FlaskTester - Pytest fixtures for Flask internal and external authenticated tests

This package allows to run authenticated tests against a Flask application, either with internal Flask tests (aka test_client) or external tests (with requests which performs actual HTTP requests), including password and token authentication and per-user cookies.

Only one set of tests is needed, switching from internal to external is achieved by setting an environment variable.

Usage

Install package with pip install FlaskTester or equivalent.

The following test creates a local fixture with 2 users identified by a password, and retrieves tokens for both users using a /login route provided by the application. It then proceeds to run authenticated requests against the /admin route.

import pytest
from FlaskTester import ft_authenticator, ft_client
import secret

def authHook(api, user: str, pwd: str|None):
    if pwd is not None:  # get a token when a login/password is provided
        res = api.get("/login", login=user, auth="basic", status=200)
        api.setToken(user, res.json["token"])
    else:  # remove token
        api.setToken(user, None)

@pytest.fixture
def app(ft_client):
    # register authentication hook
    ft_client.setHook(authHook)
    # add test passwords for Calvin and Hobbes (must be consistent with app!)
    ft_client.setPass("calvin", secret.PASSES["calvin"])
    ft_client.setPass("hobbes", secret.PASSES["hobbes"])
    # also set a cookie
    ft_client.setCookie("hobbes", "lang", "fr")
    ft_client.setCookie("calvin", "lang", "en")
    # return working client
    yield ft_client

def test_app_admin(app):
    app.get("/admin", login=None, status=401)
    for auth in ["bearer", "basic", "param"]:
        res = app.get("/admin", login="calvin", auth=auth, status=200)
        assert res.json["user"] == "calvin" and res.json["isadmin"]
        res = app.get("/admin", login="hobbes", auth=auth, status=403)
        assert 'not in group "ADMIN"' in res.text

This can be run against a local or remote server:

export TEST_SEED="some-random-data"              # shared test seed
flask --app app:app run &                        # start flask app
pid=$!                                           # keep pid
export FLASK_TESTER_APP="http://localhost:5000"  # set app url, local or remote
pytest test.py                                   # run external tests
kill $pid                                        # stop app with pid

Or locally with the Flask internal test infrastructure:

export FLASK_TESTER_APP="app:app"                # set app package
pytest test.py                                   # run internal tests

The above test runs with tests/app.py Flask REST application back-end with password and token authentication based on FlaskSimpleAuth. The code uses 23 lines of Python for implementing password (basic and parameters) and token authentications, admin group authorization, and routes for token generation (2), identity tests (2) and an incredible open cookie-based translation service.

See the documentation.

License

This code is Public Domain.

All software has bug, this is software, hence… Beware that you may lose your hairs or your friends because of it. If you like it, feel free to send a postcard to the author.

Versions

Packages are distributed from PyPI, sources are available on GitHub, please report any issues.