PHP單元測試函數

Question

我試圖測試這個函數，我一直在嘗試不同的方式，但沒有成功。有沒有人有一個ide我怎麼可以用其他方式測試它，或者告訴我我的測試類有什麼問題（我的測試類在本頁末尾）。

function checkbrute($user_id, $mysqli) { 

    // Get timestamp of current time 
    $now = time(); 
    // All login attempts are counted from the past 2 hours. 
    $valid_attempts = $now - (2 * 60 * 60); 

    if ($stmt = $mysqli->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > '$valid_attempts'")) { 
     $stmt->bind_param('i', $user_id); 
     // Execute the prepared query. 
     $stmt->execute(); 
     $stmt->store_result(); 
     // If there has been more than 5 failed logins 
     if($stmt->num_rows > 5) { 
     return true; 
     } else { 
     return false; 
     } 

} 
} 

這是我的測試類，即時連接到數據庫。並試圖用我的函數「testcheckbrute（）」將值16作爲id號並嘗試函數。

<?php 


include 'functions.php'; 


class Test extends PHPUnit_Extensions_Database_TestCase { 

function getConnection(){ 

$mysqli = new mysqli('xxxxx.xxx.xx.se', 'xxx_xxxxxxxx', 'xxxxxx', 'db_xxxxxxxx'); 

if($mysqli->connect_errno > 0){ 
    die('Unable to connect to database [' . $mysqli->connect_error . ']'); 
    } 
} 

function testcheckbrute(){ 

$mysqli = new mysqli('atlas.dsv.su.se', 'xxx_xxxxxxx8', 'xxxxx', 'xx_xxxxxx'); 

checkbrute(16, $mysqli); 

} 
function setUp(){ 

} 
function getDataSet(){ 

}} 


?> 

Answer 1

我沒有看到任何實際的測試（斷言）。

例如：

$chk = checkbrute(16, $mysqli); 
$this->assertTrue($chk); 
etc. 

的斷言組成測試。

您可能希望通過這個閱讀： http://phpunit.de/manual/3.7/en/writing-tests-for-phpunit.html

另外，我不知道「沒有成功」的意思。

Answer 2

首先，只要你的測試用例是不是單元測試，這就是所謂的整合測試，因爲它依賴於環境中可用的MySQL服務器上。

然後，我們將進行集成測試。在proper DB testing with PHPUnit複雜性讓事情變得足夠簡單，不鑽研，這裏的例子測試用例類，考慮到與可用性寫着：

tests.php

<?php 
require_once(__DIR__.'/code.php'); 
class BruteForceTests extends PHPUnit_Framework_TestCase 
{ 

    /** @test */ 
    public function NoLoginAttemptsNoBruteforce() 
    { 
     // Given empty dataset any random time will do 
     $any_random_time = date('H:i'); 

     $this->assertFalse(
      $this->isUserTriedToBruteForce($any_random_time) 
     ); 
    } 

    /** @test */ 
    public function DoNotDetectBruteforceIfLessThanFiveLoginAttemptsInLastTwoHours() 
    { 
     $this->userLogged('5:34'); 
     $this->userLogged('4:05'); 

     $this->assertFalse(
      $this->isUserTriedToBruteForce('6:00') 
     ); 
    } 

    /** @test */ 
    public function DetectBruteforceIfMoreThanFiveLoginAttemptsInLastTwoHours() 
    { 
     $this->userLogged('4:36'); 
     $this->userLogged('4:23'); 
     $this->userLogged('4:00'); 
     $this->userLogged('3:40'); 
     $this->userLogged('3:15'); 
     $this->userLogged('3:01'); // ping! 6th login, just in time 

     $this->assertTrue(
      $this->isUserTriedToBruteForce('5:00') 
     ); 
    } 

    //==================================================================== SETUP 

    /** @var PDO */ 
    private $connection; 

    /** @var PDOStatement */ 
    private $inserter; 

    const DBNAME = 'test'; 
    const DBUSER = 'tester'; 
    const DBPASS = 'secret'; 
    const DBHOST = 'localhost'; 

    public function setUp() 
    { 
     $this->connection = new PDO(
      sprintf('mysql:host=%s;dbname=%s', self::DBHOST, self::DBNAME), 
      self::DBUSER, 
      self::DBPASS 
     ); 
     $this->assertInstanceOf('PDO', $this->connection); 

     // Cleaning after possible previous launch 
     $this->connection->exec('delete from login_attempts'); 

     // Caching the insert statement for perfomance 
     $this->inserter = $this->connection->prepare(
      'insert into login_attempts (`user_id`, `time`) values(:user_id, :timestamp)' 
     ); 
     $this->assertInstanceOf('PDOStatement', $this->inserter); 
    } 

    //================================================================= FIXTURES 

    // User ID of user we care about 
    const USER_UNDER_TEST = 1; 
    // User ID of user who is just the noise in the DB, and should be skipped by tests 
    const SOME_OTHER_USER = 2; 

    /** 
    * Use this method to record login attempts of the user we care about 
    * 
    * @param string $datetime Any date & time definition which `strtotime()` understands. 
    */ 
    private function userLogged($datetime) 
    { 
     $this->logUserLogin(self::USER_UNDER_TEST, $datetime); 
    } 

