You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 21, 2022. It is now read-only.
Some of the abacus integration tests(bridge-test.js#L144) validate both with secured and non-secured environment, others(test.js#L186) validate only secured and there is a third group that does not deal explicitly with security, but still sign and pass tokens inside the code(accuracy-test.js#L59).
Maybe in the third option is left as an alternative the security to be controlled from outside, but it's somehow misleading and requires from you to know the test and the code in details in order to run it in all possible scenarios.
Does it make sense to test without security at all or do we need to support both?
The text was updated successfully, but these errors were encountered:
There are CF environments that do not require security to be on, since they rely on IaaS to encrypt the traffic. Networking release can restrict the access between apps, so using it can also make https optional. I would say we need to support both secure and non-secure environments.
As for the tests: the best would be to have both secured and non-secured tests, but this takes lots of time. Therefore some of the tests do not exercise both branches since the secure aspect is covered by another test.
I would say we need to remove all secure and non-secure branching from the tests and create an explicit group that deals with this. In this way it becomes quite clear what this test does and what is the implication when it fails.
Some of the abacus integration tests(bridge-test.js#L144) validate both with secured and non-secured environment, others(test.js#L186) validate only secured and there is a third group that does not deal explicitly with security, but still sign and pass tokens inside the code(accuracy-test.js#L59).
Maybe in the third option is left as an alternative the security to be controlled from outside, but it's somehow misleading and requires from you to know the test and the code in details in order to run it in all possible scenarios.
Does it make sense to test without security at all or do we need to support both?
The text was updated successfully, but these errors were encountered: