Skip to content

Commit 9c21d64

Browse files
sinkozssinkozs
committed
Update backend tests to use a cookie instead of the token header
1 parent fc6e216 commit 9c21d64

File tree

6 files changed

+114
-103
lines changed

6 files changed

+114
-103
lines changed

backend/app/tests/api/routes/test_items.py

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,12 @@
88

99

1010
def test_create_item(
11-
client: TestClient, superuser_token_headers: dict[str, str]
11+
client: TestClient, superuser_auth_cookies: dict[str, str]
1212
) -> None:
1313
data = {"title": "Foo", "description": "Fighters"}
1414
response = client.post(
1515
f"{settings.API_V1_STR}/items/",
16-
headers=superuser_token_headers,
16+
cookies=superuser_auth_cookies,
1717
json=data,
1818
)
1919
assert response.status_code == 200
@@ -25,12 +25,12 @@ def test_create_item(
2525

2626

2727
def test_read_item(
28-
client: TestClient, superuser_token_headers: dict[str, str], db: Session
28+
client: TestClient, superuser_auth_cookies: dict[str, str], db: Session
2929
) -> None:
3030
item = create_random_item(db)
3131
response = client.get(
3232
f"{settings.API_V1_STR}/items/{item.id}",
33-
headers=superuser_token_headers,
33+
cookies=superuser_auth_cookies,
3434
)
3535
assert response.status_code == 200
3636
content = response.json()
@@ -41,52 +41,52 @@ def test_read_item(
4141

4242

4343
def test_read_item_not_found(
44-
client: TestClient, superuser_token_headers: dict[str, str]
44+
client: TestClient, superuser_auth_cookies: dict[str, str]
4545
) -> None:
4646
response = client.get(
4747
f"{settings.API_V1_STR}/items/{uuid.uuid4()}",
48-
headers=superuser_token_headers,
48+
cookies=superuser_auth_cookies,
4949
)
5050
assert response.status_code == 404
5151
content = response.json()
5252
assert content["detail"] == "Item not found"
5353

5454

5555
def test_read_item_not_enough_permissions(
56-
client: TestClient, normal_user_token_headers: dict[str, str], db: Session
56+
client: TestClient, normal_user_auth_cookies: dict[str, str], db: Session
5757
) -> None:
5858
item = create_random_item(db)
5959
response = client.get(
6060
f"{settings.API_V1_STR}/items/{item.id}",
61-
headers=normal_user_token_headers,
61+
cookies=normal_user_auth_cookies,
6262
)
6363
assert response.status_code == 400
6464
content = response.json()
6565
assert content["detail"] == "Not enough permissions"
6666

6767

6868
def test_read_items(
69-
client: TestClient, superuser_token_headers: dict[str, str], db: Session
69+
client: TestClient, superuser_auth_cookies: dict[str, str], db: Session
7070
) -> None:
7171
create_random_item(db)
7272
create_random_item(db)
7373
response = client.get(
7474
f"{settings.API_V1_STR}/items/",
75-
headers=superuser_token_headers,
75+
cookies=superuser_auth_cookies,
7676
)
7777
assert response.status_code == 200
7878
content = response.json()
7979
assert len(content["data"]) >= 2
8080

8181

8282
def test_update_item(
83-
client: TestClient, superuser_token_headers: dict[str, str], db: Session
83+
client: TestClient, superuser_auth_cookies: dict[str, str], db: Session
8484
) -> None:
8585
item = create_random_item(db)
8686
data = {"title": "Updated title", "description": "Updated description"}
8787
response = client.put(
8888
f"{settings.API_V1_STR}/items/{item.id}",
89-
headers=superuser_token_headers,
89+
cookies=superuser_auth_cookies,
9090
json=data,
9191
)
9292
assert response.status_code == 200
@@ -98,12 +98,12 @@ def test_update_item(
9898

9999

100100
def test_update_item_not_found(
101-
client: TestClient, superuser_token_headers: dict[str, str]
101+
client: TestClient, superuser_auth_cookies: dict[str, str]
102102
) -> None:
103103
data = {"title": "Updated title", "description": "Updated description"}
104104
response = client.put(
105105
f"{settings.API_V1_STR}/items/{uuid.uuid4()}",
106-
headers=superuser_token_headers,
106+
cookies=superuser_auth_cookies,
107107
json=data,
108108
)
109109
assert response.status_code == 404
@@ -112,13 +112,13 @@ def test_update_item_not_found(
112112

113113

114114
def test_update_item_not_enough_permissions(
115-
client: TestClient, normal_user_token_headers: dict[str, str], db: Session
115+
client: TestClient, normal_user_auth_cookies: dict[str, str], db: Session
116116
) -> None:
117117
item = create_random_item(db)
118118
data = {"title": "Updated title", "description": "Updated description"}
119119
response = client.put(
120120
f"{settings.API_V1_STR}/items/{item.id}",
121-
headers=normal_user_token_headers,
121+
cookies=normal_user_auth_cookies,
122122
json=data,
123123
)
124124
assert response.status_code == 400
@@ -127,37 +127,37 @@ def test_update_item_not_enough_permissions(
127127

128128

129129
def test_delete_item(
130-
client: TestClient, superuser_token_headers: dict[str, str], db: Session
130+
client: TestClient, superuser_auth_cookies: dict[str, str], db: Session
131131
) -> None:
132132
item = create_random_item(db)
133133
response = client.delete(
134134
f"{settings.API_V1_STR}/items/{item.id}",
135-
headers=superuser_token_headers,
135+
cookies=superuser_auth_cookies,
136136
)
137137
assert response.status_code == 200
138138
content = response.json()
139139
assert content["message"] == "Item deleted successfully"
140140

