我使用jwt令牌实现了restapi。用户可以注册新帐户,或使用用户名和密码登录。我有一个叫做authcontroller的类。我需要测试两种方法:登录/注册。我想用mockito来测试这个类。
如何模拟身份验证(token)?
@RestController
@RequestMapping(value = "/api/auth")
public class AuthController {
private final AuthenticationManager authenticationManager;
private final JwtTokenUtils jwtToken;
private final UserService userService;
private final UserRepository repository;
private final PasswordEncoder encoder;
private final RoleRepository roleRepository;
@Autowired
public AuthController(AuthenticationManager authenticationManager, JwtTokenUtils jwtToken, UserService userService, UserRepository repository, PasswordEncoder encoder, RoleRepository roleRepository) {
this.authenticationManager = authenticationManager;
this.jwtToken = jwtToken;
this.userService = userService;
this.repository = repository;
this.encoder = encoder;
this.roleRepository = roleRepository;
}方法:/login
@PostMapping("/login")
public ResponseEntity<?> login(@RequestBody AuthDto requestDto) {
try {
String username = requestDto.getUsername();
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(requestDto.getUsername(), requestDto.getPassword()));
User user=userService.findByUsername(username);
SecurityContextHolder.getContext().setAuthentication(authentication);
String jwt = jwtToken.generateJwtToken(authentication);
UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();
List<String> roles = userDetails.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.toList());
return ResponseEntity.ok(new JwtResponseDto(
jwt,
userDetails.getId(),
userDetails.getUsername(),
userDetails.getEmail(),
roles));
} catch (AuthenticationException e) {
throw new BadCredentialsException("Invalid username or password");
}
}方法:/signup
@PostMapping("/signup")
public ResponseEntity<?> registerUser(@RequestBody CustomerDto signUpAuthDto) {
if (repository.existsByUsername(signUpAuthDto.getUsername())) {
return ResponseEntity
.badRequest()
.body(new MessageResponse("Error: Username is already taken"));
}
if (repository.existsByEmail(signUpAuthDto.getEmail())) {
return ResponseEntity
.badRequest()
.body(new MessageResponse("Error: Email is already in use"));
}
if (signUpAuthDto.getPassword() !=null && !signUpAuthDto.getPassword().equals(signUpAuthDto.getConfirm())) {
return ResponseEntity
.badRequest()
.body(new MessageResponse("Error: You entered two different passwords. Please try again"));
}
User user = new User(signUpAuthDto.getUsername(),
signUpAuthDto.getEmail(),
encoder.encode(signUpAuthDto.getPassword()));
encoder.encode(signUpAuthDto.getConfirm());
Set<Role> strRoles = signUpAuthDto.getRole();
Set<Role> roles = new HashSet<>();
if (strRoles == null) {
Role userRole = roleRepository.findByName(EnumRole.ROLE_USER)
.orElseThrow(()-> new RuntimeException("Error: Role is not found"));
roles.add(userRole);
} else {
strRoles.forEach(role -> {
if ("admin".equals(role)) {
Role adminRole = roleRepository.findByName(EnumRole.ROLE_ADMIN)
.orElseThrow(()-> new RuntimeException("Error: Role is not found"));
roles.add(adminRole);
} else {
Role userRole = roleRepository.findByName(EnumRole.ROLE_USER)
.orElseThrow(()-> new RuntimeException("Error: Role is not found"));
roles.add(userRole);
}
});
}
user.setRoles(roles);
repository.save(user);
return ResponseEntity.ok(new MessageResponse("User registered successfully!"));
}
}非常感谢您的帮助!
1条答案
按热度按时间jgwigjjp1#
在这里模拟身份验证的最佳方法是使用
SecurityMockMvcRequestPostProcessorsspring安全测试依赖关系的定义:所以你可以用springmvc控制器来编写一个测试
@WebMvcTest得到一个自动配置的MockMvc示例。通过这种方式,您可以使用模拟的servlet环境测试端点,并且可以模拟任何您想要的身份验证或登录用户。
有关这方面的更多信息,请参阅下面的mockmvc指南。