Is writing tests like this worth it
Im using the implementations and sqlite in memory to test that the services do what they are supposed to - i guess they fall into integrations test or unit tests but i want your lots opinion https://github.com/UmbrellaCrow612/PoliceCaseManagement/blob/master/tests/Identity.Application.Tests/AuthServiceTests.cs
GitHub
PoliceCaseManagement/tests/Identity.Application.Tests/AuthServiceTe...
Police case System Side project. Contribute to UmbrellaCrow612/PoliceCaseManagement development by creating an account on GitHub.
2 Replies
yes, these look comparable to integration tests I would write
so for a login flow like this, I would consider having a test suite like this that arranges and asserts everything up-front, and then I would also write a second test suite that covers the same interaction, except over WebApplicationFactory + HttpClient
doing it that way allows me to validate that all of the other stuff in my Startup.cs is being registered and configured correctly, including filters and anything else that possibly touches the response pipeline
one thing I would like to see here however is some use of MultipleAsserts. I don't think MSTest provides that, but I know NUnit does, and also possibly XUnit
using MultipleAsserts will allow you to do Assert on multiple things, and all the pass/fails are reported together, rather than failing on the first bad Assert
see https://docs.nunit.org/articles/nunit/writing-tests/assertions/multiple-asserts.html
also for
LogoutAsync_ShouldRevokeAllValidTokensForUser I would like to see a case that asserts that the user is not able to interact with the account with a revoked token
https://github.com/UmbrellaCrow612/PoliceCaseManagement/blob/7588ac2308927bd4563bb8059b735052af2b7f66/tests/Identity.Application.Tests/AuthServiceTests.cs#L290 I'm kinda iffy on asserting directly against what's supposed to be in the database. I might consider having some _authService.HasAnyTokens(user.Id) and asserting against that instead.
but the actually interesting side-effect of that is that the user shouldn't be able to log in with a revoked token, hence ☝️Thanks for feedback