Can't test bearer auth

[Christoph-AK]

Hey there, I want to test my endpoints. For that I copied code from the repo.

My setup:

#[derive(SecurityScheme)]
#[oai(type = "bearer")]
pub struct BearerAuth(Bearer);

#[OpenApi]
impl ResourcesApi {
    /// (read) Return all resources
    #[oai(path = "/resources", method = "get", tag = "ApiTags::Resources")]
    async fn net_get_all_resources(&self, auth: BearerAuth) -> GetAllResourcesResponse {
        get_all_resources(&self.db, auth).await.into()
    }
}

#[derive(ApiResponse)]
#[oai(bad_request_handler = "handler")]
enum GetAllResourcesResponse {
    /// Returns the result set
    #[oai(status = 200)]
    Ok(Json<String>),
    /// Authorization error
    #[oai(status = 401)]
    Err401(Json<String>),
    /// Clientside error
    #[oai(status = 400)]
    Err400(Json<String>),
}

fn handler(err: Error) -> GetAllResourcesResponse {
    if err.is::<poem_openapi::error::AuthorizationError>() {
        GetAllResourcesResponse ::Err401(Json(format!("OAI: {err}")))
    } else {
        GetAllResourcesResponse ::Err400(
            Json("bad!".to_string())
        )
    }
}

pub fn get_route() -> Result<CorsEndpoint<Route>> {
    let api_service = OpenApiService::new(
        (
            ResourcesApi::new(),
        ),
        "test",
        env!("CARGO_PKG_VERSION"),
    )
    .summary("test")
    .server("http://localhost:3000/api");
    let ui = api_service.swagger_ui();

    let r = Route::new()
        .nest("/api", api_service)
        .nest("/", ui)
        .with(Cors::new());

    Ok(r)
}

My Test is:

#[tokio::test]
pub async fn db_test() -> Result<()> {
    let ep = get_route()?;
  

    let mut resp = poem::Endpoint::get_response(
        &ep,
        poem::Request::builder()
            .method(poem::http::Method::POST)
            .uri(poem::http::Uri::from_static("/api/login"))
            .content_type("application/json")
            .body(r#"{"name": "admin", "password": "password"}"#),
    )
    .await;
    assert_eq!(resp.status(), poem::http::StatusCode::OK); // Passes!

    let token = resp.take_body().into_string().await.map_err(|e| {
        MyError::Generic500("test 2 intostring".to_string(), e.to_string(), trace!())
    })?;
    assert_eq!(token, "good_token");  // This passes!

    
    let resp = poem::Endpoint::get_response(
        &ep,
        poem::Request::builder()
            .method(poem::http::Method::GET)
            .uri(poem::http::Uri::from_static("/api/resources"))
            .content_type("application/json")
            .typed_header(headers::Authorization::bearer(&token).unwrap())
            .finish(),
    )
    .await;
    assert_eq!(resp.status(), poem::http::StatusCode::OK); // This fails!!!
}

The last test fails with the "OAI: Unauthorized"-Message that is only generated in the handler.

In normal use the endpoint works correctly, just the test fails.

Why is that? I can't quite understand the inner workings of the OpenAPI AuthBearer implementation.

[Christoph-AK]

... this is a bit of a facepalm:

Everything works as expected.

Turns out: My Login endpoint is returning a Json(String), which is "validtesttoken".
Of course the two quotation marks are nonsense here.

Either changing my Login endpoint to return Plaintext(String) or to do a .replace("\"", "") on the token solves the problem and lets the test pass.