You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have extensive security tests at the unit and component integration levels, covering various mocked scenarios.
However, there are no tests to validate the behavior of the latest security implementations against a real server in a fully integrated environment.
Wanted
Write new tests in the integrationtest module covering:
OAuth2 Integration (JWT + Opaque)
Ideally we can spin up test containers (Keycloak?) covering both use cases
Cookie based authentication in general
Test that cookie in classic mode works
Test that cookie in oauth2 mode works as expected
Verify that if both cookies are sent that the OAuth2 cookie has higher priority (the classic auth cookie should be deleted)
Verify that the cookie values are encrypted
Verify that the cookies expiry accordingly
Solution
Expand the existing integration test classes by the desired test cases
We should probably expand the GitHub Action pipelines to include multiple parallel jobs that run the SecHub server in different modes (Classic, OAuth, JWT, Opaque, Login, ...)
The text was updated successfully, but these errors were encountered:
Situation
We have extensive security tests at the unit and component integration levels, covering various mocked scenarios.
However, there are no tests to validate the behavior of the latest security implementations against a real server in a fully integrated environment.
Wanted
Write new tests in the
integrationtestmodule covering:Solution
The text was updated successfully, but these errors were encountered: