首先,只要你的测试用例是不是单元测试,这就是所谓的整合测试,因为它依赖于环境中可用的MySQL服务器上。
然后,我们将进行集成测试。在proper DB testing with PHPUnit复杂性让事情变得足够简单,不钻研,这里的例子测试用例类,考虑到与可用性写着:
tests.php
<?php
require_once(__DIR__.'/code.php');
class BruteForceTests extends PHPUnit_Framework_TestCase
{
/** @test */
public function NoLoginAttemptsNoBruteforce()
{
// Given empty dataset any random time will do
$any_random_time = date('H:i');
$this->assertFalse(
$this->isUserTriedToBruteForce($any_random_time)
);
}
/** @test */
public function DoNotDetectBruteforceIfLessThanFiveLoginAttemptsInLastTwoHours()
{
$this->userLogged('5:34');
$this->userLogged('4:05');
$this->assertFalse(
$this->isUserTriedToBruteForce('6:00')
);
}
/** @test */
public function DetectBruteforceIfMoreThanFiveLoginAttemptsInLastTwoHours()
{
$this->userLogged('4:36');
$this->userLogged('4:23');
$this->userLogged('4:00');
$this->userLogged('3:40');
$this->userLogged('3:15');
$this->userLogged('3:01'); // ping! 6th login, just in time
$this->assertTrue(
$this->isUserTriedToBruteForce('5:00')
);
}
//==================================================================== SETUP
/** @var PDO */
private $connection;
/** @var PDOStatement */
private $inserter;
const DBNAME = 'test';
const DBUSER = 'tester';
const DBPASS = 'secret';
const DBHOST = 'localhost';
public function setUp()
{
$this->connection = new PDO(
sprintf('mysql:host=%s;dbname=%s', self::DBHOST, self::DBNAME),
self::DBUSER,
self::DBPASS
);
$this->assertInstanceOf('PDO', $this->connection);
// Cleaning after possible previous launch
$this->connection->exec('delete from login_attempts');
// Caching the insert statement for perfomance
$this->inserter = $this->connection->prepare(
'insert into login_attempts (`user_id`, `time`) values(:user_id, :timestamp)'
);
$this->assertInstanceOf('PDOStatement', $this->inserter);
}
//================================================================= FIXTURES
// User ID of user we care about
const USER_UNDER_TEST = 1;
// User ID of user who is just the noise in the DB, and should be skipped by tests
const SOME_OTHER_USER = 2;
/**
* Use this method to record login attempts of the user we care about
*
* @param string $datetime Any date & time definition which `strtotime()` understands.
*/
private function userLogged($datetime)
{
$this->logUserLogin(self::USER_UNDER_TEST, $datetime);
}
/**
* Use this method to record login attempts of the user we do not care about,
* to provide fuzziness to our tests
*
* @param string $datetime Any date & time definition which `strtotime()` understands.
*/
private function anotherUserLogged($datetime)
{
$this->logUserLogin(self::SOME_OTHER_USER, $datetime);
}
/**
* @param int $userid
* @param string $datetime Human-readable representation of login time (and possibly date)
*/
private function logUserLogin($userid, $datetime)
{
$mysql_timestamp = date('Y-m-d H:i:s', strtotime($datetime));
$this->inserter->execute(
array(
':user_id' => $userid,
':timestamp' => $mysql_timestamp
)
);
$this->inserter->closeCursor();
}
//=================================================================== HELPERS
/**
* Helper to quickly imitate calling of our function under test
* with the ID of user we care about, clean connection of correct type and provided testing datetime.
* You can call this helper with the human-readable datetime value, although function under test
* expects the integer timestamp as an origin date.
*
* @param string $datetime Any human-readable datetime value
* @return bool The value of called function under test.
