单元测试认证 [英] Unit Testing Authentication

问题描述

我对单元测试相当陌生.我正在构建一个 ASP.NET MVC3 应用程序(尽管我的问题似乎与语言无关)并且对基本测试感到困惑.

I am fairly new to unit testing. I am building an ASP.NET MVC3 application (although my question seems language agnostic) and am confused about a basic test.

我想做一个单元测试，以确保我的ValidatePassword"函数正常工作 - 它将接收用户名和密码，然后对密码进行散列，看看它是否与数据库中用户的散列匹配.如果是，则返回 true.问题是我使用的是模拟存储库，因此我必须在运行测试之前将用户添加到数据库中.我无法在我的测试设置中真正创建这个用户，因为我不知道加密密码是什么，直到我真正通过我正在测试的函数运行它.答案是通过Hash函数运行一次，写在我的测试中，然后用它测试吗?

I want to make a unit test that makes sure my "ValidatePassword" function works - It will take in a username and password, then hash the password and see if it matches the hash for a user in the database. If so, it returns true. The problem is that I am using a mock repository, so I will have to add the user to the db before running my test. I can't really create this user in my test setup because I don't know what the encrypted password will be until I actually run it through the function I am testing. Is the answer to run it through the Hash function once, write it down in my test, and then test with that?

希望这很清楚.谢谢！

推荐答案

我更喜欢尽可能通过代码的公共接口设置我的测试数据，而不是让测试代码知道代码是如何实现的.所以我个人不会在测试代码中使用硬编码的加密密码.让我解释一下...

I prefer to set up my test data where possible through the public interface of my code, rather than giving the test code knowledge of how the code is implemented. So personally I would not use a hardcoded encrypted password in the test code. Let me explain...

据推测，您有一种添加新用户的方法，该方法在内部将使用散列密码在数据库中创建一个新条目.然后测试看起来像这样:

Presumably, you have a method to add a new user, which internally will create an new entry in the database with a hashed password. Then the test would look something like this:

AddNewUser("username", "passsword");
bool isValid = ValidateUser("username", "password");
Assert.IsTrue(isValid);

这当然必须与无效的用户/密码测试相辅相成:

This of course would have to be complimented with invalid user/password tests:

test: ValidUser_InvalidPassword:
    AddNewUser("username2", "pwd");
    bool isValid = ValidateUser("username2", "wrongPassword");
    Assert.IsFalse(isValid);


test: NonExistingUser:
    bool isValid = ValidateUser("non_existing_user", "anyPassword");
    Assert.IsFalse(isValid);

反对这一点的论点是，您在一次测试中测试了多个单元.但我个人认为这样更好.为什么?

The argument against this would be that you are testing more than one unit in a single test. But personally I think this is better. Why?

因为测试不是那么脆弱 - 即，如果您对散列算法进行内部更改，则测试会检查一切是否仍然有效.您不必更改测试代码中的硬编码加密密码.

Because the tests are not so brittle - i.e. if you make an internal change to the hashing algorithm the test is there to check that everything still works. You don't have to change the hard coded encrypted password in the test code.

这是单元测试的主要好处之一:检查我们在重构时没有破坏任何东西.因此，当我们出于任何原因(代码清洁度/性能或安全改进)想要更改内部实现时，测试让我们确信我们没有破坏功能.

That is one of the main benefits of unit tests: to check that we don't break anything when we refactor. So when we want to change the internal implementation for whatever reason (code cleanliness/performance or security improvements), the tests give us confidence that we have not broken the functionality.

可以在此多布斯博士文章:

这篇关于单元测试认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！