如何通过伪装登录在Symfony的2测试ACL的发展 [英] How to develop by faking login to test ACLs in Symfony 2

问题描述

我开发一个web应用程序的一部分上的Symfony 2.建立像许多应用程序，认证和放大器;授权是必需的。我如何能继续发展，通过传递或伪造一个登录服用注意事项ACL？

I am developing a part of a web app build on Symfony 2. Like in many apps, authentication & authorization is required. How can I continue developing, taking considerations ACL by passing or faking a login?

在文档， login_check 做认证和会话部分透明。我想我可能要么需要实现一个版本的或以某种方式调用它来登录不同的用户/角色

In the docs, login_check does the authentication and sessions part transparently. I think I may either need to implement a version of that or somehow call it to login as different users/roles

推荐答案

我不能完全肯定我理解你的问题，但你只是问你怎么登录编程？

I'm not entirely sure I understand your question but are you just asking how you log in programatically?

在我的测试中，我只是不喜欢打电话：

In my tests I simply do a call like:

$this->container->get('security.context')->setToken(
    new UsernamePasswordToken(
        'maintenance', null, 'main', array('ROLE_FIXTURE_LOADER')
    )
);

在这种情况下维护甚至不是一个真正的用户的实体，它只是我弥补了我的灯具，使他们可以通过访问一个服务用户名 ROLE_FIXTURE_LOADER 但如果你是想从数据库登录作为一个完整的用户实体（让他们拥有正确的ACL ID）即可获得 $用户对象，并调用：

In this instance 'maintenance' is not even a real User entity, its just a username that I made up for my fixtures so that they can access a service by having ROLE_FIXTURE_LOADER but if you did want to login as a full user entity (so that they have the correct ACL ID) you can get a $user object from the database and call:

$this->container->get('security.context')->setToken(
    new UsernamePasswordToken(
        $user, null, 'main', $user->getRoles())
    )
);

这并不做一个完整的登录，但它与RBAC工作，我不明白为什么如果你通过一个实际的用户对象将不会与ACL工作。

This doesn't do a full login but it does work with RBAC and I don't see why it wouldn't work with ACL if you pass an actual user object.

至于我的前端功能测试，如果我需要登录我只是导航到登录页面并提交表单根据测试文档。对于任何那些工作，你确实需要访问容器，所以你需要扩展 WebTestCase 或推出自己的能力来引导内核（参见的here ）。

As for functional testing of my front end if I need to login I just navigate to the login page and submit the form as per the testing docs. For either of those to work you do need access to the container so you need to extend WebTestCase or roll your own ability to boot the kernel (see here).

我感觉我有错误理解的问题，但（即你需要做的事情不仅仅是把令牌更复杂）。也许你可以尝试澄清多一点你的意思是由

I've a feeling I've mis-understood the question though (i.e. you need to do something more complex than just placing the token). Perhaps you could try to clarify a bit more what you mean by

传球或者伪造一个登录

一个具体的例子来厂在测试安全令牌：

首先，我们为我们的测试中使用包含登录便捷方法的基类。这可以通过扩展来完成 WebTestCase ，并使用 getContainer 方法在客户端或者你可以拉 WebTestCase 除了推出自己的基类，它只是引导内核没有客户端，并返回容器（见我的两个解决方案，以实现这一链接）

First we make a base class for our tests to use which contain a login convenience method. This can be done by extending WebTestCase and using the getContainer method on a client OR you can pull WebTestCase apart to roll your own base class which just boots the kernel without a client and returns the container (see my link for two solutions to achieve that).

namespace Acme\SomeBundle\Tests;

use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;

abstract class AcmeTestCase extends WebTestCase {

    protected function loginAs($client, $username) {
        $container = $client->getContainer();
        $doctrine = $container->get('doctrine');

        $user = $this->loadUser($doctrine, $username);

        // First Parameter is the actual user object.
        // Change 'main' to whatever your firewall is called in security.yml
        $container->get('security.context')->setToken(
            new UsernamePasswordToken(
                $user, null, 'main', $user->getRoles()
            )
        );
    }

    private function loadUser($doctrine, $username) {
        // Don't have to use doctrine if you don't want to, you could use
        // a service to load your user since you have access to the
        // container.

        // Assumes User entity implements UserInterface
        return $doctrine
                ->getRepository('AcmeUserBundle:User')
                ->findOneByUsername($username);
    }

}

然后你只需要使用你的基类中你希望的任何测试。像这样：

Then you just need to use your base class in any test you wish. Like so:

namespace Acme\SomeBundle\Tests\Entity;

use Acme\SomeBundle\Tests\AcmeTestCase;

class SomeEntityTest extends AcmeTestCase {

    public function somethingTest() {
        $this->loginAs(static::createClient(), 'SomeUsernameInDB');

        // Do the rest of your test here.
    }

}

希望这有助于。

这篇关于如何通过伪装登录在Symfony的2测试ACL的发展的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！