6
考慮以下代碼:CakePHP的控制器測試與安全組件
控制器代碼
<?php
App::uses('AppController', 'Controller');
class UsersController extends AppController {
public $components = array(
'Security',
'Session'
);
public function example() {
if ($this->request->is('post')) {
$this->set('some_var', true);
}
}
}
查看代碼
<?php
echo $this->Form->create();
echo $this->Form->input('name');
echo $this->Form->end('Submit');
因爲我已經制定了安全組件,篡改以任何方式(如向其添加字段)都會導致請求爲黑色-h OLED。我想測試:
測試代碼
<?php
class UsersControllerTest extends ControllerTestCase {
public function testExamplePostValidData() {
$this->Controller = $this->generate('Users', array(
'components' => array(
'Security'
)
));
$data = array(
'User' => array(
'name' => 'John Doe'
)
);
$this->testAction('/users/example', array('data' => $data, 'method' => 'post'));
$this->assertTrue($this->vars['some_var']);
}
public function testExamplePostInvalidData() {
$this->Controller = $this->generate('Users', array(
'components' => array(
'Security'
)
));
$data = array(
'User' => array(
'name' => 'John Doe',
'some_field' => 'The existence of this should cause the request to be black-holed.'
)
);
$this->testAction('/users/example', array('data' => $data, 'method' => 'post'));
$this->assertTrue($this->vars['some_var']);
}
}
第二個測試testExamplePostInvalidData
應該因爲some_field
的$data
陣列中是失敗了,但它傳遞!我究竟做錯了什麼?
這個答案讓我想起只檢查視圖在GET上返回的內容的可能性,並查看它是否包含不應該可編輯的字段。然後,知道安全組件已啓用,我知道我很安全。但我認爲我的測試仍然有意義,因爲測試不關心你的實現是什麼;測試只關心結果。因此,發佈不應該可編輯的字段的結果應該導致錯誤,無論是否由安全組件生成(測試不關心)。但我認爲這個答案足夠了。謝謝! – Nick 2013-05-28 05:44:01