CakePHP的控制器測試與安全組件

Question

考慮以下代碼：

控制器代碼

<?php 
App::uses('AppController', 'Controller'); 

class UsersController extends AppController { 

    public $components = array(
     'Security', 
     'Session' 
    ); 

    public function example() { 
     if ($this->request->is('post')) { 
      $this->set('some_var', true); 
     } 
    } 
} 

查看代碼

<?php 

echo $this->Form->create(); 
echo $this->Form->input('name'); 
echo $this->Form->end('Submit'); 

因爲我已經制定了安全組件，篡改以任何方式（如向其添加字段）都會導致請求爲黑色-h OLED。我想測試：

測試代碼

<?php 

class UsersControllerTest extends ControllerTestCase { 

    public function testExamplePostValidData() { 
     $this->Controller = $this->generate('Users', array(
      'components' => array(
       'Security' 
      ) 
     )); 

     $data = array(
      'User' => array(
       'name' => 'John Doe' 
      ) 
     ); 

     $this->testAction('/users/example', array('data' => $data, 'method' => 'post')); 
     $this->assertTrue($this->vars['some_var']); 
    } 

    public function testExamplePostInvalidData() { 
     $this->Controller = $this->generate('Users', array(
      'components' => array(
       'Security' 
      ) 
     )); 

     $data = array(
      'User' => array(
       'name' => 'John Doe', 
       'some_field' => 'The existence of this should cause the request to be black-holed.' 
      ) 
     ); 

     $this->testAction('/users/example', array('data' => $data, 'method' => 'post')); 
     $this->assertTrue($this->vars['some_var']); 
    } 
} 

第二個測試testExamplePostInvalidData應該因爲some_field的$data陣列中是失敗了，但它傳遞！我究竟做錯了什麼？

Answer 1

通過在 - > testAction的數據中添加'some_field'，安全組件將假定該字段是您的應用程序的一部分（因爲它來自您的代碼，而不是POST數組），所以它不會被看到作爲「黑客企圖」。

檢查黑洞有點複雜。但Cake核心測試已經測試了黑洞功能，所以如果這些測試通過了，你不需要在你的應用中檢查它。

如果你堅持，雖然，檢查出的核心蛋糕測試指導：

具體做法是：

/** 
* test that validatePost fails if any of its required fields are missing. 
* 
* @return void 
*/ 
public function testValidatePostFormHacking() { 
    $this->Controller->Security->startup($this->Controller); 
    $key = $this->Controller->params['_Token']['key']; 
    $unlocked = ''; 

    $this->Controller->request->data = array(
     'Model' => array('username' => 'nate', 'password' => 'foo', 'valid' => '0'), 
     '_Token' => compact('key', 'unlocked') 
    ); 
    $result = $this->Controller->Security->validatePost($this->Controller); 
    $this->assertFalse($result, 'validatePost passed when fields were missing. %s'); 
} 

其它更多例子在文件中：
https://github.com/cakephp/cakephp/blob/master/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php