超级测试，测试安全的REST API [英] Super test, test secure REST API

问题描述

我正在为受jwt保护的REST API编写集成测试. 一个API操作POST /user/token在给定username和password的情况下返回jwt，然后将此令牌用于一系列操作，例如:

I am writing integration test for a REST API protected by a jwt. One API operation POST /user/token is returning a jwt given a username and a password and this token is then used for a list of operations such as:

GET /user/:id

该路由使用的是jwt({secret: secret.secretToken})，因此令牌包含在http标头Authorization中.

Where the route is using jwt({secret: secret.secretToken}), so the token is included into the http header Authorization.

使用超级测试进行测试时，我可以进行嵌套测试，但我想先获取令牌，然后将该令牌用于其他操作测试.

When testing with super test, I can have nested testing but I want to first get the token, then use this token for other operation testing.

POST /user/token => 12345
GET /user/:id, `Authorization Bearer 12345`
GET /user/:foo, `Authorization Bearer 12345`

如何避免为每次操作测试生成一个新令牌(请参阅下文)，而仅使用一个由POST/user/token生成的令牌.

How to avoid generating a new token for every operation testing (see below) but use only a single one generate by POST /user/token.

it('should get a valid token for user: user1', function(done) { 
  request(url)
    .post('/user/token')
    .send({ _id: user1._id, password: user1.password })
    .expect(200) // created
      .end(function(err, res) {
        // test operation GET /user/:id

推荐答案

您要对/user/token执行一次POST，然后在每个测试用例中使用收到的令牌?如果是这样，请使用您正在使用的测试框架的before挂钩(Mocha?)，并将令牌存储到变量中，例如

You want to perform single POST to /user/token and then use the token received in every test case? If so, then use the before hook of the test framework you are using (Mocha?) and store the token to a variable, e.g.

describe('My API tests', function() {

  var token = null;

  before(function(done) {
    request(url)
      .post('/user/token')
      .send({ _id: user1._id, password: user1.password })
      .end(function(err, res) {
        token = res.body.token; // Or something
        done();
      });
  });

  it('should get a valid token for user: user1', function(done) { 
    request('/get/user')
      .set('Authorization', 'Bearer ' + token)
      .expect(200, done);
  });
});

这篇关于超级测试，测试安全的REST API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！