Explore our sites

Stack Exchange
tour help careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 5 down vote favorite
1

I had a small test done in PHP for a Controller I had written in Symfony2:

class DepositControllerTest extends WebTestCase {

    public function testDepositSucceeds() {

        $this->crawler = self::$client->request(
            'POST',
            '/deposit',
            array( "amount" => 23),
            array(),
            array()
        );

        $this->assertEquals(
            "Deposit Confirmation",
            $this->crawler->filter("title")->text());
    }
}

Up to here, everything was great. Problem started when I realized I wanted to disable possible re-submissions while refreshing the page. So I added a small mechanism to send nonce on every submission.

It works something like this:

class ReplayManager {

    public function getNonce() {
        $uid = $this->getRandomUID();
        $this->session->set("nonce", $uid);
        return $uid;
    }

    public function checkNonce($cnonce) {

        $nonce = $this->session->get("nonce");

        if ($cnonce !== $nonce)
            return false;

        $this->session->set("nonce", null);
        return true;
    }
}

So I had to mofidy the controller to get the nonce when displaying the form, and consume it when submitting.

But now this introduces a problem. I cant make a request to POST /deposit because I dont know what nonce to send. I thought to requesting first GET /deposit to render the form, and setting one, to use it in the POST, but I suspect Symfony2 sessions are not working in PHPUnit.

How could I solve this issue? I would not want to go to Selenium tests, since they are significant slower, not to mention that I would have to rewrite A LOT of tests.

UPDATE: I add a very simplified version of the controller code by request.

class DepositController extends Controller{

    public function formAction(Request $request){

        $this->replayManager = $this->getReplayManager();
        $context["nonce"] = $this->replayManager->getNonce();

        return $this->renderTemplate("form.twig", $context);
    }

    protected function depositAction(){

        $this->replayManager = $this->getReplayManager();
        $nonce               = $_POST["nonce"];

        if (!$this->replayManager->checkNonce($nonce))
            return $this->renderErrorTemplate("Nonce expired!");

        deposit($_POST["amount"]);

        return $this->renderTemplate('confirmation.twig');
    }

    protected function getSession() {
        $session = $this->get('session');
        $session->start();
        return $session;
    }

    protected function getReplayManager() {
        return new ReplayManager($this->getSession());
    }

}
share|improve this question
 
Could you show your controller code? What else is ReplayManager doing? I think your issue here is Separation of Concerns and your controller code may be useful in confirming that. –  vascowhite Nov 7 at 13:38
 
Done, i wrote a very simplified version of the controller –  Dbugger Nov 7 at 14:52
 
Why do not use PRG pattern? –  sectus Nov 7 at 23:52
 
Would PRG protect me if the user pressed F5 before the page loads the instructiong forward()? –  Dbugger Nov 8 at 10:05
add comment

2 Answers

up vote 1 down vote accepted

I'm not sure what ReplayManager does, but it looks to me as if it is not the right class to handle the 'nonce'. As the 'nonce' is ultimately stored in and retrieved from the session it should either be handled by the controller or abstracted out into its own class which is then passed in as a dependency. This will allow you to mock the nonce (sounds like a sitcom!) for testing.

In my experience problems in testing are actually problems with code design and should be considered a smell. In this case your problem stems from handling the nonce in the wrong place. A quick refactoring session should solve your testing problems.

share|improve this answer
 
Agreed - as far as I'm concerned anything requiring the session object should be handled in the controller. However, I don't think this is contributing to the OP's issue in this instance. –  redbirdo Nov 7 at 16:29
 
Well, the replayManager is handled by the Controller, so isnt it the same? I have updated the controller, to show how I pass the session. –  Dbugger Nov 7 at 16:47
add comment
up vote 0 down vote

It is possible to access the Symfony2 session from PHPUnit via the WebTestCase client. I think something like this should work:

public function testDepositSucceeds() {

    $this->crawler = self::$client->request(
        'GET',
        '/deposit',
    );

    $session = $this->client->getContainer()->get('session');
    $nonce = $session->get('nonce');

    $this->crawler = self::$client->request(
        'POST',
        '/deposit',
        array("amount" => 23, "nonce" => $nonce),
        array(),
        array()
    );

    $this->assertEquals(
        "Deposit Confirmation",
        $this->crawler->filter("title")->text());
}

EDIT:

Alternatively, if there is a problem getting the nonce value from the session, you could try replacing the two lines between the GET and POST requests above with:

$form = $crawler->selectButton('submit');
$nonce = $form->get('nonce')->getValue(); // replace 'nonce' with the actual name of the element
share|improve this answer
 
I tried that! The problem is that when I do the POST, the nonce that was created on the first page isn't on the second page. This is what I meant with PHP sessions not working on PHPUnit –  Dbugger Nov 7 at 16:51
 
Hmmm. I do successfully retrieve a session value within a unit test but I also have a comment against it "// If we get this later, it's empty!" so there was an issue. Having said that, that project is still on Symfony 2.0.4 so things have probably changed - I was hoping for the better but perhaps not? –  redbirdo Nov 7 at 17:07
 
I have edited to suggest an alternative approach. –  redbirdo Nov 7 at 18:51
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.