141141

142142
def test_delete_item_not_found(
143-
client: TestClient, superuser_token_headers: dict[str, str]
143+
client: TestClient, superuser_auth_cookies: dict[str, str]
144144
) -> None:
145145
response = client.delete(
146146
f"{settings.API_V1_STR}/items/{uuid.uuid4()}",
147-
headers=superuser_token_headers,
147+
cookies=superuser_auth_cookies,
148148
)
149149
assert response.status_code == 404
150150
content = response.json()
151151
assert content["detail"] == "Item not found"
152152

153153

154154
def test_delete_item_not_enough_permissions(
155-
client: TestClient, normal_user_token_headers: dict[str, str], db: Session
155+
client: TestClient, normal_user_auth_cookies: dict[str, str], db: Session
156156
) -> None:
157157
item = create_random_item(db)
158158
response = client.delete(
159159
f"{settings.API_V1_STR}/items/{item.id}",
160-
headers=normal_user_token_headers,
160+
cookies=normal_user_auth_cookies,
161161
)
162162
assert response.status_code == 400
163163
content = response.json()

backend/app/tests/api/routes/test_login.py

Lines changed: 22 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -12,19 +12,25 @@
1212
from app.utils import generate_password_reset_token
1313

1414

15-
def test_get_access_token(client: TestClient) -> None:
15+
def test_get_auth_cookie(client: TestClient) -> None:
1616
login_data = {
1717
"username": settings.FIRST_SUPERUSER,
1818
"password": settings.FIRST_SUPERUSER_PASSWORD,
1919
}
20+
2021
r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data)
21-
tokens = r.json()
22+
2223
assert r.status_code == 200
23-
assert "access_token" in tokens
24-
assert tokens["access_token"]
24+
assert r.json()["message"] == "Login successful"
25+
26+
cookie_header = r.headers.get("Set-Cookie")
27+
assert "http_only_auth_cookie=" in cookie_header
28+
29+
cookie_value = cookie_header.split("http_only_auth_cookie=")[1].split(";")[0]
30+
assert cookie_value
2531

2632

27-
def test_get_access_token_incorrect_password(client: TestClient) -> None:
33+
def test_get_auth_cookie_incorrect_password(client: TestClient) -> None:
2834
login_data = {
2935
"username": settings.FIRST_SUPERUSER,
3036
"password": "incorrect",
@@ -33,20 +39,20 @@ def test_get_access_token_incorrect_password(client: TestClient) -> None:
3339
assert r.status_code == 400
3440

3541

36-
def test_use_access_token(
37-
client: TestClient, superuser_token_headers: dict[str, str]
42+
def test_use_auth_cookie(
43+
client: TestClient, superuser_auth_cookies: dict[str, str]
3844
) -> None:
3945
r = client.post(
4046
f"{settings.API_V1_STR}/login/test-token",
41-
headers=superuser_token_headers,
47+
cookies=superuser_auth_cookies,
4248
)
4349
result = r.json()
4450
assert r.status_code == 200
4551
assert "email" in result
4652

4753

4854
def test_recovery_password(
49-
client: TestClient, normal_user_token_headers: dict[str, str]
55+
client: TestClient, normal_user_auth_cookies: dict[str, str]
5056
) -> None:
5157
with (
5258
patch("app.core.config.settings.SMTP_HOST", "smtp.example.com"),
@@ -55,23 +61,24 @@ def test_recovery_password(
5561
email = "[email protected]"
5662
r = client.post(
5763
f"{settings.API_V1_STR}/password-recovery/{email}",
58-
headers=normal_user_token_headers,
64+
cookies=normal_user_auth_cookies,
5965
)
6066
assert r.status_code == 200
6167
assert r.json() == {"message": "Password recovery email sent"}
6268

6369

6470
def test_recovery_password_user_not_exits(
65-
client: TestClient, normal_user_token_headers: dict[str, str]
71+
client: TestClient, normal_user_auth_cookies: dict[str, str]
6672
) -> None:
6773
email = "[email protected]"
6874
r = client.post(
6975
f"{settings.API_V1_STR}/password-recovery/{email}",
70-
headers=normal_user_token_headers,
76+
cookies=normal_user_auth_cookies,
7177
)
7278
assert r.status_code == 404
7379

7480

81+
# TODO
7582
def test_reset_password(client: TestClient, db: Session) -> None:
7683
email = random_email()
7784
password = random_lower_string()
@@ -91,7 +98,7 @@ def test_reset_password(client: TestClient, db: Session) -> None:
9198

9299
r = client.post(
93100
f"{settings.API_V1_STR}/reset-password/",
94-
headers=headers,
101+
cookies=headers,
95102
json=data,
96103
)
97104

@@ -103,12 +110,12 @@ def test_reset_password(client: TestClient, db: Session) -> None:
103110

104111

105112
def test_reset_password_invalid_token(
106-
client: TestClient, superuser_token_headers: dict[str, str]
113+
client: TestClient, superuser_auth_cookies: dict[str, str]
107114
) -> None:
108115
data = {"new_password": "changethis", "token": "invalid"}
109116
r = client.post(
110117
f"{settings.API_V1_STR}/reset-password/",
111-
headers=superuser_token_headers,
118+
cookies=superuser_auth_cookies,
112119
json=data,
113120
)
114121
response = r.json()

0 commit comments

Comments
 (0)