Suggestions for testing an HttpModule

Hi,
It really depends on the project.
I would build the mock framework slowly.
i.e. start with the first test scenario, and see what you have to mock there, and slowly build on that. Adding fakes when needed.
If you can post a small test scenario, we can help from there.

Well, one scenario that we will need to test is receiving an xml token that will be posted to our site. This token will enable SSO (single sign-on) and could be in one of two states.

The first state will be an encrypted "request" token, meaning the portal site has passed us a token. The secondary state would be a decrypted token. What this means is that we've received the encrypted request token and then posted that token back to an authentication server. Once approved at the authentication server, a fully decrypted "response" token will be received.

There is also a state that would be in affect after the response token has been received. Assuming all is well with the response token, a session (of some kind) will be created for the user to persist various details about the current user.

The final step in this process will be to determine if the active user is authorized to view the requested content. This will be done by comparing information from the response token with the requested pages security.

We are envisioning a series of HttpModule's that sit and monitor the http pipeline looking for the token in both of it's states and acting as required. There will also be something monitoring for active users.

Kyle Heon
http://www.kyleheon.com

There are quite a few things that you are creating and verifying here.
1. That the wiring is working.
Here you can either use an 'integration test' and run the ASP
or expect the event to be registered and fire them to see that the wiring works (See Events)
2. That the event method is working.
In this case you can either fire the event, or call the event directly but you will have to mock the HttpApplication and HttpContext to return the desired results. Using Chained Natural Mocks is the way to go here.

example
suppose your code looks like this:

public class SecurityHttpModule : IHttpModule    
{
    public void Dispose() {}

    public void Init(HttpApplication application)
    {
        application.BeginRequest += new EventHandler(application_BeginRequest);
    }

    void application_BeginRequest(object source, EventArgs e)
    {
        HttpApplication application = (HttpApplication) source;
        HttpContext context = application.Context;
        // get the user, populate the Thread.CurrentUser…
        HttpCookie cookie = context.Request.Cookies.Get("CookieName");
        if (!cookie.Secure)
        {
            // do something...
        }
    }
}

Here are some tests

[Test]
[VerifyMocks]
public void TestThatEventsAreWiredUpCorrectly()
{
    SecurityHttpModule underTest = new SecurityHttpModule();
    HttpApplication application = new HttpApplication(); 
    // Record Mocks - make sure that the event is registered
    using (RecordExpectations recorder = RecorderManager.StartRecording())
    {
        application.BeginRequest += null;
    }

    underTest.Init(application);
    // this is verified using the VerifyMocks decorator
}

[Test]
[VerifyMocks]
public void FireEventsWithCookieSet()
{
    SecurityHttpModule underTest = new SecurityHttpModule();
    HttpApplication application = new HttpApplication(); 
    MockedEvent beginRequestHandle;
    // Record Mocks
    using (RecordExpectations recorder = RecorderManager.StartRecording())
    {
        // mock the event registration
        application.BeginRequest += null;
        beginRequestHandle = RecorderManager.LastMockedEvent;

        // mock secure cookie
        HttpCookie mockedCookie = application.Context.Request.Cookies.Get("CookieName");
        recorder.CheckArguments(); // make sure that we request the correct cookie
        recorder.ExpectAndReturn(mockedCookie.Secure, true);
        
    }

    underTest.Init(application);
    // fire a new request
    beginRequestHandle.Fire(application, EventArgs.Empty);
    // test that is behaves normally
}

Scott,

Many thanks for your help here. The sample code provided has been wonderful. I've been playing around w/Typemock most of today to get a feel for how to use it.

I'm struggling with how to do assertions outside of the recorder block. Specifically here:

beginRequestHandle.Fire(application, EventArgs.Empty);
// test that is behaves normally

Maybe I'm missing the point of mocking. What exactly would I test?

From what I'm finding is that when you use the recorder block you have to basically outline everything that should happen and if you don't the test(s) fail. I also saw that you can tell the recorder to ignore certain functionality.

Is this true? Am I understanding things correctly?

Hi,
You understand correctly. What ever is in the recorder will be expected and faked in the tested code, this allows you to isolate the piece of code and test it.
You have a lot of control over what you expect to happen and what to fake,
You can expect a method to be called a specific amount of time, with specific arguments etc etc...

The second example is quite advanced, it will allow you to fake an event, so if you register to an event, you can isolate you code from the component that fires your event and fake firing it.

Suppose application_BeginRequest failed if the cookie was not secure, the test can then fire the event and verify that an exception was thrown.

The application might call some error message mechanism, you can then make sure that is was called by parsing the html page or [using another mock] by expecting the error mechanism to be called