YunxiaoXu/ea-chatbot-lg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7cc34ceb0b9515936ca74a8c60fac0c71f6da790
ea-chatbot-lg/backend/tests/api/test_auth_refresh.py

57 lines
2.0 KiB
Python
Raw Blame History

import pytest
from fastapi.testclient import TestClient
from ea_chatbot.api.main import app
from ea_chatbot.api.utils import create_refresh_token, create_access_token
from unittest.mock import patch, MagicMock
from ea_chatbot.history.models import User
@pytest.fixture
def client():
return TestClient(app)
def test_refresh_token_success(client):
# 1. Setup: Create a valid refresh token for a user
user_id = "test-user-id"
refresh_token = create_refresh_token({"sub": user_id})
# 2. Set the cookie manually in the client
client.cookies.set("refresh_token", refresh_token)
import time
time.sleep(1.1) # Wait to ensure iat is different
# 3. Call the refresh endpoint with mock
with patch("ea_chatbot.api.routers.auth.history_manager") as mock_hm:
mock_hm.get_user_by_id.return_value = User(id=user_id, username="test@test.com")
response = client.post("/api/v1/auth/refresh")
# 4. Assert success
assert response.status_code == 200
assert "access_token" in response.cookies
assert "refresh_token" in response.cookies
# Verify tokens are rotated (different from original)
assert response.cookies["refresh_token"] != refresh_token
def test_refresh_token_missing_cookie(client):
response = client.post("/api/v1/auth/refresh")
assert response.status_code == 401
assert response.json()["detail"] == "Refresh token missing"
def test_refresh_token_invalid(client):
client.cookies.set("refresh_token", "invalid-token")
response = client.post("/api/v1/auth/refresh")
assert response.status_code == 401
assert response.json()["detail"] == "Invalid refresh token"
def test_refresh_token_wrong_type(client):
# Using an access token as a refresh token should fail
access_token = create_access_token({"sub": "user123"})
client.cookies.set("refresh_token", access_token)
response = client.post("/api/v1/auth/refresh")
assert response.status_code == 401
assert response.json()["detail"] == "Invalid token type"
Reference in New Issue View Git Blame Copy Permalink