Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Testing Model under CGI-based validation

by jest (Pilgrim)
on Dec 08, 2003 at 16:35 UTC ( #313134=perlquestion: print w/replies, xml ) Need Help??

jest has asked for the wisdom of the Perl Monks concerning the following question:

I am finally making an effort to do some serious testing of my applications, and, starting with advice given to me here, began to try writing tests for my basic modules.

Part of my setup includes ensuring that a user is logged in, a process which involves setting a CGI cookie holding the value of a server-side session ID that contains info on the user's access level, etc., held in a database. I had had some difficulty with part of this, as discussed in my thread OO: Leaving a constructor midway?; I ultimately "solved" it, if solve it I did, by handling the login and validation in a subclass and leaving the actual blessing in a superclass.

In that node, pdcawley warned about the difficulty of testing this, and it is now coming true. In order for me to test the module I need to be accessing over the Web. I am also writing tests using WWW::Mechanize, but I want to be able to test the module on its own. Yet doing this would require (a) a CGI-held cookie holding (b) an existing session and (c) the ability to fake this from a test script. My login code, for example, looks roughly like this:

# look for cookie containing session ID and read the # corresponding session record; expire session automatically # if it's too old if (defined($sess_id = CGI::cookie($self->{cookie_name}))) { $sess_ref = WebDB::Session->open_with_expiration($self->{config},u +ndef,$sess_id); } $self->{sess_ref} = $sess_ref; # store session reference in $self # bounce user to login page if not currently logged in if (!defined($self->{sess_ref})) { print CGI::redirect(-uri=>$self->{bounce_uri}); exit(0); }

Suggestions to change the way the module validates users would seem to be off the mark, because I do need to validate them, and I thus need to test that. And it's not possible to skip the validation, even for testing purposes, because this module requires having a bunch of info that needs to come from the session.

I'd be grateful for any thoughts wiser monks have.

Replies are listed 'Best First'.
Re: Testing Model under CGI-based validation
by hardburn (Abbot) on Dec 08, 2003 at 17:18 UTC
    <plug type="shameless">

    If you're using HTML::Template already, you can use HTML::Template::Dumper to get a hash containing any variables in your template. This would allow you to use WWW::Mechanize or LWP::UserAgent to send the necessary login information with your CGI in test mode. Then just deserialize the hash based on the data you get back and check the values against what you were expecting to get back.


    I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
    -- Schemer

    : () { :|:& };:

    Note: All code is untested, unless otherwise stated

Re: Testing Model under CGI-based validation
by adrianh (Chancellor) on Dec 08, 2003 at 18:24 UTC

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://313134]
Approved by Grygonos
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (2)
As of 2022-01-18 01:12 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (52 votes). Check out past polls.