feat: implement refresh token functionality; update authentication and token models; add tests for refresh endpoint
Test / test (push) Successful in 13s
Test / test (push) Successful in 13s
This commit is contained in:
k1nq
@@ -30,6 +30,7 @@ async def test_register_user_creates_organization_membership(
|
||||
body = response.json()
|
||||
assert body["token_type"] == "bearer"
|
||||
assert "access_token" in body
|
||||
assert "refresh_token" in body
|
||||
|
||||
async with session_factory() as session:
|
||||
user = await session.scalar(select(User).where(User.email == payload["email"]))
|
||||
@@ -74,6 +75,7 @@ async def test_login_endpoint_returns_token_for_valid_credentials(
|
||||
body = response.json()
|
||||
assert body["token_type"] == "bearer"
|
||||
assert "access_token" in body
|
||||
assert "refresh_token" in body
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
@@ -98,3 +100,47 @@ async def test_token_endpoint_rejects_invalid_credentials(
|
||||
|
||||
assert response.status_code == 401
|
||||
assert response.json()["detail"] == "Invalid email or password"
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_refresh_endpoint_returns_new_tokens(
|
||||
session_factory: async_sessionmaker[AsyncSession],
|
||||
client: AsyncClient,
|
||||
) -> None:
|
||||
async with session_factory() as session:
|
||||
user = User(
|
||||
email="refresh-user@example.com",
|
||||
hashed_password=password_hasher.hash("StrongPass123"),
|
||||
name="Refresh User",
|
||||
is_active=True,
|
||||
)
|
||||
session.add(user)
|
||||
await session.commit()
|
||||
|
||||
login_response = await client.post(
|
||||
"/api/v1/auth/login",
|
||||
json={"email": "refresh-user@example.com", "password": "StrongPass123"},
|
||||
)
|
||||
assert login_response.status_code == 200
|
||||
refresh_token = login_response.json()["refresh_token"]
|
||||
|
||||
response = await client.post(
|
||||
"/api/v1/auth/refresh",
|
||||
json={"refresh_token": refresh_token},
|
||||
)
|
||||
|
||||
assert response.status_code == 200
|
||||
body = response.json()
|
||||
assert "access_token" in body
|
||||
assert "refresh_token" in body
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_refresh_endpoint_rejects_invalid_token(client: AsyncClient) -> None:
|
||||
response = await client.post(
|
||||
"/api/v1/auth/refresh",
|
||||
json={"refresh_token": "not-a-jwt"},
|
||||
)
|
||||
|
||||
assert response.status_code == 401
|
||||
assert response.json()["detail"] == "Invalid refresh token"
|
||||
|
||||
Reference in New Issue
Block a user