format tests, send to /login on logout

sondregronas · Aug 6, 2023 · 6e196db · 6e196db
1 parent b378a7e
commit 6e196db
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/BookingSystem/app.py b/BookingSystem/app.py
@@ -84,7 +84,7 @@ def register() -> flask.Response:
     @app.route('/logout')
     def logout() -> flask.Response:
         flask.session.clear()
-        return flask.redirect(flask.url_for('index'))
+        return flask.redirect(flask.url_for('login'))
 
     @app.route('/admin')
     @login_required(admin_only=True)

diff --git a/tests/test_endpoints.py b/tests/test_endpoints.py
@@ -4,6 +4,11 @@
 
 
 def test_index(client):
+    """
+    Should redirect to /login if not logged in
+    /admin should be visible if logged in as admin
+    /admin should not be visible if logged in as student
+    """
     # Not logged in
     response = client.get('/')
     assert response.status_code == 302
@@ -25,6 +30,9 @@ def test_index(client):
 
 
 def test_login(client):
+    """
+    Should redirect to / if already logged in
+    """
     # Not logged in
     response = client.get('/login')
     assert response.status_code == 200
@@ -46,6 +54,9 @@ def test_login(client):
 
 
 def test_admin_page(client):
+    """
+    Should clear session cookie and send to /login if not admin
+    """
     # Not logged in
     response = client.get('/admin')
     assert response.status_code == 302
@@ -61,15 +72,22 @@ def test_admin_page(client):
     with client.session_transaction() as session:
         session['user'] = StudentUser()
     response = client.get('/admin')
+    # Should clear session cookie if not admin
+    # (could return a 403 instead, but this is simpler)
+    with client.session_transaction() as session:
+        assert 'user' not in session
     assert response.status_code == 302
     assert '/login' == response.headers['Location']
 
 
 def test_logout(client):
+    """
+    Should redirect to /login and clear session cookie
+    """
     # Not logged in
     response = client.get('/logout')
     assert response.status_code == 302
-    assert '/' == response.headers['Location']
+    assert '/login' == response.headers['Location']
 
     # Logged in as admin
     with client.session_transaction() as session:
@@ -78,7 +96,7 @@ def test_logout(client):
     with client.session_transaction() as session:
         assert 'user' not in session
     assert response.status_code == 302
-    assert '/' == response.headers['Location']
+    assert '/login' == response.headers['Location']
 
     # Logged in as student
     with client.session_transaction() as session:
@@ -87,4 +105,4 @@ def test_logout(client):
     with client.session_transaction() as session:
         assert 'user' not in session
     assert response.status_code == 302
-    assert '/' == response.headers['Location']
+    assert '/login' == response.headers['Location']