当我尝试将authenticated_userid的属性设置为请求参数时,我收到错误。它实际上是我用来模拟请求并查看响应的鼻子。
Traceback (most recent call last):
File "/web/core/pulse/wapi/tests/testWapiUtilities_integration.py", line 652, in setUp
setattr(self.request, 'authenticated_userid', self.data['user'].id)
AttributeError: can't set attribute
代码如下
@attr(can_split=False)
class logSuspiciousRequestAndRaiseHTTPError(IntegrationTestCase):
def setUp(self):
super(logSuspiciousRequestAndRaiseHTTPError, self).setUp()
from pyramid.request import Request
from pyramid.threadlocal import get_current_registry
request = Request({
'SERVER_PROTOCOL': 'testprotocol',
'SERVER_NAME': 'test server name',
'SERVER_PORT': '80',
})
request.context = TestContext()
request.root = request.context
request.subpath = ['path']
request.traversed = ['traversed']
request.view_name = 'test view name'
request.path_info = 'test info'
request.scheme = 'https'
request.host = 'test.com'
request.registry = get_current_registry()
self.request = request
self.data = {}
self.createDefaultData()
self.request.userAccount = self.data['user'].userAccount
# @unittest.skip('Pre-Demo skip. Need to mock userAccountModel')
@mock.patch('pulse.wapi.wapiUtilities.pyramid.threadlocal.get_current_request')
@mock.patch('pulse.wapi.wapiUtilities.securityLog')
def testHasRequest_raises400AndLogsError(
self, securityLog, get_current_request):
# Arrange
get_current_request.return_value = self.request
with self.assertRaises(exception.HTTPBadRequest):
from pulse.wapi.wapiUtilities import logSuspiciousRequestAndRaiseHTTPError
logSuspiciousRequestAndRaiseHTTPError()
self.assertTrue(securityLog.called)
self.assertTrue(securityLog.return_value.info.called)
我正在创建一个虚拟请求,我正在添加要求的属性。
当调用此方法logSuspiciousRequestAndRaiseHTTPError()时,该方法会解析请求以获取用户帐户。
userAccountID=authenticated_userid(self.request)
这会返回None,因为请求没有属性self.request.authenticated_userid
如果您需要任何其他信息,请与我们联系。
答案 0 :(得分:3)
最后我得到了解决方案。
我添加了self.config = testing.setUp()
self.config.testing_securitypolicy(
userid=self.data['user'].userAccount.id, permissive=True
)
添加了userAccountId作为测试安全策略的模拟值。
@attr(can_split=False)
class logSuspiciousRequestAndRaiseHTTPError(IntegrationTestCase):
def setUp(self):
super(logSuspiciousRequestAndRaiseHTTPError, self).setUp()
from pyramid.request import Request
from pyramid.threadlocal import get_current_registry
self.config = testing.setUp()
request = Request({
'SERVER_PROTOCOL': 'testprotocol',
'SERVER_NAME': 'test server name',
'SERVER_PORT': '80',
})
request.context = TestContext()
request.root = request.context
request.subpath = ['path']
request.traversed = ['traversed']
request.view_name = 'test view name'
request.path_info = 'test info'
request.scheme = 'https'
request.host = 'test.com'
request.registry = get_current_registry()
self.request = request
self.data = {}
self.createDefaultData()
self.request.userAccount = self.data['user'].userAccount
@mock.patch('pulse.wapi.wapiUtilities.pyramid.threadlocal.get_current_request')
@mock.patch('pulse.wapi.wapiUtilities.securityLog')
def testHasRequest_raises400AndLogsError(
self, securityLog, get_current_request):
# Arrange
get_current_request.return_value = self.request
self.loggedInUser = self.data['user']
self.config.testing_securitypolicy(
userid=self.data['user'].userAccount.id, permissive=True
)
with self.assertRaises(exception.HTTPBadRequest):
from pulse.wapi.wapiUtilities import logSuspiciousRequestAndRaiseHTTPError
logSuspiciousRequestAndRaiseHTTPError()
self.assertTrue(securityLog.called)
self.assertTrue(securityLog.return_value.info.called)
答案 1 :(得分:1)
authenticated_userid是由身份验证框架设置的具体属性。
请参阅Logins with authentication for basic information。
请提供更多代码以设置您的请求,因为在目前的格式中,问题没有详细说明,无法给出准确答案。
答案 2 :(得分:1)
由于authenticated_userid是来自基础身份验证策略的经过验证的属性,因此在进行测试时不能直接在DummyRequest中进行设置。这意味着以下两个均不起作用:
# Will NOT work
dummy_request = DummyRequest(authenticated_userid='mock_user')
# Also will NOT work
dummy_request = DummyRequest()
dummy_request.authenticated_userid = 'mock_user'
相反,如果我们希望能够控制测试的authenticated_userid(或auth策略的其他方面),则需要更改正在运行的测试的基础Pyramid配置。为此,您需要看一下pyramid.testing.setUp(docs here)。这会返回一个配置对象,它可以完成很多事情,但是对我们而言重要的一个是testing_securitypolicy方法(docs here)。
testing_securitypolicy使我们可以从授权的角度对请求的显示方式进行相当精细的控制。查看其文档以了解具体信息,但是有了它,我们可以设置authenticated_userid用于请求的内容,进行设置,从而忽略权限要求,等等。
这是测试中用法的一个示例:
from pyramid.testing import (setUp, tearDown, DummyRequest)
def test_some_view():
config = setUp()
config.testing_securitypolicy(userid='mock_user') # Sets authenticated_userid
dummy_request = DummyRequest()
print(dummy_request.authenticated_userid) # Prints 'mock_user'
# Now ready to test something that uses request.authenticated_userid
from mypyramidapp.views.secure import some_auth_view
result = some_auth_view(dummy_request)
expected = 'Hello mock_user!'
assert result == expected
# Finally, to avoid security changes leaking to other tests, use tearDown
tearDown() # Undo the effects of pyramid.testing.setUp()