Add testActionPassAuth to facilitate testing with trivial auth mocks #251
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Years ago, it was common practice to write resource-level unit tests for Coursera APIs - there are 555 usages of the existing
testAction
method in our codebase. As authorization logic became more complicated, teams increasingly moved away from resource testing because it was cumbersome to mock or fake auths.The irony here is that
testAction
itself requires the caller define a RestContext with authorization data, and tests only execute the authorizer's test-onlycheck
method. Needing to define a fully functional authorizer for testing is silly, because the bulk of its machinery won't even be exercised within atestAction
execution.This revision adds a new test method that skips the
check
step oftestAction
. This makes it possible to construct test resources with trivial authorizers - e.g.mock[<AuthorizerType]
. While we don't add very many new resource-level tests, the option to switch totestActionPassAuth
when refactoring tests for legacy code will make it much easier to migrate authorizer definitions for legacy code.