miguelgrinberg / microblog-api

A modern (as of 2024) Flask API back end.
MIT License
367 stars 99 forks source link

Great project, testing might have holes when only considering the backend #4

Closed cap-jmk closed 2 years ago

cap-jmk commented 2 years ago

Hey Miguel,

Thank you for the project. I realized your GitHub actions workflow does not seem to catch an error with the password reset function, however mine does. I am not sure yet why, but when I tried to test it manually, it also did not work. It could be because I ran:

pytest -cov tests/

But I am not entirely sure. I modified the .yaml in my repo. Please check it for any suggestions on how to fix it.

Best, Manuel

miguelgrinberg commented 2 years ago

The password reset test assumes the redirect URL is configured with the default. It seems you have overriden this configuration option to use port 5000 in this URL instead of the default port 3000. If you fix that your test should pass.

cap-jmk commented 2 years ago

Yes, sure that works, but I could also not manually test the authentication in this case. Could you quickly brief me on how to do it?

miguelgrinberg commented 2 years ago

What do you mean by "manually test the authentication"? Please show me what you are doing, I don't understand.

cap-jmk commented 2 years ago

Yes, I am sorry. I was testing the endpoints with Postman. Just sending requests according to the documentation to the endpoints. However, I could not complete authentication.

miguelgrinberg commented 2 years ago

There is nothing wrong with using postman. I stand by what I ask. Please provide a detail of all the requests that you sent, with its responses.

cap-jmk commented 2 years ago

Yes, so I sent for a user who was signed-up previously

{
  "email": "special_guy@example.com"
}

To the password reset endpoint http://127.0.0.1:5000/api/tokens/reset. Following the respective link resulted in no update in the database.

miguelgrinberg commented 2 years ago

I can't really help you if you don't provide all the details. The /tokens/reset endpoint is used to reset a forgotten password, it is not an authentication endpoint.

Please show me a complete test, where you register a user, then attempt to log in with that user. For each request, include the complete request and response details, including url, headers, bodies and status codes.

cap-jmk commented 2 years ago

I hesitate to provide any personal details in public (as I would have to provide a mail address that actually exists, right?).

So imagine the user. The workflow, after entering flask run in the terminal on macOS, is as follows:

  1. Register user (works)
  2. Request password reset (works)
  3. Click on link (nothing happens)
miguelgrinberg commented 2 years ago

Well, yes. The link goes to your front end application, which should prompt you to enter a new password. This project does not offer interactive password resets. If you want to reset the password directly on the API, then make a request to the reset password endpoint and pass the token and your new password. You can fish out the token from the email.

cap-jmk commented 2 years ago

Okay, got it. Thank you for your time. I am working on a front end. If it is something you needed, too, I am happy to provide it.

miguelgrinberg commented 2 years ago

I have a complete React front end here: https://github.com/miguelgrinberg/react-microblog.

cap-jmk commented 2 years ago

Oh, nice, thank you :) Keep up your great work!