Testing security is obviously very important—if you expose your application to the web, you can be sure that your security will be heavily tested, and not for the right reasons. All of your secured endpoints will be tested and exploited if not correctly secured. First of all, we should test our login and logout processes.

If we wanted to test submitting a form, such as the login form, we can use the post method of the test client. Let's create a test_login method to see if the login form works correctly:

class TestURLs(unittest.TestCase):....    def _insert_user(self, username, password, role_name):        test_role = Role(role_name)        db.session.add(test_role)        db.session.commit()        test_user = User(username) test_user.set_password(password) ...