我看过:
我正在尝试测试我写的自定义AuthorizeAttribute。
我尝试了很多不同的东西来让它发挥作用。这是我目前的尝试。
[AttributeUsage(AttributeTargets.All, AllowMultiple = false, Inherited = true)]
public class ConfigurableAuthorizeAttribute : AuthorizeAttribute
{
private Logger log = new Logger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
private IRoleHelper roleHelper;
public ConfigurableAuthorizeAttribute()
{
roleHelper = new ADRoleHelper();
}
public ConfigurableAuthorizeAttribute(IRoleHelper roleHelper)
{
this.roleHelper = roleHelper;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (!httpContext.User.Identity.IsAuthenticated)
{
return false;
}
if (this.roleHelper.IsUserInRole(this.Roles, HttpContext.Current.User.Identity.Name))
{
return true;
}
return false;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
filterContext.Result = new RedirectResult("~/home/Unauthorized");
}
}
[Test]
public void unauthenticated_user_not_allowed_to_access_resource()
{
var user = new Mock<IPrincipal>();
user.Setup(u => u.Identity.IsAuthenticated).Returns(false);
var authContext = new Mock<AuthorizationContext>();
authContext.Setup(ac => ac.HttpContext.User).Returns(user.Object);
var configAtt = new ConfigurableAuthorizeAttribute();
configAtt.OnAuthorization(authContext.Object);
authContext.Verify(ac => ac.Result == It.Is<RedirectResult>(r => r.Url == ""));
}
无论我做什么,我在运行测试时总会得到System.NullReferenceException。它似乎永远不会通过OnAuthorization调用。堆栈跟踪如下:
结果消息:System.NullReferenceException:不是对象引用 设置为对象的实例。结果StackTrace:at System.Web.Mvc.OutputCacheAttribute.GetChildActionFilterFinishCallback(ControllerContext controllerContext)at System.Web.Mvc.AuthorizeAttribute.OnAuthorization(AuthorizationContext filterContext)at ... ConfigurableAuthorizeAttributeTests.unauthenticated_user_not_allowed_to_access_resource() in ... ConfigurableAuthorizeAttributeTests.cs:line 29
有没有人对如何解决这个问题有任何想法?
修改
我找到了解决方案。我还需要模拟ControllerDescriptor并确保HttpContextBase.Items返回一个新的Dictionary。
工作代码:
var context = new Mock<HttpContextBase>();
context.Setup(c => c.Items).Returns(new Dictionary<object, object>());
context.Setup(c => c.User.Identity.IsAuthenticated).Returns(false);
var controller = new Mock<ControllerBase>();
var actionDescriptor = new Mock<ActionDescriptor>();
actionDescriptor.Setup(a => a.ActionName).Returns("Index");
var controllerDescriptor = new Mock<ControllerDescriptor>();
actionDescriptor.Setup(a => a.ControllerDescriptor).Returns(controllerDescriptor.Object);
var controllerContext = new ControllerContext(context.Object, new RouteData(), controller.Object);
var filterContext = new AuthorizationContext(controllerContext, actionDescriptor.Object);
var att = new ConfigurableAuthorizeAttribute();
att.OnAuthorization(filterContext);
Assert.That(filterContext.Result, Is.InstanceOf<RedirectResult>());
Assert.That(((RedirectResult)filterContext.Result).Url, Is.EqualTo("~/home/Unauthorized"));
答案 0 :(得分:11)
我找到了解决方案。我还需要模拟ControllerDescriptor并确保HttpContextBase.Items返回一个新的Dictionary。
工作代码:
var context = new Mock<HttpContextBase>();
context.Setup(c => c.Items).Returns(new Dictionary<object, object>());
context.Setup(c => c.User.Identity.IsAuthenticated).Returns(false);
var controller = new Mock<ControllerBase>();
var actionDescriptor = new Mock<ActionDescriptor>();
actionDescriptor.Setup(a => a.ActionName).Returns("Index");
var controllerDescriptor = new Mock<ControllerDescriptor>();
actionDescriptor.Setup(a => a.ControllerDescriptor).Returns(controllerDescriptor.Object);
var controllerContext = new ControllerContext(context.Object, new RouteData(), controller.Object);
var filterContext = new AuthorizationContext(controllerContext, actionDescriptor.Object);
var att = new ConfigurableAuthorizeAttribute();
att.OnAuthorization(filterContext);
Assert.That(filterContext.Result, Is.InstanceOf<RedirectResult>());
Assert.That(((RedirectResult)filterContext.Result).Url, Is.EqualTo("~/home/Unauthorized"));