From 0ce193873433112051db3b67661bc915dfb7013d Mon Sep 17 00:00:00 2001
From: Aniket <1singlaaniket@gmail.com>
Date: Tue, 9 Jan 2024 11:50:17 +0530
Subject: [PATCH] added test case

---
 dj_rest_auth/tests/test_api.py | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/dj_rest_auth/tests/test_api.py b/dj_rest_auth/tests/test_api.py
index 5fc051c4..65185f29 100644
--- a/dj_rest_auth/tests/test_api.py
+++ b/dj_rest_auth/tests/test_api.py
@@ -1064,6 +1064,34 @@ def test_custom_token_refresh_view(self):
         # Ensure access keys are provided in response
         self.assertIn('access', refresh_resp.data)
         self.assertIn('access_expiration', refresh_resp.data)
+    
+    @override_api_settings(JWT_AUTH_RETURN_EXPIRATION=True)
+    @override_api_settings(USE_JWT=True)
+    @override_api_settings(JWT_AUTH_COOKIE='xxx')
+    @override_api_settings(JWT_AUTH_REFRESH_COOKIE='refresh-xxx')
+    @override_api_settings(JWT_AUTH_HTTPONLY=True)
+    def test_custom_token_refresh_view_with_http_only_cookie(self):
+        payload = {
+            'username': self.USERNAME,
+            'password': self.PASS,
+        }
+
+        get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
+        resp = self.post(self.login_url, data=payload, status_code=200)
+        refresh = resp.data.get('refresh')
+        refresh_resp = self.post(
+            reverse('token_refresh'),
+            data=dict(refresh=refresh),
+            status_code=200,
+        )
+        self.assertIn('xxx', refresh_resp.cookies)
+
+        # Ensure access keys are provided in response
+        self.assertIn('access', refresh_resp.data)
+        self.assertIn('access_expiration', refresh_resp.data)
+        # ensure refresh token is removed from response
+        self.assertNotIn('refresh', refresh_resp.data)
+        self.assertNotIn('refresh_expiration', refresh_resp.data)
 
     @override_api_settings(USE_JWT=True)
     @override_api_settings(JWT_AUTH_HTTPONLY=False)