堆栈内存溢出
  简体   繁体   English

如何正确测试具有身份验证的RESTful API

[英]How to properly test a RESTful API which has authentication

 原文  2016-12-08 04:34:47       javascript/ node.js/ rest/ unit-testing/ authentication

问题描述

I would like to write automated tests for my Node.js API, and I've begun doing so using Mocha and Chai, using chai-http to manage the requests. 我想为Node.js API编写自动化测试,并且已经开始使用Mocha和Chai,使用chai-http来管理请求。

I've got a route to www.example.com/users, and have successfully written automated tests to register a user and log a user in, so I thought I was on the way, but now almost all of the other routes require the user to be authenticated! 我有一条通往www.example.com/users的路线,并且已经成功编写了自动化测试来注册用户并登录用户,所以我以为自己正在路上,但是现在几乎所有其他路线都需要用户需要认证! Since I'm mocking the database (using mockgoose with mongoose) during the test, I've already taken care of that dependency. 由于我在测试过程中在模拟数据库(将模拟狗与猫鼬结合使用),因此我已经处理了这种依赖性。 But, this brings up the question, how do I get a user authenticated but still not expose my test to multiple, potentially changing pieces of code?? 但是,这带来了一个问题,即如何使用户通过身份验证,但仍不能将我的测试暴露给可能会更改的多个代码段?

The flow through the program is relatively simple: upon requesting a secure resource, there is middleware that authenticates the user and then attaches a user object onto the request. 程序的流程相对简单:在请求安全资源时,存在中间件对用户进行身份验证,然后将user对象附加到请求上。 That user object then makes it possible for routes to access the user's information and make calls to the database. 然后,该user对象使路由可以访问用户信息并调用数据库。

So, I suppose an ideal solution would attach a user object to the request object, once the call has been made to the API. 因此,我想一种理想的解决方案是,一旦对API进行了调用,便会将user对象附加到请求对象。

As I'm relatively new to testing, I'd welcome any feedback that would give me insight into better testing procedures. 由于我是测试的新手,因此欢迎收到任何反馈,这些反馈可以让我深入了解更好的测试程序。

1 个解决方案

解决方案1
 0 已采纳  2017-01-16 17:14:30

I've since accomplished this task by utilizing the beforeEach hook offered by Mocha. 从那以后,我已经利用Mocha提供的beforeEach挂钩完成了此任务。 In it, I call a function called seedDB , which mocks the database and returns an object with all of the information I need. 在其中,我调用了一个名为seedDB的函数,该函数seedDB数据库并返回一个对象,其中包含我需要的所有信息。 The seedDB function actually posts to the API in order to do things like register a user and log them in, then makes both the user object and token accessible for use by my tests through the object. seedDB函数实际上是发布到API以便执行诸如注册用户并登录他们之类的事情,然后使user对象和token均可访问,以供我的测试通过该对象使用。 It's worked out very nicely so far because, when I change things within the API/validation routes, the tests automatically respond to the changes. 到目前为止,它的效果非常好,因为当我在API /验证路由中进行更改时,测试会自动响应更改。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从具有基本身份验证的rest api获取数据? - How to get data from rest api which has basic authentication? AngularJS身份验证+ RESTful API - AngularJS Authentication + RESTful API 如何测试其中调用了另一个 API function 的 function - NodeJS - How to test a function which has calls a another API function in it - NodeJS 我如何测试 vuex 动作,它带有 jest 里面有一个 api 调用? - How can I test vuex action which with jest which has an api call inside it? Node js的RESTFUL API是否可以从其服务器托管在aws中的godaddy中的子域路由 - Can RESTFUL API of Node js routed from a sub domain in godaddy which has its server hosted in aws AngularJS使用restful api进行身份验证,成功时返回令牌 - AngularJS Authentication with a restful api that returns a token on success 针对静态API的角度登录/身份验证 - Angular login/authentication against restful API 如何用茉莉花测试具有setTimeout的函数? - How to test a function which has a setTimeout with jasmine? 我如何通过js客户端将一些方法执行到需要身份验证的Flask Restful API中 - How I execute some methods with a js client into a Flask restful api that needs authentication 如何正确测试Apollo GraphQL查询的组件? - How can I properly test a component which is an Apollo GraphQL query?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM