The REST API tests go to the controller directly, meaning that they are not executing the entire middleware pipeline, and we may see false positives around the authZ.
With #553 the aspnet test server and associated HttpClient are stood up, with the services we mock in the tests overridden as required.
We should refactor the REST API tests to use this instead of the controller directly, to ensure that all middleware is applied correctly.
The REST API tests go to the controller directly, meaning that they are not executing the entire middleware pipeline, and we may see false positives around the authZ.
With #553 the aspnet test server and associated
HttpClientare stood up, with the services we mock in the tests overridden as required.We should refactor the REST API tests to use this instead of the controller directly, to ensure that all middleware is applied correctly.