问题描述

限时删除！！

我在.NET Core 2.1中使用了基于资源的授权模式，如此处.我唯一的问题是我不知道如何干净地测试AuthorizationHandler.

I used the resource based authorization pattern in .NET Core 2.1 as described here. The only problem that I have is I have no idea on how to test my AuthorizationHandler cleanly.

这里有人做过类似的事情吗?

Anyone here did something like that already?

AuthorizationHandler示例(通过上面的链接):

AuthorizationHandler sample (from the above link):

public class DocumentAuthorizationHandler :
    AuthorizationHandler<SameAuthorRequirement, Document>
{
    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
                                                   SameAuthorRequirement requirement,
                                                   Document resource)
    {
        if (context.User.Identity?.Name == resource.Author)
        {
            context.Succeed(requirement);
        }

        return Task.CompletedTask;
    }
}

public class SameAuthorRequirement : IAuthorizationRequirement { }

推荐答案

所有必需的依赖项都可用于隔离的单元测试.

All the required dependencies are available for an isolated unit test.

可以通过HandleRequirementAsync. rel ="noreferrer"> Task HandleAsync(AuthorizationHandlerContext context)

the desired method under test HandleRequirementAsync is accessible via the Task HandleAsync(AuthorizationHandlerContext context)

/// <summary>
/// Makes a decision if authorization is allowed.
/// </summary>
/// <param name="context">The authorization context.</param>
public virtual async Task HandleAsync(AuthorizationHandlerContext context)
{
    if (context.Resource is TResource)
    {
        foreach (var req in context.Requirements.OfType<TRequirement>())
        {
            await HandleRequirementAsync(context, req, (TResource)context.Resource);
        }
    }
}

该成员仅依赖AuthorizationHandlerContext，该成员具有如下构造函数

And that member is only dependent on AuthorizationHandlerContext which has a constructor as follows

public AuthorizationHandlerContext(
    IEnumerable<IAuthorizationRequirement> requirements,
    ClaimsPrincipal user,
    object resource) {

    //... omitted for brevity
}

源

一个简单的隔离单元测试，用于验证DocumentAuthorizationHandler的预期行为.

Simple isolated unit test that verifies the expected behavior of DocumentAuthorizationHandler.

public async Task DocumentAuthorizationHandler_Should_Succeed() {
    //Arrange
    var requirements = new [] { new SameAuthorRequirement()};
    var author = "author";
    var user = new ClaimsPrincipal(
                new ClaimsIdentity(
                    new Claim[] {
                        new Claim(ClaimsIdentity.DefaultNameClaimType, author),
                    },
                    "Basic")
                );
    var resource = new Document {
        Author = author
    };
    var context = new AuthorizationHandlerContext(requirements, user, resource);
    var subject = new DocumentAuthorizationHandler();

    //Act
    await subject.HandleAsync(context);

    //Assert
    context.HasSucceeded.Should().BeTrue(); //FluentAssertions
}

这篇关于单元测试AuthorizationHandler的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！

1403页，肝出来的..