Implementing TDD with Rhino Mocks

In Testing: What are Mock objects and why do we need them?

When implementing unit test you might encounter a common problem: the object you want to unit-test can only exist in conjunction with other objects, and to build these objects (a.k.a. dependencies) you might need to go through a different algorithm that is outside of your scope. If you decide to go ahead and create these dependencies in the standard manner your unit test might turn gradually into an “integration test”.  Mock objects provide a workaround for such cases by making unit test maintainable and readable. The power of mock objects is that you have a reflection of the methods that mocked objects receive, so for example you can write testing code that verifies that a method on one object is only called after a method on another object has been called.

What is Rhino Mocks

Rhino Mocks helps you create stubs for objects in your code that you can use to simulate various situations. This is useful for skipping a long process that will result in creating a full instance of the object you want to mock.

Rhino Mocks belongs to a family of APIs called “Mock Object Frameworks”.  Similar APIs include: NMock, EasyMock.NET, TypeMock Isolator, Moq, NSubstitute, JustMock, FakeItEasy, Microsoft Fakes (formerly Moles, included with VS 2012 Ultimate)

 There is a very useful free e-book about RhinoMocks here

RhinoMocks concepts

The following concepts are the building blocks behind RhinoMocks:

Mock Object

An object that pretends to be another object and allows you to set expectations on its 
interactions with another object.

Difference between Mock object & Stub

The main difference is that a mock is an object you can set expectations on. You can still setup expectations on the stub object, but those expectations will never be verified. So a mock is a more involved type of stubs where you have a mechanism to ensure a certain sequence of function calls happened. For example, i.e. the mock framework provides you with a monitor on the messages (methods) that the mocked object receives. If you just want to pass a value to make you code act in a certain way, you can use a stub. Both types of objects are provided by the RhinoMocks framework as you can see in the examples below.

State-based testing (a.k.a. AAA model – Arrange, Act, Assert)

Initiate an action and then check that the expected results (return value, property, created object, etc…) are maintained.  More on this in the “RhinoMocks AAA model” section below.

Expectation

Validation that a particular method call is the expected step.

Ordering

The API should be able to specify that replaying a sequence of method calls will happen in a specific order

Record & Replay model: (a.k.a Interaction-based testing)

In the testing model used for earlier version of RhinoMocks. It basically says that there are two semantic units in your test code: Record and Replay. This is illustrated in the RhinoMocks Basic Usage section.

RhinoMocks Basic Usage

 1.       Create a mock repository

MockRepository mocks = new MockRepository();

This is the mock objects factory. It is used to create mock objects

2.       Instantiate a mock object using the repository

ISomeInterface robot = mocks.CreateMock<ISomeInterface>();

3.       “Record” the methods you expect to be called on the mock object

// this method has a return type, so wrap it with Expect.Call Expect.Call(robot.SendCommand("Wake Up")).Return("Groan"); // this method has void return type, so simply call it robot.Poke(); // when no return type, any extra information about the method call // is provided immediately after via static methods on LastCall LastCall.On(robot).Repeat.Twice(); //Set the mock object to a "Replay" state where, as called, it will replay the operations just recorded. mocks.ReplayAll();

The first line above tells the framework that the client code should invoke SendCommand(“Wake Up”) on the mock object, which should return the string “Groan”, while the second line tells the framework that the client code should invoke the method Poke() on the mock object. The parameters we send to the Mock object and the return values are part of the test.

4.       Now that you have recorded the call sequence that should be implemented inside the client method call, invoke this client method call and verify that these interactions with the mock object take place. This is the “Replay” part

theButler.GetRobotReady(); //Check that all calls were made to the mock object. mocks.VerifyAll();

RhinoMocks AAA model

The AAA (Arrange, Act, Assert) is a new syntax standardization that was released starting with Rhino Mocks 3.5. In this test model you arrange the state, then execute the code given the state, and then assert that the expected state change has happened.

Here is an example that illustrates AAA from the official blog:
Let’s say this is the class that we want to test (i.e. the client code that interacts with the mock object)

public class LoginController {     private readonly IUserRepository repository;     private readonly INotificationSender sender;     public LoginController(IUserRepository repository, INotificationSender sender)     {         this.repository = repository;         this.sender = sender;     }     public void ForgotMyPassword(int userId)     {         User user = repository.GetUserById(userId);         sender.Send("Changed password for " + user.Name);     } }

Now this is the test for the method ForgotMyPassword(), mocking the INotificationSender object:

public void TestForgotMyPassword() {     var userRepository = MockRepository.GenerateStub<IUserRepository>();     var notificationSender = MockRepository.GenerateMock<INotificationSender>();     userRepository.Stub(x => x.GetUserById(5)).Return(new User { Id = 5, Name = "ayende" });     notificationSender.Expect(x => x.Send(null)).Constraints(Text.StartsWith("Changed"));     new LoginController(userRepository, notificationSender).ForgotMyPassword(5);     notificationSender.VerifyAllExpectations(); }

Notice that for the other object we interact with (IUserRepository), we only used the Stub() method for it and not a mock methods like Expect(). This means we are not interested in monitoring what calls are sent to it, we only care that this object would have the properties specified in the stub we created in the test. While for the INotificationSender object we need to make sure that the method Send() is invoked on it, with a string that begins with “Changed”.

