单元测试自定义AuthenticationHandler中间件

时间:2019-11-20 20:47:53

标签: c# unit-testing asp.net-core asp.net-core-middleware asp.net-core-authenticationhandler

如何对继承自AuthenticationHandler<AuthenticationSchemeOptions>的自定义中间件进行单元测试?

从其继承的我的自定义类用于基本身份验证。

    public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
    {
        private readonly IProvidePrincipal _principalProvider;

        public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IProvidePrincipal principalProvider)
            : base(options, logger, encoder, clock)
        {
            _principalProvider = principalProvider;
        }

        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
        {
            if (Request.Headers.TryGetValue(HeaderNames.Authorization, out StringValues authorizationHeader))
            {
                if (Credentials.TryParse(authorizationHeader, out Credentials credentials))
                {
                    var principal = await _principalProvider.GetClaimsPrincipalAsync(credentials.Username, credentials.Password, Scheme.Name);

                    if (principal != null)
                    {
                        var ticket = new AuthenticationTicket(principal, Scheme.Name);

                        return AuthenticateResult.Success(ticket);
                    }
                    else
                    {
                        return AuthenticateResult.Fail("Basic authentication failed.  Invalid username and password.");
                    }
                }
                else
                {
                    return AuthenticateResult.Fail("Basic authentication failed.  Unable to parse username and password.");
                }
            }

            return AuthenticateResult.Fail("Basic authentication failed.  Authorization header is missing.");
        }
    }

1 个答案:

答案 0 :(得分:0)

单元测试自定义中间件相对容易,但是当您继承自AuthenticationHandler时,基类会在其中投入使用。在四处查看并仅找到集成测试之后,我终于能够弄清楚该怎么做。

单元测试的基本设置不会因每次测试而改变。

    [TestClass]
    public class BasicAuthenticationTests
    {
        private readonly Mock<IOptionsMonitor<AuthenticationSchemeOptions>> _options;
        private readonly Mock<ILoggerFactory> _loggerFactory;
        private readonly Mock<UrlEncoder> _encoder;
        private readonly Mock<ISystemClock> _clock;
        private readonly Mock<IProvidePrincipal> _principalProvider;
        private readonly BasicAuthenticationHandler _handler;

        public BasicAuthenticationTests()
        {
            _options = new Mock<IOptionsMonitor<AuthenticationSchemeOptions>>();

            var logger = new Mock<ILogger<BasicAuthenticationHandler>>();
            _loggerFactory = new Mock<ILoggerFactory>();
            _loggerFactory.Setup(x => x.CreateLogger(It.IsAny<String>())).Returns(logger.Object);

            _encoder = new Mock<UrlEncoder>();
            _clock = new Mock<ISystemClock>();
            _principalProvider = new Mock<IProvidePrincipal>();

            _handler = new BasicAuthenticationHandler(_options.Object, _loggerFactory.Object, _encoder.Object, _clock.Object, _principalProvider.Object);
        }
_loggerFactory.Setup(x => x.CreateLogger(It.IsAny<String>())).Returns(logger.Object);上的

特别说明 如果不这样做,则在您的处理程序对无法调试的代码中的空引用完成后,单元测试将爆炸。这是因为基类在其构造函数中调用了CreateLogger

现在,您可以使用DefaultHttpContext设置上下文以测试逻辑。

        [TestMethod]
        public async Task HandleAuthenticateAsync_NoAuthorizationHeader_ReturnsAuthenticateResultFail()
        {
            var context = new DefaultHttpContext();

            await _handler.InitializeAsync(new AuthenticationScheme(BasicAuthenticationHandler.SchemeName, null, typeof(BasicAuthenticationHandler)), context);
            var result = await _handler.AuthenticateAsync();

            Assert.IsFalse(result.Succeeded);
            Assert.AreEqual("Basic authentication failed.  Authorization header is missing.", result.Failure.Message);
        }

注意,因为受保护,您不能直接呼叫HandleAuthenticateAsync。必须先初始化处理程序,然后调用AuthenticateAsync

我包括了下面要测试的其余逻辑,以提供有关如何操纵上下文的示例  并针对不同的测试场景确定结果。

        [TestMethod]
        public async Task HandleAuthenticateAsync_CredentialsTryParseFails_ReturnsAuthenticateResultFail()
        {
            var context = new DefaultHttpContext();
            var authorizationHeader = new StringValues(String.Empty);
            context.Request.Headers.Add(HeaderNames.Authorization, authorizationHeader);

            await _handler.InitializeAsync(new AuthenticationScheme(BasicAuthenticationHandler.SchemeName, null, typeof(BasicAuthenticationHandler)), context);
            var result = await _handler.AuthenticateAsync();

            Assert.IsFalse(result.Succeeded);
            Assert.AreEqual("Basic authentication failed.  Unable to parse username and password.", result.Failure.Message);
        }

        [TestMethod]
        public async Task HandleAuthenticateAsync_PrincipalIsNull_ReturnsAuthenticateResultFail()
        {
            _principalProvider.Setup(m => m.GetClaimsPrincipalAsync(It.IsAny<String>(), It.IsAny<String>(), It.IsAny<String>())).ReturnsAsync((ClaimsPrincipal)null);

            var context = new DefaultHttpContext();
            var authorizationHeader = new StringValues("Basic VGVzdFVzZXJOYW1lOlRlc3RQYXNzd29yZA==");
            context.Request.Headers.Add(HeaderNames.Authorization, authorizationHeader);

            await _handler.InitializeAsync(new AuthenticationScheme(BasicAuthenticationHandler.SchemeName, null, typeof(BasicAuthenticationHandler)), context);
            var result = await _handler.AuthenticateAsync();

            Assert.IsFalse(result.Succeeded);
            Assert.AreEqual("Basic authentication failed.  Invalid username and password.", result.Failure.Message);
        }

        [TestMethod]
        public async Task HandleAuthenticateAsync_PrincipalIsNull_ReturnsAuthenticateResultSuccessWithPrincipalInTicket()
        {
            var username = "TestUserName";
            var claims = new[] { new Claim(ClaimTypes.Name, username) };
            var identity = new ClaimsIdentity(claims, BasicAuthenticationHandler.SchemeName);
            var claimsPrincipal = new ClaimsPrincipal(identity);
            _principalProvider.Setup(m => m.GetClaimsPrincipalAsync(It.IsAny<String>(), It.IsAny<String>(), It.IsAny<String>())).ReturnsAsync(claimsPrincipal);

            var context = new DefaultHttpContext();
            var authorizationHeader = new StringValues("Basic VGVzdFVzZXJOYW1lOlRlc3RQYXNzd29yZA==");
            context.Request.Headers.Add(HeaderNames.Authorization, authorizationHeader);

            await _handler.InitializeAsync(new AuthenticationScheme(BasicAuthenticationHandler.SchemeName, null, typeof(BasicAuthenticationHandler)), context);
            var result = await _handler.AuthenticateAsync();

            Assert.IsTrue(result.Succeeded);
            Assert.AreEqual(BasicAuthenticationHandler.SchemeName, result.Ticket.AuthenticationScheme);
            Assert.AreEqual(username, result.Ticket.Principal.Identity.Name);
        }