Currently around 75% are happy paths. More tests for authz, authn, to test app for breakage. Test that only specific fields are returned. Error when trying to access forbidden. That app does not leak info about data, for example user can read name, but if user provides where id = 1 he can indirectly find out id.
This is currently all working correctly, but there should be tests for this
Currently around 75% are happy paths. More tests for authz, authn, to test app for breakage. Test that only specific fields are returned. Error when trying to access forbidden. That app does not leak info about data, for example user can read name, but if user provides where id = 1 he can indirectly find out id. This is currently all working correctly, but there should be tests for this