""" Contract test for POST /auth/logout endpoint. This test MUST fail before implementation. """ import pytest from django.test import TestCase from django.urls import reverse from rest_framework.test import APIClient from rest_framework import status import json class AuthLogoutContractTest(TestCase): def setUp(self): self.client = APIClient() self.logout_url = '/api/v1/auth/logout/' # Mock authentication token self.auth_header = {'HTTP_AUTHORIZATION': 'Bearer mock_token'} def test_logout_success(self): """Test successful logout with valid token.""" response = self.client.post( self.logout_url, **self.auth_header ) # This should fail before implementation assert response.status_code == status.HTTP_200_OK data = response.json() assert 'message' in data assert data['message'] == 'Successfully logged out' def test_logout_no_token(self): """Test logout failure without authentication token.""" response = self.client.post(self.logout_url) assert response.status_code == status.HTTP_401_UNAUTHORIZED def test_logout_invalid_token(self): """Test logout failure with invalid token.""" invalid_auth_header = {'HTTP_AUTHORIZATION': 'Bearer invalid_token'} response = self.client.post( self.logout_url, **invalid_auth_header ) assert response.status_code == status.HTTP_401_UNAUTHORIZED def test_logout_expired_token(self): """Test logout failure with expired token.""" expired_auth_header = {'HTTP_AUTHORIZATION': 'Bearer expired_token'} response = self.client.post( self.logout_url, **expired_auth_header ) assert response.status_code == status.HTTP_401_UNAUTHORIZED def test_logout_token_blacklisting(self): """Test that logout token is blacklisted.""" # This test verifies that the token is added to blacklist response = self.client.post( self.logout_url, **self.auth_header ) if response.status_code == status.HTTP_200_OK: # Token should be blacklisted and cannot be used again second_response = self.client.post( self.logout_url, **self.auth_header ) assert second_response.status_code == status.HTTP_401_UNAUTHORIZED