我正在为 MVC 应用程序添加集成测试。我们的许多端点都应用了策略,例如
namespace WorkProject
{
[Route("A/Route")]
public class WorkController : Controller
{
[HttpPost("DoStuff")]
[Authorize(Policy = "CanDoStuff")]
public IActionResult DoStuff(){/* */}
}
}
对于我们的集成测试,我已经覆盖了WebApplicationFactory
就像建议的那样ASP .NET Core 文档 https://learn.microsoft.com/en-us/aspnet/core/test/integration-tests?view=aspnetcore-2.2。我的目标是重载身份验证步骤,并通过创建一个允许所有各方通过授权策略的类来绕过策略。
namespace WorkApp.Tests
{
public class CustomWebApplicationFactory<TStartup> : WebApplicationFactory<TStartup> where TStartup: class
{
protected override void ConfigureWebHost(IWebHostBuilder builder)
{
base.ConfigureWebHost(builder);
builder.ConfigureServices(services =>
{
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = "Test Scheme"; // has to match scheme in TestAuthenticationExtensions
options.DefaultChallengeScheme = "Test Scheme";
}).AddTestAuth(o => { });
services.AddAuthorization(options =>
{
options.AddPolicy("CanDoStuff", policy =>
policy.Requirements.Add(new CanDoStuffRequirement()));
});
// I've also tried the line below, but neither worked
// I figured that maybe the services in Startup were added before these
// and that a replacement was necessary
// services.AddTransient<IAuthorizationHandler, CanDoStuffActionHandler>();
services.Replace(ServiceDescriptor.Transient<IAuthorizationHandler, CanDoStuffActionHandler>());
});
}
}
internal class CanDoStuffActionHandler : AuthorizationHandler<CanDoStuffActionRequirement>
{
public CanDoStuffActionHandler()
{
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CanDoStuffActionRequirement requirement)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
}
internal class CanDoStuffRequirement : IAuthorizationRequirement
{
}
}
我对服务所做的第一件事是按照建议覆盖身份验证here https://medium.com/@jackwild/bypassing-asp-net-core-2-0-authorize-tags-in-integration-tests-7bda8fcb0eca(没有关于覆盖的位Startup
因为这似乎对我不起作用)。我倾向于相信这种身份验证覆盖是有效的。当我运行测试时,我从 xUnit 测试框架内收到 HTTP 403。如果我点击从 PostMan 测试的路由,我会收到 HTTP 401。我还创建了一个位于自定义 Web 应用程序工厂中的类,该类允许对CanDoStuff
授权处理程序。我认为这将允许通过授权策略进行集成测试,但是,如上所述,我收到 HTTP 403。我知道如果应用程序不知道某些文件在哪里,则会返回 403。然而,这是严格用于接收和处理数据的后路由,并且该路由不会尝试返回任何视图,因此该 403 很可能与授权策略相关,由于某种原因,该策略未被覆盖。
我显然做错了什么。当我在调试模式下运行测试并在HandleRequirementsAsync
功能,应用程序永远不会中断。我应该尝试以不同的方式覆盖授权策略吗?