0
0
Flaskframework~5 mins

Testing authentication flows in Flask

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Introduction

Testing authentication flows helps make sure users can log in and log out correctly. It checks that only the right people can access protected parts of your app.

When you want to confirm users can sign up and log in without errors.
When you need to check that protected pages are blocked for users who are not logged in.
When you want to verify that logging out removes access properly.
When you want to test error messages for wrong passwords or usernames.
When you update your login system and want to make sure it still works.
Syntax
Flask
def test_login(client):
    response = client.post('/login', data={'username': 'user', 'password': 'pass'})
    assert response.status_code == 200
    assert b'Welcome' in response.data

Use Flask's test client to simulate requests to your app.

Check response status codes and content to confirm correct behavior.

Examples
Tests a successful login with correct username and password.
Flask
def test_login_success(client):
    response = client.post('/login', data={'username': 'alice', 'password': 'secret'})
    assert response.status_code == 200
    assert b'Welcome, alice' in response.data
Tests login failure with wrong password and checks for error message.
Flask
def test_login_failure(client):
    response = client.post('/login', data={'username': 'alice', 'password': 'wrong'})
    assert response.status_code == 401
    assert b'Invalid credentials' in response.data
Tests that accessing a protected page redirects to login if not logged in.
Flask
def test_protected_page_requires_login(client):
    response = client.get('/dashboard')
    assert response.status_code == 302
    assert '/login' in response.headers['Location']
Sample Program

This Flask app has simple login, dashboard, and logout routes. The test checks logging in with correct and wrong passwords, accessing a protected page, and logging out.

Flask
from flask import Flask, request, redirect, url_for, session
import pytest

app = Flask(__name__)
app.secret_key = 'testkey'

users = {'bob': 'password123'}

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        if users.get(username) == password:
            session['user'] = username
            return f'Welcome, {username}'
        else:
            return 'Invalid credentials', 401
    return 'Login Page'

@app.route('/dashboard')
def dashboard():
    if 'user' not in session:
        return redirect(url_for('login'))
    return f'Dashboard for {session["user"]}'

@app.route('/logout')
def logout():
    session.pop('user', None)
    return 'Logged out'

# Testing
@pytest.fixture

def client():
    app.config['TESTING'] = True
    with app.test_client() as client:
        yield client

def test_auth_flow(client):
    # Test login success
    response = client.post('/login', data={'username': 'bob', 'password': 'password123'})
    assert response.status_code == 200
    assert b'Welcome, bob' in response.data

    # Test access to dashboard after login
    response = client.get('/dashboard')
    assert response.status_code == 200
    assert b'Dashboard for bob' in response.data

    # Test logout
    response = client.get('/logout')
    assert response.status_code == 200
    assert b'Logged out' in response.data

    # Test dashboard redirects after logout
    response = client.get('/dashboard')
    assert response.status_code == 302
    assert '/login' in response.headers['Location']

    # Test login failure
    response = client.post('/login', data={'username': 'bob', 'password': 'wrongpass'})
    assert response.status_code == 401
    assert b'Invalid credentials' in response.data
OutputSuccess
Important Notes

Use Flask's test_client() to simulate browser requests without running the server.

Always check both the HTTP status code and the response content to confirm correct behavior.

Clear session data between tests to avoid false positives.

Summary

Testing authentication flows ensures your login system works as expected.

Use Flask's test client to simulate login, logout, and protected page access.

Check status codes and response messages to verify success or failure.