Tests for the extractor in jwt.rs which extracts the JWT as String from the request headers. There should be multiple tests for the from_request method of the JWT struct whether it can properly extract the JWT and whether it can detect error cases correctly. The api documentation describes how a correct request with an authorization or cookie header should look like. The extraction of the claims itself can be assumed to be correct because they are done by the jsonwebtoken crate.
List of possible test scenarios:
[ ] Correct authorization using authorization header
[ ] Correct authorization using cookie header
[ ] Authorization using both headers (authorization should be preferred)
[ ] Invalid authorization header (no bearer authorization)
Tests for the extractor in
jwt.rs
which extracts the JWT as String from the request headers. There should be multiple tests for thefrom_request
method of theJWT
struct whether it can properly extract the JWT and whether it can detect error cases correctly. The api documentation describes how a correct request with an authorization or cookie header should look like. The extraction of the claims itself can be assumed to be correct because they are done by the jsonwebtoken crate.List of possible test scenarios: