Flaskframework~30 mins

Testing authentication flows in Flask - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Testing authentication flows

📖 Scenario: You are building a simple Flask web app that requires users to log in. You want to write tests to check if the login and logout processes work correctly.

🎯 Goal: Create a test suite using Flask's test client to verify the authentication flow: logging in with correct credentials, failing with wrong credentials, and logging out.

📋 What You'll Learn

Create a Flask app with a login route and a logout route

Set up a test client for the Flask app

Write a test to check successful login with username 'user' and password 'pass'

Write a test to check login failure with wrong password

Write a test to check logout clears the session

💡 Why This Matters

🌍 Real World

Testing authentication flows is essential to ensure users can securely log in and out of web applications without errors.

💼 Career

Many web developer and QA roles require writing tests for user authentication to maintain app security and reliability.

Progress0 / 4 steps

Set up Flask app with login and logout routes

Create a Flask app instance called app. Define a route /login that accepts POST requests and checks if the form data has username equal to 'user' and password equal to 'pass'. If correct, set session['logged_in'] = True and return 'Logged in'. Otherwise, return 'Failed'. Also define a route /logout that clears the session and returns 'Logged out'.

Flask

# Your code here to create Flask app with /login and /logout routes

Need a hint?

Use Flask(__name__) to create the app. Use @app.route decorators for routes. Use session to store login state.

Set up Flask test client

Create a variable called client by calling app.test_client(). This will be used to send test requests to your Flask app.

Flask

from flask import Flask, request, session

app = Flask(__name__)
app.secret_key = 'secret'

@app.route('/login', methods=['POST'])
def login():
    username = request.form.get('username')
    password = request.form.get('password')
    if username == 'user' and password == 'pass':
        session['logged_in'] = True
        return 'Logged in'
    return 'Failed'

@app.route('/logout')
def logout():
    session.clear()
    return 'Logged out'

# Create test client
# Your code here

Need a hint?

Use app.test_client() to create the test client.

Write test for successful login

Use the client to send a POST request to /login with form data {'username': 'user', 'password': 'pass'}. Store the response in a variable called response. Then check if b'Logged in' is in response.data.

Flask

response = client.post('/login', data={'username': 'user', 'password': 'pass'})
assert b'Logged in' in response.data
# Test failed login and logout

Need a hint?

Use client.post with data= for form data. Check response.data for the expected bytes.

Write tests for failed login and logout

Write a test that sends a POST request to /login with wrong password {'username': 'user', 'password': 'wrong'} and checks that b'Failed' is in the response data. Then send a GET request to /logout and check that b'Logged out' is in the response data.

Flask

Need a hint?

Use client.post with wrong password and check for failure message. Use client.get for logout and check for logout message.