Aller au contenu principal

Testing Strategy

Test Organization​

apps/api/tests/
├── unit/
│   ├── auth/guards/
│   ├── services/
├── integration/
│   ├── rbac-scenarios.spec.ts
│   ├── tenant-isolation.spec.ts
└── security/
    ├── penetration-test.spec.ts
    ├── data-leakage.spec.ts

Security Test Example​

describe('Tenant Isolation (Integration)', () => {
  it('should prevent cross-tenant data access', async () => {
    const response = await request(app.getHttpServer())
      .get('/api/clients')
      .set('Authorization', `Bearer ${accountManager1Token}`)
      .expect(200);

    const clientIds = response.body.map(c => c.id);
    expect(clientIds).toContain('client-1');
    expect(clientIds).not.toContain('unauthorized-client-3');
  });
});