Symfony2博客应用程序教程：第四部分（续）－测试安全页

• 原文出处：http://www.dobervich.com/2011/03/28/symfony2-blog-application-tutorial-part-v-2-testing-secure-pages/
• 原文作者：Dustin Dobervich
• 授权许可：创作共用协议
• 翻译人员：FireHare
• 校对人员：FireHare
• 适用版本：Symfony 2
• 文章状态：已校对

I just wanted to write a quick post illustrating how to use the http basic authentication mechanism to test secured pages. Since the testing framework does not support sessions at the moment, it is not possible to write tests using the form login mechanism. Because of this, we have to use http basic authentication to test our secure pages.
我只想快速写一篇文章说明如何使用HTTP基本认证机制来测试安全页面。因为测试框架目前不支持会话，因此不可以使用表单登录机制来编写测试。有鉴于此，我们不得不使用HTTP基本认证来测试我们的安全页面。

First, we must make changes to the application’s test environment. The config_test.yml file located in the app/config directory is where we put all of our test environment specific configuration. We need to override the security configuration we set up in the previous tutorial to use the http basic authentication mechanism. Open up the config_test.yml file and add the following.
首先，我们必须修改应用程序的测试环境。我们将我们测试环境的相关配置全部放入了位于app/config目录中的config_test.yml文件中。我们需要覆写在先前教程中设置的安全配置，以便使用HTTP基本认证机制。打开config_test.yml文件，并添加下列语句：

1. ## Security Configuration 
2. security: 
3.     encoders: 
4.         Symfony\Component\Security\Core\User\User: plaintext 
5.  
6.     providers: 
7.         main: 
8.             users: 
9.                 john.doe: { password: admin, roles: ROLE_ADMIN } 
10.  
11.     firewalls: 
12.         main: 
13.             pattern:    /.* 
14.             http_basic: true 
15.             logout:     true 
16.             security: true 
17.             anonymous: true 

Here we have declared that we want to use http_basic authentication in the test environment firewall. We have also told symfony that we want to use a plaintext password encoder for our user. This allows us to specify the user’s password in plain text. Under the providers entry we have declared an in-memory user with a username of john.doe, a password of admin and having the role ROLE_ADMIN. We will supply these credentials in our request using server parameters.
在这里，我们在测试环境的防火墙中声明我们想使用http_basic认证。我们还告诉Symfony2我们想为我们的用户使用纯文本密码编码器。这样可以让我们用纯文本指定用户的密码。在提供器条目下，我们声明了一个用户名是john.doe的in-memory用户，密码是admin，并且拥有ROLE_ADMIN角色。我们将在我们的请求里使用服务器参数来提供这些参数。

Now open up the AdminControllerTest.php file located in the src/Company/BlogBundle/Tests/Controller folder. Here is the code for the test.
现在打开位于src/Company/BlogBundle/Tests/Controller文件夹中的AdminControllerTest.php文件，以下是测试代码。

1. namespace Company\BlogBundle\Tests\Controller; 
2.   
3. use Symfony\Bundle\FrameworkBundle\Test\WebTestCase; 
4.   
5. class AdminControllerTest extends WebTestCase 
6. { 
7.     public function testIndex() 
8.     { 
9.         $client = $this->createClient(); 
10.         $client->followRedirects(true); 
11.   
12.         // request the index action with invalid credentials 
13.         $crawler = $client->request('GET', '/admin/', array(), array(), 
14.             array('PHP_AUTH_USER' => 'john.doe', 'PHP_AUTH_PW' => 'wrong_pass')); 
15.   
16.         $this->assertEquals(200, $client->getResponse()->getStatusCode()); 
17.   
18.         // we should be redirected to the login page 
19.         $this->assertTrue($crawler->filter('title:contains("Login")')->count() > 0); 
20.   
21.         // request the index action with valid credentials 
22.         $crawler = $client->request('GET', '/admin/', array(), array(), 
23.             array('PHP_AUTH_USER' => 'john.doe', 'PHP_AUTH_PW' => 'admin')); 
24.   
25.         $this->assertEquals(200, $client->getResponse()->getStatusCode()); 
26.   
27.         // check the title of the page matches the admin home page 
28.         $this->assertTrue($crawler->filter('title:contains("Admin | Home")')->count() > 0); 
29.   
30.         // check that the logout link exists 
31.         $this->assertTrue($crawler->filter('a:contains("Logout")')->count() > 0); 
32.     } 
33. } 

The code is fairly straightforward. You should be able to follow along with the comments and know what is going on. Two special server parameters are used to pass the user’s credentials to the application PHP_AUTH_USER and PHP_AUTH_PW.
代码非常简单。您应该能够根据注解明白是怎么回事。两个特定的服务器参数（PHP_AUTH_USER和PHP_AUTH_PW）用于将用户的证书发送到应用程序。

You should now be setup to test all of your secured pages. I am still not sure what I will be posting about next. I have been out of town, so I have not had time to even think about it. I am hesitant to do a Form tutorial because of the proposed changes. I was thinking about maybe going over the container and writing a custom service. Let me know what you guys want. Until next time…
您现在应该做好测试您所有安全页面的设置。我一直不确定我下一篇文章要写什么。我不在家，所以我没有时间考虑这个。我很犹豫是改主意写一篇表单教程，还是按原计划写写容器和自定义服务？让我知道您需要什么。直到下一次...