feat: implement secure cookie-based authentication with login, refresh, and logout endpoints

2026-05-04 08:56:52 +00:00 · 2026-04-10 18:11:15 +05:30
parent 0d37242f0d
commit 373c2b1815
3 changed files with 53 additions and 6 deletions
@@ -1 +1,30 @@
-# Create your tests here.
+from django.conf import settings
+from django.contrib.auth import get_user_model
+from django.urls import reverse
+from rest_framework import status
+from rest_framework.test import APITestCase
+
+User = get_user_model()
+
+
+class AuthTests(APITestCase):
+    def setUp(self):
+        self.password = "password123"
+        self.user = User.objects.create_user(
+            email="test@example.com", password=self.password, full_name="Test User", is_active=True
+        )
+        self.login_url = reverse("token_obtain_pair")
+        self.refresh_url = reverse("token_refresh")
+        self.logout_url = reverse("logout")
+
+    def test_login_sets_secure_cookie(self):
+        data = {"email": self.user.email, "password": self.password}
+        response = self.client.post(self.login_url, data)
+        cookie_name = settings.SIMPLE_JWT["AUTH_COOKIE"]
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn("access", response.data)
+        self.assertNotIn("refresh", response.data)
+        self.assertIn(cookie_name, response.cookies)
+        # verify the cookie has a value
+        self.assertTrue(response.cookies[cookie_name].value)