使用JWT承载令牌测试控制器方法 [英] Testing a controller method with JWT bearer token

问题描述

我需要帮助模拟单元测试。



我试图在WebApi控制器中调用具有Authorization属性的方法，例如< br $> b $ b

I need help with Mocking on Unit Tests.

I am trying to call a method in a WebApi Controller that has the Authorization attribute on it, for example

[Authorize]
[HttpGet]
[ActionName("FineOutcome")]
[ProducesResponseType(typeof(Response), 200)]
[ProducesResponseType(401)]
public async Task<IActionResult> FineOutcome(string PCN, int ia)
{
  //Code Action here
}

授权由JWT Bearer Token处理。现在我正在尝试测试此方法，并且不能/不知道如何模拟或传递JWT持票人令牌。



我有什么试过：

The authorisation is handled by a JWT Bearer Token. Now I am trying to Test this method and can't / don't know how to mock or pass in the JWT bearer token.

What I have tried:

var userMock = new Mock<IPrincipal>();
userMock.Setup(p => p.IsInRole("admin")).Returns(true);

var contextMock = new Mock<HttpContext>();
contextMock.Setup(x => x.User ).Returns(new ClaimsPrincipal());

controller.ControllerContext.HttpContext = contextMock.Object;
var outcome = controller.FineOutcome("513073/372796", 467);

但是当我尝试执行测试时，控制器方法会抱怨用户是空白的。任何人都可以给我一个正确的方向点。



链接我试过



c＃ - 如何使用moq模拟Controller.User - Stack Overflow [ ^ ]

c＃ - 使用Web API对JWT令牌进行单元测试 - 堆栈溢出 [ ^ ]

推荐答案

单元测试用于测试代码，而模拟则用于替换第三方提供的功能部分。不在您的测试环境中工作（HttpContext是一个很好的例子，您的单元测试不是runni在网站的上下文中，或者你需要控制结果。



这么长的故事，你试图让授权属性工作就是你测试底层的asp.net框架，但你应该假设微软已经测试了它并且它可以工作，所以你应该专注于测试你的代码。



如果你的代码是从某种形式的httpcontext中获取用户，这是你的实际问题;回到我上面所说的单元测试不应该依赖环境因素，例如上下文，会话，数据库，网络等，你的测试需要独立运行。更改您的代码，使其通过您注入控制器的某种服务类获取用户，然后您的单元测试将模拟该服务以提供硬编码用户，但是当代码在真实站点上工作时控制器将注入一个适当的用户服务，从httpcontext或当前获取它的任何地方获取用户。

Unit tests are for testing your code and mocking is for replacing the parts of the functionality that are provided by third-parties that don't work in your testing environment (HttpContext being a good example, your unit tests are not running in the context of a web site), or that you need to control the outcomes from.

So long story short you trying to make the authorise attribute work is you testing the underlying asp.net framework, but you should assume that Microsoft have already tested that and that it works, so you should instead focus on testing your code.

If your code is getting the user from some form of httpcontext that that is your actual problem; getting back to what I've said above your unit tests should not rely on environmental things such as contexts, sessions, databases, networks etc, your tests need to run self-contained and in isolation. Change your code such that it gets the user via some sort of service class that you inject into the controller, and your unit test will then mock that service to provide a hard-coded user, however when the code is working on the real site the controller will have a proper user service injected that gets the user from the httpcontext, or wherever it currently gets it from.

这篇关于使用JWT承载令牌测试控制器方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！