Expand coverage to full backend assembly

RpgRoller.Tests/UnitTest1.cs

@@ -71,6 +71,13 @@ public sealed class UnitTest1 : IClassFixture<WebApplicationFactory<Program>>
             new CreateSkillRequest("Arcana", "2d12+2"));
         Assert.Equal("2d12+2", createdSkill.DiceRollDefinition);
 
+        var updatedSkill = await PutAsync<UpdateSkillRequest, SkillSummary>(
+            gmClient,
+            $"/api/skills/{createdSkill.Id}",
+            new UpdateSkillRequest("Arcana Mastery", "2d12+3"));
+        Assert.Equal("Arcana Mastery", updatedSkill.Name);
+        Assert.Equal("2d12+3", updatedSkill.DiceRollDefinition);
+
         var invalidSkill = await gmClient.PostAsJsonAsync(
             $"/api/characters/{gmCharacter.Id}/skills",
             new CreateSkillRequest("Broken", "5D+4"));
@@ -172,6 +179,11 @@ public sealed class UnitTest1 : IClassFixture<WebApplicationFactory<Program>>
             "/api/campaigns",
             new CreateCampaignRequest("Nope", "d6"));
         Assert.Equal(HttpStatusCode.Unauthorized, unauthorizedCampaignCreate.StatusCode);
+
+        var invalidSessionRequest = new HttpRequestMessage(HttpMethod.Get, "/api/campaigns");
+        invalidSessionRequest.Headers.Add("Cookie", "rpgroller_session=invalid-token");
+        var unauthorizedWithInvalidSession = await anonymousClient.SendAsync(invalidSessionRequest);
+        Assert.Equal(HttpStatusCode.Unauthorized, unauthorizedWithInvalidSession.StatusCode);
     }
 
     [Fact]