Existing coverage was one integration test and zero e2e tests. Adds the thin, high-value integration/e2e layer unit tests can't reach (real Postgres wire contract, real browser flows) and wires it as a post-deploy smoke gate. - Seed a deterministic dev/QA admin user and fixed Development env key so HTTP-only tests can authenticate without per-run registration. - Expand the API integration suite: disabled-flag, unauthorized access, environment-document bootstrap, identity-override precedence, and auth login scenarios, reusing the existing black-box HTTP+Npgsql harness. - Add a Playwright suite for the admin SPA: login, nav, project/environment context selection, and feature create/toggle, against the real API. - Bind QA Postgres to 127.0.0.1 for direct seeding, add smoke-qa.sh and an ensure_node() bootstrap (the qa runner has no Node today), and wire a new smoke-qa CI job after deploy-qa.
58 lines
1.8 KiB
C#
58 lines
1.8 KiB
C#
using MicCheck.Api.Tests.Integration.Common;
|
|
using NUnit.Framework;
|
|
|
|
namespace MicCheck.Api.Tests.Integration.Flags;
|
|
|
|
[TestFixture]
|
|
public class FlagsApiAuthorizationTests
|
|
{
|
|
private IntegrationTestSettings settings = null!;
|
|
private FlagApiHttpClient client = null!;
|
|
|
|
[OneTimeSetUp]
|
|
public void OneTimeSetUp()
|
|
{
|
|
settings = IntegrationTestSettings.Load();
|
|
client = new FlagApiHttpClient(settings);
|
|
}
|
|
|
|
[OneTimeTearDown]
|
|
public void OneTimeTearDown() => client.Dispose();
|
|
|
|
[Test]
|
|
public async Task WhenNoEnvironmentKeyIsProvided_ThenTheFlagsApiReturnsUnauthorized()
|
|
{
|
|
using var response = await client.SendAsync(
|
|
httpFile: "Flags.http",
|
|
requestName: "GetFlags",
|
|
variables: new Dictionary<string, string>
|
|
{
|
|
["baseUrl"] = settings.BaseUrl,
|
|
["environmentKey"] = string.Empty
|
|
});
|
|
|
|
Assert.That(
|
|
(int)response.StatusCode,
|
|
Is.EqualTo(401),
|
|
$"Expected 401 for a missing environment key, got {(int)response.StatusCode} {response.ReasonPhrase}.");
|
|
}
|
|
|
|
[Test]
|
|
public async Task WhenAnUnknownEnvironmentKeyIsProvided_ThenTheFlagsApiReturnsUnauthorized()
|
|
{
|
|
using var response = await client.SendAsync(
|
|
httpFile: "Flags.http",
|
|
requestName: "GetFlags",
|
|
variables: new Dictionary<string, string>
|
|
{
|
|
["baseUrl"] = settings.BaseUrl,
|
|
["environmentKey"] = $"unknown_{Guid.NewGuid():N}"
|
|
});
|
|
|
|
Assert.That(
|
|
(int)response.StatusCode,
|
|
Is.EqualTo(401),
|
|
$"Expected 401 for an unrecognized environment key, got {(int)response.StatusCode} {response.ReasonPhrase}.");
|
|
}
|
|
}
|