AHMET YILMAZ
b3fff546e9
Some checks failed
System Monitoring / Health Checks (push) Has been cancelled
System Monitoring / Performance Monitoring (push) Has been cancelled
System Monitoring / Database Monitoring (push) Has been cancelled
System Monitoring / Cache Monitoring (push) Has been cancelled
System Monitoring / Log Monitoring (push) Has been cancelled
System Monitoring / Resource Monitoring (push) Has been cancelled
System Monitoring / Uptime Monitoring (push) Has been cancelled
System Monitoring / Backup Monitoring (push) Has been cancelled
System Monitoring / Security Monitoring (push) Has been cancelled
System Monitoring / Monitoring Dashboard (push) Has been cancelled
System Monitoring / Alerting (push) Has been cancelled
Security Scanning / Dependency Scanning (push) Has been cancelled
Security Scanning / Code Security Scanning (push) Has been cancelled
Security Scanning / Secrets Scanning (push) Has been cancelled
Security Scanning / Container Security Scanning (push) Has been cancelled
Security Scanning / Compliance Checking (push) Has been cancelled
Security Scanning / Security Dashboard (push) Has been cancelled
Security Scanning / Security Remediation (push) Has been cancelled
78 lines
2.4 KiB
Python
78 lines
2.4 KiB
Python
"""
|
|
Contract test for POST /auth/logout endpoint.
|
|
This test MUST fail before implementation.
|
|
"""
|
|
|
|
import pytest
|
|
from django.test import TestCase
|
|
from django.urls import reverse
|
|
from rest_framework.test import APIClient
|
|
from rest_framework import status
|
|
import json
|
|
|
|
|
|
class AuthLogoutContractTest(TestCase):
|
|
def setUp(self):
|
|
self.client = APIClient()
|
|
self.logout_url = '/api/v1/auth/logout/'
|
|
|
|
# Mock authentication token
|
|
self.auth_header = {'HTTP_AUTHORIZATION': 'Bearer mock_token'}
|
|
|
|
def test_logout_success(self):
|
|
"""Test successful logout with valid token."""
|
|
response = self.client.post(
|
|
self.logout_url,
|
|
**self.auth_header
|
|
)
|
|
|
|
# This should fail before implementation
|
|
assert response.status_code == status.HTTP_200_OK
|
|
|
|
data = response.json()
|
|
assert 'message' in data
|
|
assert data['message'] == 'Successfully logged out'
|
|
|
|
def test_logout_no_token(self):
|
|
"""Test logout failure without authentication token."""
|
|
response = self.client.post(self.logout_url)
|
|
|
|
assert response.status_code == status.HTTP_401_UNAUTHORIZED
|
|
|
|
def test_logout_invalid_token(self):
|
|
"""Test logout failure with invalid token."""
|
|
invalid_auth_header = {'HTTP_AUTHORIZATION': 'Bearer invalid_token'}
|
|
|
|
response = self.client.post(
|
|
self.logout_url,
|
|
**invalid_auth_header
|
|
)
|
|
|
|
assert response.status_code == status.HTTP_401_UNAUTHORIZED
|
|
|
|
def test_logout_expired_token(self):
|
|
"""Test logout failure with expired token."""
|
|
expired_auth_header = {'HTTP_AUTHORIZATION': 'Bearer expired_token'}
|
|
|
|
response = self.client.post(
|
|
self.logout_url,
|
|
**expired_auth_header
|
|
)
|
|
|
|
assert response.status_code == status.HTTP_401_UNAUTHORIZED
|
|
|
|
def test_logout_token_blacklisting(self):
|
|
"""Test that logout token is blacklisted."""
|
|
# This test verifies that the token is added to blacklist
|
|
response = self.client.post(
|
|
self.logout_url,
|
|
**self.auth_header
|
|
)
|
|
|
|
if response.status_code == status.HTTP_200_OK:
|
|
# Token should be blacklisted and cannot be used again
|
|
second_response = self.client.post(
|
|
self.logout_url,
|
|
**self.auth_header
|
|
)
|
|
assert second_response.status_code == status.HTTP_401_UNAUTHORIZED |