    /** 
    * Use this method to record login attempts of the user we do not care about, 
    * to provide fuzziness to our tests 
    * 
    * @param string $datetime Any date & time definition which `strtotime()` understands. 
    */ 
    private function anotherUserLogged($datetime) 
    { 
     $this->logUserLogin(self::SOME_OTHER_USER, $datetime); 
    } 

    /** 
    * @param int $userid 
    * @param string $datetime Human-readable representation of login time (and possibly date) 
    */ 
    private function logUserLogin($userid, $datetime) 
    { 
     $mysql_timestamp = date('Y-m-d H:i:s', strtotime($datetime)); 
     $this->inserter->execute(
      array(
       ':user_id' => $userid, 
       ':timestamp' => $mysql_timestamp 
      ) 
     ); 
     $this->inserter->closeCursor(); 
    } 

    //=================================================================== HELPERS 

    /** 
    * Helper to quickly imitate calling of our function under test 
    * with the ID of user we care about, clean connection of correct type and provided testing datetime. 
    * You can call this helper with the human-readable datetime value, although function under test 
    * expects the integer timestamp as an origin date. 
    * 
    * @param string $datetime Any human-readable datetime value 
    * @return bool The value of called function under test. 
    */ 
    private function isUserTriedToBruteForce($datetime) 
    { 
     $connection = $this->tryGetMysqliConnection(); 
     $timestamp = strtotime($datetime); 
     return wasTryingToBruteForce(self::USER_UNDER_TEST, $connection, $timestamp); 
    } 

    private function tryGetMysqliConnection() 
    { 
     $connection = new mysqli(self::DBHOST, self::DBUSER, self::DBPASS, self::DBNAME); 
     $this->assertSame(0, $connection->connect_errno); 
     $this->assertEquals("", $connection->connect_error); 
     return $connection; 
    } 

} 

該測試套件是自包含的，並已三個測試用例：當沒有登錄嘗試記錄時，用於在檢查時間的兩個小時內有六個登錄嘗試記錄，並且在同一時間範圍內只有兩個登錄嘗試記錄時。

這是測試套件不足，例如，您需要測試bruteforce的檢查是否真正適用於我們感興趣的用戶，並忽略其他用戶的登錄嘗試。另一個例子是你的函數應該在檢查時間結束時間的兩個小時間隔內真正選擇記錄，而不是在檢查時間減去兩小時後（如現在這樣）存儲的所有記錄。您可以自己編寫所有剩餘的測試。

這個測試套件與PDO連接到DB，它絕對優於接口mysqli，但是對於被測功能的需求，它會創建相應的連接對象。

一個很重要的應當注意到：你的功能，因爲它是因爲不可控制的庫函數這裏靜態依賴的不可測：

// Get timestamp of current time 
$now = time(); 

檢查的時間應提取功能函數參數可以通過自動方式進行測試，如下所示：

function wasTryingToBruteForce($user_id, $connection, $now) 
{ 
    if (!$now) 
     $now = time(); 
    //... rest of code ... 
} 

正如您所看到的，我已將您的函數更名爲更清晰的名稱。

除此之外，我想你應該非常小心working with datetime values in between MySQL and PHP，並且也永遠不會通過連接字符串構造SQL查詢，而是使用參數綁定來代替。所以，你最初的代碼稍微清理版本如下（請注意，測試套件需要它的第一行）：

code.php

<?php 

/** 
* Checks whether user was trying to bruteforce the login. 
* Bruteforce is defined as 6 or more login attempts in last 2 hours from $now. 
* Default for $now is current time. 
* 
* @param int $user_id ID of user in the DB 
* @param mysqli $connection Result of calling `new mysqli` 
* @param timestamp $now Base timestamp to count two hours from 
* @return bool Whether the $user_id tried to bruteforce login or not. 
*/ 
function wasTryingToBruteForce($user_id, $connection, $now) 
{ 
    if (!$now) 
     $now = time(); 

    $two_hours_ago = $now - (2 * 60 * 60); 
    $since = date('Y-m-d H:i:s', $two_hours_ago); // Checking records of login attempts for last 2 hours 

    $stmt = $connection->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > ?"); 

    if ($stmt) { 
     $stmt->bind_param('is', $user_id, $since); 
     // Execute the prepared query. 
     $stmt->execute(); 
     $stmt->store_result(); 
     // If there has been more than 5 failed logins 
     if ($stmt->num_rows > 5) { 
      return true; 
     } else { 
      return false; 
     } 
    } 
} 

對於我個人的口味，檢查的這種方法是非常低效的，你可能真的想下面的查詢：

select count(time) 
    from login_attempts 
    where 
     user_id=:user_id 
     and time between :two_hours_ago and :now 

由於這是集成測試，它希望在它的數據庫和FOLL工作訪問MySQL實例虧欠的表中定義：

mysql> describe login_attempts; 
+---------+------------------+------+-----+-------------------+----------------+ 
| Field | Type    | Null | Key | Default   | Extra   | 
+---------+------------------+------+-----+-------------------+----------------+ 
| id  | int(10) unsigned | NO | PRI | NULL    | auto_increment | 
| user_id | int(10) unsigned | YES |  | NULL    |    | 
| time | timestamp  | NO |  | CURRENT_TIMESTAMP |    | 
+---------+------------------+------+-----+-------------------+----------------+ 
3 rows in set (0.00 sec) 

它給出的功能測試中的運作只是我個人的猜測，但我想你確實有這樣的表。

在運行測試之前，您必須在tests.php文件中的「SETUP」部分中配置DB*常量。