*/
private function isUserTriedToBruteForce($datetime)
{
$connection = $this->tryGetMysqliConnection();
$timestamp = strtotime($datetime);
return wasTryingToBruteForce(self::USER_UNDER_TEST, $connection, $timestamp);
}
private function tryGetMysqliConnection()
{
$connection = new mysqli(self::DBHOST, self::DBUSER, self::DBPASS, self::DBNAME);
$this->assertSame(0, $connection->connect_errno);
$this->assertEquals("", $connection->connect_error);
return $connection;
}
}
该测试套件是自包含的,并已三个测试用例:当没有登录尝试记录时,用于在检查时间的两个小时内有六个登录尝试记录,并且在同一时间范围内只有两个登录尝试记录时。
这是测试套件不足,例如,您需要测试bruteforce的检查是否真正适用于我们感兴趣的用户,并忽略其他用户的登录尝试。另一个例子是你的函数应该在检查时间结束时间的两个小时间隔内真正选择记录,而不是在检查时间减去两小时后(如现在这样)存储的所有记录。您可以自己编写所有剩余的测试。
这个测试套件与PDO
连接到DB,它绝对优于接口mysqli
,但是对于被测功能的需求,它会创建相应的连接对象。
一个很重要的应当注意到:你的功能,因为它是因为不可控制的库函数这里静态依赖的不可测:
// Get timestamp of current time
$now = time();
检查的时间应提取功能函数参数可以通过自动方式进行测试,如下所示:
function wasTryingToBruteForce($user_id, $connection, $now)
{
if (!$now)
$now = time();
//... rest of code ...
}
正如您所看到的,我已将您的函数更名为更清晰的名称。
除此之外,我想你应该非常小心working with datetime values in between MySQL and PHP,并且也永远不会通过连接字符串构造SQL查询,而是使用参数绑定来代替。所以,你最初的代码稍微清理版本如下(请注意,测试套件需要它的第一行):
code.php
<?php
/**
* Checks whether user was trying to bruteforce the login.
* Bruteforce is defined as 6 or more login attempts in last 2 hours from $now.
* Default for $now is current time.
*
* @param int $user_id ID of user in the DB
* @param mysqli $connection Result of calling `new mysqli`
* @param timestamp $now Base timestamp to count two hours from
* @return bool Whether the $user_id tried to bruteforce login or not.
*/
function wasTryingToBruteForce($user_id, $connection, $now)
{
if (!$now)
$now = time();
$two_hours_ago = $now - (2 * 60 * 60);
$since = date('Y-m-d H:i:s', $two_hours_ago); // Checking records of login attempts for last 2 hours
$stmt = $connection->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > ?");
if ($stmt) {
$stmt->bind_param('is', $user_id, $since);
// Execute the prepared query.
$stmt->execute();
$stmt->store_result();
// If there has been more than 5 failed logins
if ($stmt->num_rows > 5) {
return true;
} else {
return false;
}
}
}
对于我个人的口味,检查的这种方法是非常低效的,你可能真的想下面的查询:
select count(time)
from login_attempts
where
user_id=:user_id
and time between :two_hours_ago and :now
由于这是集成测试,它希望在它的数据库和FOLL工作访问MySQL实例亏欠的表中定义:
mysql> describe login_attempts;
+---------+------------------+------+-----+-------------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------+------------------+------+-----+-------------------+----------------+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| user_id | int(10) unsigned | YES | | NULL | |
| time | timestamp | NO | | CURRENT_TIMESTAMP | |
+---------+------------------+------+-----+-------------------+----------------+
3 rows in set (0.00 sec)
它给出的功能测试中的运作只是我个人的猜测,但我想你确实有这样的表。
在运行测试之前,您必须在tests.php
文件中的“SETUP”部分中配置DB*
常量。
随着成功,我的意思是管理设置测试。如果你要测试你会怎么做?我一直在寻找该页面,但无法将其应用于我的代码。 – user2354898
你的问题确实不够具体,但是当我开始设置单元测试时,我发现进入的障碍很困难,所以我试图帮助。您应该先阅读我发布的链接。 – dflash
PHPUnit将测试断言($ this-> assert ...),所以在我的示例中,我正在测试checkbrute的返回值是否为true。如果测试成功,则测试失败。有很多事情要说,这取决于你想要测试什么,这是不明确的。 – dflash