问题描述
我正在为受jwt
保护的REST API编写集成测试.一个API操作POST /user/token
在给定username
和password
的情况下返回jwt
,然后将此令牌用于一系列操作,例如:
I am writing integration test for a REST API protected by a jwt
.One API operation POST /user/token
is returning a jwt
given a username
and a password
and this token is then used for a list of operations such as:
GET /user/:id
该路由使用的是jwt({secret: secret.secretToken})
,因此令牌包含在http标头Authorization
中.
Where the route is using jwt({secret: secret.secretToken})
, so the token is included into the http header Authorization
.
使用超级测试进行测试时,我可以进行嵌套测试,但我想先获取令牌,然后将该令牌用于其他操作测试.
When testing with super test, I can have nested testing but I want to first get the token, then use this token for other operation testing.
POST /user/token => 12345
GET /user/:id, `Authorization Bearer 12345`
GET /user/:foo, `Authorization Bearer 12345`
如何避免为每次操作测试生成一个新令牌(请参阅下文),而仅使用一个由POST/user/token生成的令牌.
How to avoid generating a new token for every operation testing (see below) but use only a single one generate by POST /user/token.
it('should get a valid token for user: user1', function(done) {
request(url)
.post('/user/token')
.send({ _id: user1._id, password: user1.password })
.expect(200) // created
.end(function(err, res) {
// test operation GET /user/:id
推荐答案
您要对/user/token
执行一次POST,然后在每个测试用例中使用收到的令牌?如果是这样,请使用您正在使用的测试框架的before
挂钩(Mocha?),并将令牌存储到变量中,例如
You want to perform single POST to /user/token
and then use the token received in every test case? If so, then use the before
hook of the test framework you are using (Mocha?) and store the token to a variable, e.g.
describe('My API tests', function() {
var token = null;
before(function(done) {
request(url)
.post('/user/token')
.send({ _id: user1._id, password: user1.password })
.end(function(err, res) {
token = res.body.token; // Or something
done();
});
});
it('should get a valid token for user: user1', function(done) {
request('/get/user')
.set('Authorization', 'Bearer ' + token)
.expect(200, done);
});
});
这篇关于超级测试,测试安全的REST API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!