在集成测试cakephp中允许所有操作进行身份验证 [英] Allow all actions for authentication in integration test cakephp

问题描述

我目前正试图为某些控制器编写集成测试，因此需要发送认证头。在我的控制器中，我有一些操作通过以下代码公开访问：

I'm currently trying to write an integration test for some controller whereby it is necessary to send an authentication header. In my controller I have some actions made public accessible through the following code:

namespace App\Controller\Api;

use Cake\Event\Event;
use Cake\Network\Exception\UnauthorizedException;
use Cake\Utility\Security;
use Firebase\JWT\JWT;

class UsersController extends AppController
{
   public function initialize()
   {
       parent::initialize();
       $this->Auth->allow(['add', 'token']); // public methods
   }
  .....
}

现在我有一个集成测试用例，我想允许所有操作都可以在没有验证的情况下访问。是否有任何简单的方法可以实现这一点？

Now I have an integration test case in which I want to allow that all actions are possible to access without authentication. Is there any simple way to make this possible?

集成案例代码：

namespace App\Test\TestCase\Controller;

use App\Controller\Api\UsersController;
use Cake\TestSuite\IntegrationTestCase;

class ApiPicturesControllerTest extends IntegrationTestCase{
   public $fixtures = [
      'app.albums',
      'app.pictures',
      'app.users',
      'app.comments',
      'app.users_albums'
   ];
   public function setUp(){
       parent::setUp();
       // Allow all actions
       // $this->Auth->allow();
   }
   public function testViewShouldPass(){
        $this->configRequest([
           'headers' => [
               'Accept' => 'application/json'
           ]
        ]);
        $data = $this->get('/api/pictures/1.json');
        $this->assertResponseOk();
    }
}

推荐答案

可以在覆盖 \Cake\TestSuite\IntegrationTestCase :: controllerSpy（）方法中操作控制器，例如

Generally it's possible to manipulate the controller in an overriden \Cake\TestSuite\IntegrationTestCase::controllerSpy() method, like

public function controllerSpy($event)
{
    parent::controllerSpy($event);

    if (isset($this->_controller)) {
        $this->_controller->Auth->allow();
    }
}

但如注释中所述，更好地正确验证您的请求！

but as already mentioned in the comments, it would be better to properly authenticate your requests instead!

虽然集成测试不一定是黑盒测试，但是对测试主体的内部测试不是过分好主意。在集成测试中嘲笑某些部分可能是合理的，当你在测试一切和测试单元之间，即更大的模块组，但大多数情况下，只有在涉及重复杂的请求中需要的东西。

While integration tests do not necessarily have to be black-box tests, peering into the internals of the test subject isn't an overly good idea. Mocking certain parts in an integration test might be reasonable when you are looking for something in between "test everything" and "test units", ie larger groups of modules, but that should mostly only be necessary when heavy complexity is involved in a request.

另请参阅

• API> \Cake\TestSuite\IntegrationTestCase :: controllerSpy（）


• API> \Cake\TestSuite\IntegrationTestCase :: $ _ controller

• API > \Cake\TestSuite\IntegrationTestCase::controllerSpy()
• API > \Cake\TestSuite\IntegrationTestCase::$_controller

这篇关于在集成测试cakephp中允许所有操作进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！