Add a test-client test to validate the unauthorized http status code (#79)

Author: papertigers

test-client/src/tester.rs

@@ -124,6 +124,10 @@ impl Tester {
             .await
             .context("nonexistent_resource_tests")?;
 
+        self.unauthorized_status_test()
+            .await
+            .context("unauthorized_status_test")?;
+
         let dwight =
             self.create_user_tests().await.context("create_user_tests")?;
         let jim = self.create_jim_user().await.context("create_jim_user")?;
@@ -293,6 +297,38 @@ impl Tester {
         Ok(())
     }
 
+    async fn unauthorized_status_test(&self) -> anyhow::Result<()> {
+        let body = json!({
+            "userName": "amartin",
+            "externalId": "[email protected]",
+        });
+
+        // Don't call `self.post()` so that we can maniuplate the headers.
+        let mut headers = self.headers.clone();
+        let Some(_old_bearer) = headers.insert(
+            header::AUTHORIZATION,
+            header::HeaderValue::from_str("Bearer this-is-invalid")?,
+        ) else {
+            // The client was constructed without a bearer token so this test is
+            // pointless.
+            return Ok(());
+        };
+
+        let result = self
+            .client
+            .post(format!("{}/Users", self.url))
+            .json(&body)
+            .headers(headers)
+            .send()
+            .await?;
+
+        if result.status() != StatusCode::UNAUTHORIZED {
+            bail!("POST to /Users returned status code {}", result.status());
+        }
+
+        Ok(())
+    }
+
     async fn create_user_tests(&self) -> anyhow::Result<User> {
         let body = json!({
             "userName": "dschrute",