Skip to content

Merged and improved the articles about testing + authentication #7507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Apr 15, 2017
Merged

Merged and improved the articles about testing + authentication #7507

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
211da90
Merged and improved the articles about testing + authentication
javiereguiluz Feb 16, 2017
be5fe37
Improved a test
javiereguiluz Apr 15, 2017
fc8e8c6
Fixed status code test
HeahDude Apr 15, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Merged and improved the articles about testing + authentication
  • Loading branch information
@javiereguiluz
javiereguiluz committed Feb 16, 2017
commit 211da90f6549edc35d7f17ab1d9fa0282e6572dc
1 change: 1 addition & 0 deletions _build/redirection_map
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -325,3 +325,4 @@
/deployment/tools /deployment
/install/bundles /setup/bundles
/form /forms
/testing/simulating_authentication /testing/http_authentication
98 changes: 82 additions & 16 deletions testing/http_authentication.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,26 +4,24 @@
How to Simulate HTTP Authentication in a Functional Test
========================================================

If your application needs HTTP authentication, pass the username and password
as server variables to ``createClient()``::
Authenticating requests in functional tests can slow down the entire test suite.
This could become an issue especially when the tests reproduce the same steps
that users follow to authenticate, such as submitting a login form or using
OAuth authentication services.

$client = static::createClient(array(), array(
'PHP_AUTH_USER' => 'username',
'PHP_AUTH_PW' => 'pa$$word',
));
This article explains the two most popular techniques to avoid these issues and
create fast tests when using authentication.

You can also override it on a per request basis::
Using a Faster Authentication Mechanism Only for Tests
------------------------------------------------------

$client->request('DELETE', '/post/12', array(), array(), array(
'PHP_AUTH_USER' => 'username',
'PHP_AUTH_PW' => 'pa$$word',
));
When your application is using a ``form_login`` authentication, you can make
your tests faster by allowing them to use HTTP authentication. This way your
tests authenticate with the simple and fast HTTP Basic method whilst your real
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whilst => while?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I treat them as synonyms. I think this is correct 🤓 but let's wait for more opinions.

users still log in via the normal login form.

When your application is using a ``form_login``, you can simplify your tests
by allowing your test configuration to make use of HTTP authentication. This
way you can use the above to authenticate in tests, but still have your users
log in via the normal ``form_login``. The trick is to include the ``http_basic``
key in your firewall, along with the ``form_login`` key:
The trick is to use the ``http_basic`` authentication in your application
firewall, but only in the configuration file used by tests:

.. configuration-block::

Expand Down Expand Up @@ -54,3 +52,71 @@ key in your firewall, along with the ``form_login`` key:
),
),
));

Tests can now authenticate via HTTP passing the username and password as server
variables using the second argument of ``createClient()``::

$client = static::createClient(array(), array(
'PHP_AUTH_USER' => 'username',
'PHP_AUTH_PW' => 'pa$$word',
));

The username and password can also be passed on a per request basis::

$client->request('DELETE', '/post/12', array(), array(), array(
'PHP_AUTH_USER' => 'username',
'PHP_AUTH_PW' => 'pa$$word',
));

Creating the Authentication Token
---------------------------------

If your application uses a more advanced authentication mechanism, you can't
use the previous trick, but it's still possible to make tests faster. The trick
now is to bypass the authentication process, create the *authentication token*
yourself and store it in the session.

This technique requires some knowledge of the security component internals,
but the following example shows a complete example that you can adapt to your
needs::

// src/AppBundle/Tests/Controller/DefaultControllerTest.php
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be changed to //tests when merged in 2.8 or 3.2.

namespace Appbundle\Tests\Controller;

use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\BrowserKit\Cookie;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;

class DefaultControllerTest extends WebTestCase
{
private $client = null;

public function setUp()
{
$this->client = static::createClient();
}

public function testSecuredHello()
{
$this->logIn();
$crawler = $this->client->request('GET', '/admin');

$this->assertTrue($this->client->getResponse()->isSuccessful());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make use of $this->assertSame(Response::HTTP_OK, $this->client->getResponse()); which is much easier to debug, providing the wrong status code instead of just false when failing.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did this change. Thanks.

$this->assertSame('Admin Dashboard', $crawler->filter('h1')->text());
}

private function logIn()
{
$session = $this->client->getContainer()->get('session');

// the firewall context defaults to the firewall name
$firewallContext = 'secured_area';

$token = new UsernamePasswordToken('admin', null, $firewallContext, array('ROLE_ADMIN'));
$session->set('_security_'.$firewallContext, serialize($token));
$session->save();

$cookie = new Cookie($session->getName(), $session->getId());
$this->client->getCookieJar()->set($cookie);
}
}
62 changes: 0 additions & 62 deletions testing/simulating_authentication.rst
View file
Open in desktop

This file was deleted.