[openstreetmap/openstreetmap-website] Avoid using Basic Authorization in tests (Issue #4801)
Andy Allan
notifications at github.com
Wed May 15 15:56:34 UTC 2024
We currently use `basic_authorization_header` extensively in our tests (around 200 times). It's typically used to check that a controller behaves correctly (i.e. differently than for requests that have no authorization).
Since we're dropping basic_auth support in the API (by changing a config to disable it), it makes sense for us to remove all the code too, at some point soon after. Before that happens, we need to refactor these tests.
The most obvious (to me) option is to move to using the `bearer_authorization_header` approach, with OAuth2 tokens, as already used in some tests. Unless anyone has a different idea?
It might also be worth considering we should have a helper that sorts out creating the token and scopes automatically, since in these cases we're not interested in whether the token is correctly set up (that's tested elsewhere) but rather these tests are focussed on what happens when a particular user is doing something.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4801
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/4801 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240515/b7624c7c/attachment.htm>
More information about the rails-dev
mailing list