All geek questions in one place

Unit-oriented aspects

I would like to know what you will offer as the best way for aspect-oriented unit test applications (well, maybe this is not the best name, but this is the best I could come up with :-)), for example, logging or security?

These things seem to be present in the application, so how to test them correctly?

eg. let's say that I am writing a Cherrypy web server in Python. I can use the decorator to check if the registered user has access rights to this page. But then I will need to write a test for each page to see if it works oK (or more like I didn’t forget to check perms for this page).

Perhaps this can be (maybe) (with emphasis on) be tolerant if logging and / or security were implemented during the "normal business implementation" web server. However, security and logging are usually usually added to the application as a follow-up (or maybe this is just my experience, they usually give me a server, and then I am asked to implement a security model :-)).

Any thoughts on this are very welcome. I currently "solved" this question, well, without testing it at all. Thanks.

+4
source share
3 answers

IMHO, the way to test user rights on pages depends on the design of your application and the design of the structure used.

Typically, this is probably enough to cover your rights-checking handler with unit tests to make sure it always works as expected, and then write a test that cycles through your “views” (or some the term that cherrypy uses has not used it for a very long time) and just check to see if these functions are decorated with the appropriate decorator.

As for registration, it is not entirely clear what you want to check specifically. Anyway, why is it impossible to turn off the logging function and check what happens there?

+1
source

OK, we will see. In my opinion, you are testing three different things here (sorry for the “Java AOP jargon”):

  • functions implemented by interceptors (i.e. methods that implement functions activated at cut points)
  • filter coverage (that is, whether the cutpoint targets are correctly used or not).
  • interaction between intersection points and interceptors (with side effects)

You are testing the device (strictly speaking) if you can process these three layers separately. In fact, you can unit test first; You can use the coverage tool and some skeleton crew app with mock objects to test the second; but the third one is not exactly unit testing, so you may have to set up a test environment, develop an end-to-end test and write some scripts to enter data into your application and collect the results (if it was a web application that you could for example, Selenium) .

0
source

I am responsible for the specific example that you are giving, and not for possible problems with bolt protection. Decorators are just regular functions, and you can test them as such. For instance:

# ... inside included module ... def require_admin(function): if (admin): return function else: return None @require_admin def func1(arg1, arg2): pass # ... inside unit test ... def test_require_admin(self): admin = False f = lambda x: x g = require_admin(f) assert_equal(g, None) admin = True g = require_admin(f) assert_equal(g, f)

Note. This is a really awful way to do a security check, but it makes sense regarding testing decorators. This is one of the nice things about Python: it is REALLY consistent. The following expressions are equivalent:

 @g def f(x): return x

and

 def f(x): return x f = g(f)
0
source

Source: https://habr.com/ru/post/1303453/

More articles:


All Articles