chevron-thin-right chevron-thin-left brand cancel-circle search youtube-icon google-plus-icon linkedin-icon facebook-icon twitter-icon toolbox download check linkedin phone twitter-old google-plus facebook profile-male chat calendar profile-male
Welcome to Typemock Community! Here you can ask and receive answers from other community members. If you liked or disliked an answer or thread: react with an up- or downvote.
0 votes
I'll admit, I'm just starting out with Typemock and currently have the 30-day trial installed. We are evaluating it for our mocking purposes.

I'm currently on a massive project that is going to make heavy use of HttpModules and I'm looking for suggestions on how to properly test an HttpModule.

I was initially thinking that we need to mock the entire HttpApplication so that we can force required dependences (ie: session, cookie, headers, etc) into the pipeline.

Problem is I'm not really sure how to go about starting down this path. Again, any suggestions are greatly appreciated. Sample code would be really great.

Thanks.
asked by kyleheon (3.1k points)

5 Answers

0 votes
Hi,
It really depends on the project.
I would build the mock framework slowly.
i.e. start with the first test scenario, and see what you have to mock there, and slowly build on that. Adding fakes when needed.
If you can post a small test scenario, we can help from there.
answered by scott (32k points)
0 votes
Well, one scenario that we will need to test is receiving an xml token that will be posted to our site. This token will enable SSO (single sign-on) and could be in one of two states.

The first state will be an encrypted "request" token, meaning the portal site has passed us a token. The secondary state would be a decrypted token. What this means is that we've received the encrypted request token and then posted that token back to an authentication server. Once approved at the authentication server, a fully decrypted "response" token will be received.

There is also a state that would be in affect after the response token has been received. Assuming all is well with the response token, a session (of some kind) will be created for the user to persist various details about the current user.

The final step in this process will be to determine if the active user is authorized to view the requested content. This will be done by comparing information from the response token with the requested pages security.

We are envisioning a series of HttpModule's that sit and monitor the http pipeline looking for the token in both of it's states and acting as required. There will also be something monitoring for active users.

Kyle Heon
http://www.kyleheon.com
answered by kyleheon (3.1k points)
0 votes
There are quite a few things that you are creating and verifying here.
1. That the wiring is working.
Here you can either use an 'integration test' and run the ASP
or expect the event to be registered and fire them to see that the wiring works (See Events)
2. That the event method is working.
In this case you can either fire the event, or call the event directly but you will have to mock the HttpApplication and HttpContext to return the desired results. Using Chained Natural Mocks is the way to go here.

example
suppose your code looks like this:
public class SecurityHttpModule : IHttpModule    
{
    public void Dispose() {}

    public void Init(HttpApplication application)
    {
        application.BeginRequest += new EventHandler(application_BeginRequest);
    }

    void application_BeginRequest(object source, EventArgs e)
    {
        HttpApplication application = (HttpApplication) source;
        HttpContext context = application.Context;
        // get the user, populate the Thread.CurrentUser…
        HttpCookie cookie = context.Request.Cookies.Get("CookieName");
        if (!cookie.Secure)
        {
            // do something...
        }
    }
}

Here are some tests
[Test]
[VerifyMocks]
public void TestThatEventsAreWiredUpCorrectly()
{
    SecurityHttpModule underTest = new SecurityHttpModule();
    HttpApplication application = new HttpApplication(); 
    // Record Mocks - make sure that the event is registered
    using (RecordExpectations recorder = RecorderManager.StartRecording())
    {
        application.BeginRequest += null;
    }

    underTest.Init(application);
    // this is verified using the VerifyMocks decorator
}

[Test]
[VerifyMocks]
public void FireEventsWithCookieSet()
{
    SecurityHttpModule underTest = new SecurityHttpModule();
    HttpApplication application = new HttpApplication(); 
    MockedEvent beginRequestHandle;
    // Record Mocks
    using (RecordExpectations recorder = RecorderManager.StartRecording())
    {
        // mock the event registration
        application.BeginRequest += null;
        beginRequestHandle = RecorderManager.LastMockedEvent;

        // mock secure cookie
        HttpCookie mockedCookie = application.Context.Request.Cookies.Get("CookieName");
        recorder.CheckArguments(); // make sure that we request the correct cookie
        recorder.ExpectAndReturn(mockedCookie.Secure, true);
        
    }

    underTest.Init(application);
    // fire a new request
    beginRequestHandle.Fire(application, EventArgs.Empty);
    // test that is behaves normally
}
answered by scott (32k points)
0 votes
Scott,

Many thanks for your help here. The sample code provided has been wonderful. I've been playing around w/Typemock most of today to get a feel for how to use it.

I'm struggling with how to do assertions outside of the recorder block. Specifically here:

beginRequestHandle.Fire(application, EventArgs.Empty);
// test that is behaves normally


Maybe I'm missing the point of mocking. What exactly would I test?

From what I'm finding is that when you use the recorder block you have to basically outline everything that should happen and if you don't the test(s) fail. I also saw that you can tell the recorder to ignore certain functionality.

Is this true? Am I understanding things correctly?
answered by kyleheon (3.1k points)
0 votes
Hi,
You understand correctly. What ever is in the recorder will be expected and faked in the tested code, this allows you to isolate the piece of code and test it.
You have a lot of control over what you expect to happen and what to fake,
You can expect a method to be called a specific amount of time, with specific arguments etc etc...

The second example is quite advanced, it will allow you to fake an event, so if you register to an event, you can isolate you code from the component that fires your event and fake firing it.

Suppose application_BeginRequest failed if the cookie was not secure, the test can then fire the event and verify that an exception was thrown.

The application might call some error message mechanism, you can then make sure that is was called by parsing the html page or [using another mock] by expecting the error mechanism to be called
answered by scott (32k points)
...