admin管理员组文章数量:1307048
I'm running integration tests for an ASP.NET Core 8 Web API project, and I have a test that passes in my local IDE (Visual Studio Test Explorer) but fails in GitHub Actions with a 403 Forbidden error.
GenerateToken.cs (file in the ProSys.Tests.Integration proj)
public class GenerateToken
{
private readonly HttpClient _client;
public GenerateToken(CustomWebApplicationFactory<Program> factory)
{
_client = factory.CreateClient();
}
public async Task<string> GetJwtToken()
{
var loginPayload = new { username = "owner", password = "P@$$w0rd" };
var response = await _client.PostAsJsonAsync("/api/v1/account/login",
loginPayload);
response.EnsureSuccessStatusCode();
var responseContent = await response.Content.ReadAsStringAsync();
var json = JsonSerializer.Deserialize<ApiResponseWrapper<LoginResponseResult>>
(responseContent,
new JsonSerializerOptions
{
PropertyNameCaseInsensitive = true,
Converters = { new JsonStringEnumConverter() }
});
if (json?.Value?.Token == null)
{
throw new Exception($"Token generation failed. Response: {responseContent}");
}
return json.Value.Token;
}
}
AuthTest.js
public class AuthTests : IClassFixture<CustomWebApplicationFactory<Program>>
{
private readonly HttpClient _client;
private readonly GenerateToken _generateToken;
public AuthTests(CustomWebApplicationFactory<Program> factory)
{
_client = factory.CreateClient();
_generateToken = new GenerateToken(factory);
}
[Fact]
public async Task Get_Protected_Endpoint_Should_Return_Unauthorized_Without_Token()
{
var response = await _client.GetAsync("/api/v1/userType/retrieve");
response.StatusCode.Should().Be(System.Net.HttpStatusCode.Unauthorized);
}
[Fact]
public async Task Get_Protected_Endpoint_Should_Return_Success_With_Dynamic_Token()
{
var token = await _generateToken.GetJwtToken();
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
var response = await _client.GetAsync("/api/v1/userType/retrieve");
response.EnsureSuccessStatusCode();
}
}
Problem Description
I have an endpoint that requires authentication, and my test does the following:
- Calls the /api/v1/account/login endpoint with valid credentials (owner / P@$$w0rd).
- Extracts the JWT token from the response
- Sends the token in an Authorization header to /api/v1/userType/retrieve.
- Expects a 200 OK response, but gets 403 Forbidden only in GitHub Actions.
Error Message from GitHub Actions
ProSys.Tests.Integration.Tests.AuthTests.AuthTests.Get_Protected_Endpoint_Should_Return_Success_With_Dynamic_Token [FAIL]
[xUnit 00:00:12.08] System.Net.Http.HttpRequestException :
Response status code does not indicate success: 403 (Forbidden).
the GitHub Actions is indeed creating the tables and inserting the values, so the owner with P@$$w0rd are correct creds and it has the required permissions to access this endpoint (everything in Postman is working successfully with a header that contains the token), but yet it is throwing 403 (Forbidden) that indicates that the login user is not authorized to access this endpoint, so maybe GitHub Action is not generating the token correctly, the token uses the RSA algorithm to assign and validate a token, the private and public keys are found in the secrets.json file found in GitHub Secrets under the action tab
Also note that the login process in my api is correctly working and assigning and validating the JWT correctly using RSA encryption keys.
Question
- How can I properly debug whether
secrets.jsonis being read in GitHub Actions? - What are the best ways to troubleshoot why an authentication token works locally but gets rejected (403 Forbidden) in GitHub Actions?
本文标签:
版权声明:本文标题:.net - ASP.NET Core Integration Test Failing in GitHub Actions (403 Forbidden) but Passing Locally - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741832748a2400030.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论