CodeAccessSecurityAttribute的模拟自定义实现

Question

我有一个CodeAccessSecurityAttribute的自定义实现，它连接外部源来进行验证。

[Serializable]
[AttributeUsage(AttributeTargets.Method)]
public class IsAuthorizedAttribute : CodeAccessSecurityAttribute
{
    private static readonly PrincipalPermission Allowed = new PrincipalPermission(PermissionState.None);
    private static readonly PrincipalPermission NotAllowed = new PrincipalPermission(PermissionState.Unrestricted);

    public string EntityObject { get; set; }
    public string Field { get; set; }
    public char Expected { get; set; }

    public IsAuthorizedAttribute(SecurityAction action)
            : base(action)
    {
        //setup
    }

    public override IPermission CreatePermission()
    {
        return IsAuthorised(EntityObject, Field, Expected, ServicesConfiguration) ? Allowed : NotAllowed;
    }

    private static bool IsAuthorised(string entityObject, string field, char expected, ServicesConfiguration servicesConfiguration)
    {
        bool? response = null;
        //check external stuff
        return response ?? false;
    }
}

我用以下属性修饰了我的方法：

[IsAuthorized(SecurityAction.Demand, EntityObject = Fields.UserManagement, Field = Fields.AllowDisplay, Expected = '1')]
public List<Group> GetUserGroups()
{
    var response = new List<Group>();

    //Get the groups from the database
    var groups = groupManager.FindAll();

    //Map them to the output group type
    response = groups.Select(x => new Group()
    {
        ID = x.ID,
        Name = x.Name,
        Alias = x.Alias,
        Description = x.Description
    }).ToList();

    return response;
}

我现在想要对这个方法进行单元测试，但是这个属性被触发了。我试过一些东西来嘲弄这个属性，但没有成功。

我用的是Moq和工作服。

这是我的单元测试，没有模拟的属性实例：

[TestMethod]
public void GetUserGroups_UserGroupsFound_UserGroupsReturned()
{
    Smock.Run(context =>
    {
        //Arrange
        Setup();

        m_Container
                    .RegisterMock<IGroupManager>()
                    .Setup(x => x.FindAllFromCache())
                    .Returns(new List<Concept.Security.MasterData.Domain.Group>()
                    {
                        new Concept.Security.MasterData.Domain.Group()
                        {
                            Name = "MyUserGroup",
                            Alias = "My User Group",
                            Description = "My user group description",
                            System = false,
                            Authorizations = "000001111100000000"
                        },
                        new Concept.Security.MasterData.Domain.Group()
                        {
                            Name = "MySecondUserGroup",
                            Alias = "My Second User Group",
                            Description = "My second user group description",
                            System = false,
                            Authorizations = "000000000000000000"
                        }
                    });

        var identityService = new UserManagementService(m_Container, m_UserAuthorizationManager.Object, m_IdentityService.Object);

        //** begin add mocked attribute **//
        //** end add mocked attribute **//

        //Act
        var response = identityService.GetUserGroups();

        //Assert
        Assert.AreEqual(2, response.Count);
        Assert.AreEqual(1, response.Where(x => x.Alias == "MyUserGroup").Count());
        Assert.AreEqual(1, response.Where(x => x.Alias == "MySecondUserGroup").Count());
        Assert.AreEqual(2, response.Where(x => x.Authorizations == null).Count());
    });
}

运行这会导致异常，因为属性试图连接外部服务，但是它们没有(也不能)设置来接收请求。

因此，我尝试添加一个模拟的属性：

//** begin add mocked attribute **//
var identityService = new UserManagementService(m_Container, m_UserAuthorizationManager.Object, m_IdentityService.Object);

var IsAuthorizedAttribute = new Mock<IsAuthorizedAttribute>(MockBehavior.Strict, new object[] { SecurityAction.Demand });
IsAuthorizedAttribute.Setup(x => x.CreatePermission()).Returns(new PrincipalPermission(PermissionState.None));
TypeDescriptor.AddAttributes(identityService, IsAuthorizedAttribute.Object);
//** end add mocked attribute **//

但这一项是调用属性的构造函数，我在其中设置了外部源。当我将这个构造函数放入try/catch并悄悄地处理异常时，就找不到IsAuthorizedAttribute.Object对象上的错误。

不触发属性的其他选项是什么？

Answer 1

构造函数不应该访问外部；否则将很难绕过测试，正如您所知道的。

一个简单的方法是使静态bool字段绕过。这看起来不太好，但也许就足够了。

public class IsAuthorizedAttribute : CodeAccessSecurityAttribute
{
    // set true in the test initialization
    private static bool s_byPass;

    public IsAuthorizedAttribute(SecurityAction action) : base(action)
    {
        if (!s_byPass)
        {
           // setup
        }
    }

    private static bool IsAuthorised(string entityObject, string field, char expected, ServicesConfiguration servicesConfiguration)
    {
        if (s_byPass) { return true; }

        //check external stuff
    }
}

另一种更好的方法是将外部依赖提取到另一个类，以便您可以模拟它。模拟外部依赖项是单元测试的典型模式。

public class IsAuthorizedAttribute : CodeAccessSecurityAttribute
{
    // set mock here in the test initialization.
    // I assume external accessor can be a static field.
    private static ExternalAccessor m_accessor = new ExternalAccessor();

    private static bool IsAuthorised(string entityObject, string field, char expected, ServicesConfiguration servicesConfiguration)
    {
        return m_accessor.Check();
    }
}

public class ExternalAccessor
{
    private bool m_initialized;

    private void Setup()
    {
        // setup
        m_initialized = true;
    }

    public virtual bool Check()
    {
        // You can call setup anytime but the constructor.
        if (!m_initialized) { Setup(); }

        // check external stuff
    }
}