
  • 原文出处:
  • 原文作者:Dustin Dobervich
  • 授权许可:创作共用协议
  • 翻译人员:FireHare
  • 校对人员:FireHare
  • 适用版本:Symfony 2
  • 文章状态:已校对

I just wanted to write a quick post illustrating how to use the http basic authentication mechanism to test secured pages. Since the testing framework does not support sessions at the moment, it is not possible to write tests using the form login mechanism. Because of this, we have to use http basic authentication to test our secure pages.

First, we must make changes to the application’s test environment. The config_test.yml file located in the app/config directory is where we put all of our test environment specific configuration. We need to override the security configuration we set up in the previous tutorial to use the http basic authentication mechanism. Open up the config_test.yml file and add the following.

  1. ## Security Configuration 
  2. security: 
  3.     encoders: 
  4.         Symfony\Component\Security\Core\User\User: plaintext 
  6.     providers: 
  7.         main: 
  8.             users: 
  9.                 john.doe: { password: admin, roles: ROLE_ADMIN } 
  11.     firewalls: 
  12.         main: 
  13.             pattern:    /.* 
  14.             http_basic: true 
  15.             logout:     true 
  16.             security: true 
  17.             anonymous: true 

Here we have declared that we want to use http_basic authentication in the test environment firewall. We have also told symfony that we want to use a plaintext password encoder for our user. This allows us to specify the user’s password in plain text. Under the providers entry we have declared an in-memory user with a username of john.doe, a password of admin and having the role ROLE_ADMIN. We will supply these credentials in our request using server parameters.

Now open up the AdminControllerTest.php file located in the src/Company/BlogBundle/Tests/Controller folder. Here is the code for the test.

  1. namespace Company\BlogBundle\Tests\Controller; 
  3. use Symfony\Bundle\FrameworkBundle\Test\WebTestCase; 
  5. class AdminControllerTest extends WebTestCase 
  6.     public function testIndex() 
  7.     { 
  8.         $client = $this->createClient(); 
  9.         $client->followRedirects(true); 
  11.         // request the index action with invalid credentials 
  12.         $crawler = $client->request('GET''/admin/'array(), array(), 
  13.             array('PHP_AUTH_USER' => 'john.doe''PHP_AUTH_PW' => 'wrong_pass')); 
  15.         $this->assertEquals(200, $client->getResponse()->getStatusCode()); 
  17.         // we should be redirected to the login page 
  18.         $this->assertTrue($crawler->filter('title:contains("Login")')->count() > 0); 
  20.         // request the index action with valid credentials 
  21.         $crawler = $client->request('GET''/admin/'array(), array(), 
  22.             array('PHP_AUTH_USER' => 'john.doe''PHP_AUTH_PW' => 'admin')); 
  24.         $this->assertEquals(200, $client->getResponse()->getStatusCode()); 
  26.         // check the title of the page matches the admin home page 
  27.         $this->assertTrue($crawler->filter('title:contains("Admin | Home")')->count() > 0); 
  29.         // check that the logout link exists 
  30.         $this->assertTrue($crawler->filter('a:contains("Logout")')->count() > 0); 
  31.     } 

The code is fairly straightforward. You should be able to follow along with the comments and know what is going on. Two special server parameters are used to pass the user’s credentials to the application PHP_AUTH_USER and PHP_AUTH_PW.

You should now be setup to test all of your secured pages. I am still not sure what I will be posting about next. I have been out of town, so I have not had time to even think about it. I am hesitant to do a Form tutorial because of the proposed changes. I was thinking about maybe going over the container and writing a custom service. Let me know what you guys want. Until next time…
