
     def test_post_returns_success_and_clears_cookies(self):
+        """Test that POST requests return JSON"""
         user_data = {
             "user_id": str(ObjectId()),
-            "google_id": "test_google_id",
-            "email": "test@example.com",
-            "name": "Test User",
+            "google_id": google_auth_user_payload["google_id"],
+            "email": google_auth_user_payload["email"],
+            "name": google_auth_user_payload["name"],
         }
         tokens = generate_google_token_pair(user_data)
         self.client.cookies["ext-access"] = tokens["access_token"]
         self.client.cookies["ext-refresh"] = tokens["refresh_token"]
 
-        response = self.client.post(self.url, HTTP_ACCEPT="application/json")
+        response = self.client.post(self.url)
 
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data["data"]["success"], True)
         self.assertEqual(response.data["message"], AppMessages.GOOGLE_LOGOUT_SUCCESS)
         self.assertEqual(response.cookies.get("ext-access").value, "")
         self.assertEqual(response.cookies.get("ext-refresh").value, "")
+
+    def test_logout_clears_session(self):
+        """Test that logout clears session data"""
+        session = self.client.session
+        session["oauth_state"] = "test_state"
+        session["some_other_data"] = "test_data"
+        session.save()
+
+        response = self.client.post(self.url)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertNotIn("oauth_state", self.client.session)
+        self.assertNotIn("some_other_data", self.client.session)
+
+    def test_logout_clears_sessionid_cookie(self):
+        """Test that logout clears sessionid cookie"""
+        self.client.cookies["sessionid"] = "test_session_id"
+        
+        response = self.client.post(self.url)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.cookies.get("sessionid").value, "")
diff --git a/todo_project/settings/base.py b/todo_project/settings/base.py
