Great project, testing might have holes when only considering the backend

[cap-jmk]

Hey Miguel,

Thank you for the project. I realized your GitHub actions workflow does not seem to catch an error with the password reset function, however mine does. I am not sure yet why, but when I tried to test it manually, it also did not work. It could be because I ran:

pytest -cov tests/

But I am not entirely sure. I modified the .yaml in my repo. Please check it for any suggestions on how to fix it.

Best, Manuel

[miguelgrinberg]

The password reset test assumes the redirect URL is configured with the default. It seems you have overriden this configuration option to use port 5000 in this URL instead of the default port 3000. If you fix that your test should pass.

[cap-jmk]

Yes, sure that works, but I could also not manually test the authentication in this case. Could you quickly brief me on how to do it?

[miguelgrinberg]

What do you mean by "manually test the authentication"? Please show me what you are doing, I don't understand.

[cap-jmk]

Yes, I am sorry. I was testing the endpoints with Postman. Just sending requests according to the documentation to the endpoints. However, I could not complete authentication.

[miguelgrinberg]

There is nothing wrong with using postman. I stand by what I ask. Please provide a detail of all the requests that you sent, with its responses.

[cap-jmk]

Yes, so I sent for a user who was signed-up previously

{
  "email": "special_guy@example.com"
}

To the password reset endpoint http://127.0.0.1:5000/api/tokens/reset. Following the respective link resulted in no update in the database.

[miguelgrinberg]

I can't really help you if you don't provide all the details. The /tokens/reset endpoint is used to reset a forgotten password, it is not an authentication endpoint.

Please show me a complete test, where you register a user, then attempt to log in with that user. For each request, include the complete request and response details, including url, headers, bodies and status codes.

[cap-jmk]

I hesitate to provide any personal details in public (as I would have to provide a mail address that actually exists, right?).

So imagine the user. The workflow, after entering flask run in the terminal on macOS, is as follows:

1. Register user (works)
2. Request password reset (works)
3. Click on link (nothing happens)

[miguelgrinberg]

Well, yes. The link goes to your front end application, which should prompt you to enter a new password. This project does not offer interactive password resets. If you want to reset the password directly on the API, then make a request to the reset password endpoint and pass the token and your new password. You can fish out the token from the email.

[cap-jmk]

Okay, got it. Thank you for your time. I am working on a front end. If it is something you needed, too, I am happy to provide it.

[miguelgrinberg]

I have a complete React front end here: https://github.com/miguelgrinberg/react-microblog.

[cap-jmk]

Oh, nice, thank you :) Keep up your great work!