I'm writing an API server. The framework we're using is Rails + Pundit + graphql-ruby, but I guess this question is framework-independent.
We have authentication + authorization implemented on the resources on each different endpoints; and we want to make sure that the endpoint which requires login, are properly protected (i.e., you actually have to be a valid user in order to access the endpoint).
In order to do that, the only approach I can come up with is that... to mock an anonymous access onto each of the different endpoints we're having. However, I think this is not DRY - the code for checking these endpoints are basically the same.
(Currently there're mostly authentication, but we'll probably put in more authorization on the endpoint level.)
Is there any better way of doing this?
PS: this question is mainly asking for opinion on how to design the test cases. It was first asked in the code review site, but marked as off-topic since it doesn't include any code.
So I'm asking here in the StackOverFlow main site instead.
Aucun commentaire:
Enregistrer un commentaire