perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: cvs commit: modperl-2.0/t/hooks/TestHooks authen_digest.pm
Date Mon, 09 Aug 2004 19:58:18 GMT
Geoffrey Young wrote:
>>>the only apache API we have access to is $r->note_digest_auth_failure,
>>>which
>>>has the job of setting a proper WWW-Authenticate header.  the current
>>>tests
>>>only really test this by accident, relying on LWP's Digest
>>>implementation to
>>> handle the header appropriately.
>>
>>
>>right, that's exactly the purpose of this test: test
>>$r->note_digest_auth_failure, no more and no less. So no accidents here.
> 
> 
> but see, you're doing lots more and a bit less.  the test specifically tests
> for two things: that a known bad user/pass (and none at all) gets 401 and
> that a known user/pass gets 200.
> 
> in the first case you're not testing $r->note_digest_auth_failure at all -
> the 401 is simply the result of the handler return value, and removing
> $r->note_digest_auth_failure would have the same effect.
> 
> now, the second case is testing $r->note_digest_auth_failure but indirectly
> - you're not looking at what $r->note_digest_auth_failure does, but rather
> assuming that LWP is handling the overall challenge/response dialogue
> correctly.  now, we rely on LWP all the time, so that's not really the issue
> I'm trying to argue.  I'm only saying that if you look internally at what
> $r->note_digest_auth_failure is doing you're not testing that code
> specifically, you're only testing the effects of it.  contrast this with the
> recent C-L tests, where we pull out the C-L header specifically since it's
> the behavior of $r->set_content_length (and other things) we're interested in.
> 
> yeah, ok, this is all a bit academic - there's nothing really wrong with the
> tests as they stand.  I'm just trying to illustrate a point, really :)

Understood. Well, that the test is not doing what I thought it does. 
Since I didn't look at the internals of $r->note_digest_auth_failure. So 
you're correct.

>>Feel free to improve it, as long as $r->note_digest_auth_failure is tested.
> 
> 
> I would alter it as I've suggested, ripping out the bulk of your weekend
> labors :)

Be my guest. +1 to remove all the code that isn't helping to test 
$r->note_digest_auth_failure.


-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message