More is available about the difference between the Expect() and Stub() methods here.

This is another test that uses a syntax that is more readable (a lambda expression for the Send() method parameters):

public void WhenUserForgetPasswordWillSendNotification_WithArgMatchingInTheLambda() {     var userRepository = MockRepository.GenerateStub<IUserRepository>();     var notificationSender = MockRepository.GenerateStub<INotificationSender>();     userRepository.Stub(x => x.GetUserById(5)).Return(new User { Id = 5, Name = "ayende" });     new LoginController(userRepository, notificationSender).ForgotMyPassword(5);     notificationSender.AssertWasCalled(x =>         x.Send(Arg<string>.Matches(s => s.StartsWith("Changed")))); }

The syntax above explicitly states that the call to Send() receives a string parameter that starts with “Changed”.

More tests can be found here. What can be seen in the couple of tests above is that we set the state first (the user with Id = 5), and then we do the action ForgotMyPassword() with Id 5; and finally we Assert the methods that return a stub and send a notification are called.

Creating a DBGeometry Object using Entity Framework and MVC4 API

What is DBGeometry and how is it different from DBGeography?

The two data types sys.geography and sys.geometry are new types introduced in Sql Server 2008. They form a family of data types labeled “Spatial” types. These types represent information that is used for mapping applications. The difference between the two types is that sys.geometry represents a planar surface while sys.geography represents an elliptical surface, where the ellipsis is the surface of planet Earth. These types are commonly used for performing geospatial calculations. An example of a geospatial calculation is to compute the distance between two cities or calculating the area of a state.

Spatial data in T-Sql

This example updates the branch Address to a new geography value using the STGeomFromText static geography method.  The first argument is the GPS latitude and longitude coordinates while the second is SRID (Spatial Reference ID). The SRID is needed for geography objects because you have to refer to a specific curvature (in this case the SRID 4326 refers to the curvature of the earth).

Note that there is a method with the same name for geometry objects as follows:

In this case the SRID parameter is passed as 0 because this info is not needed for planar information.

You can find out more on how you can correctly instantiate variables of these two types in MS-Sql here.

Spatial data in .NET

When Spatial types were first introduced in Sql Server, there was no native support for them in the .NET types. The workaround for this was to use open source projects like SharpMap. Beginning from .NET 4.5, Microsoft introduced two new types to represent those sql type: DbGeometry and DbGeography.

The thing to notice about these types is that they provide no default constructor and that they can be instantiated only with static methods like FromText() and FromGml(). The following example instantiates a geography object based on two float values (submitted.Long and submitted.Lat) that are float properties of a custom class that holds map info like Longitude and Latitude.  

Since they have no default constructor and cannot be updated once they are instantiated, Spatial types are labeled as immutable. The only way to update the value of an immutable object is to override it with a new value. This is an example that demonstrates the idea of immutable objects:

Note that the string that is used for creating spatial data must follow the standard called  WKT (Well Known Text)

What is MVC 4 API?

MVC (Model-View-Controller) web API is a framework that simplifies building websites that provide RESTful services. The idea is to make the site as lightweight as possible by providing the core information in a request- response format on top of which you can build web apps, desktop apps, or mobile clients by only changing the interface to your core functions (or “Actions” as they are referred to in the MVC naming convention). To have an idea why ASP.NET MVC is being introduced as the replacement for the existing ASP.NET, you can check this article: it lists the following problems with ASP.NET: unit testing is not straightforward with code-behind and separation of code and UI is not really implemented in it.

ASP.NET MVC provides a project template named “Web API” where this behavior is required from the application (i.e. making its I/O happen through the HTTP verbs GET and POST).

What is Entity Framework?

Entity Framework is an API that facilitates accessing data objects from the database (or other data store) from inside your application. Entity Data Model is the standard used to describe data objects that is implemented by Entity Framework. The ADO website describes EF as the preferred Object Relational Mapping in any new project.

EF components

The Entity Framework consists of three main components:

Conceptual Model: defined in a CSDL (Conceptual Schema Definition Language) file

Storage Model:  defined in a SSDL (Storage Schema Definition Language) file

Mapping: this is the mapping between the Conceptual Model and the Storage Model, defined in a MSL (Mapping Specification Language) file.

These three files are used by Linq to Entities to query entity types that are defined in a conceptual model.

More low-level details about Entity Framework is available here and here, and trough this portal you can find tutorials and samples.

EF Development Approaches

The following development approaches have been defined by the community as the standard approaches to using EF in your project:

Database First: You can use EF to reverse-engineer an existing database and generate code that presents the database objects you have in the database in an easily accessible coding interface.

Model First: This approach is used when there is no database available when beginning the project. You can create a model using the EF designer and when the model is finalized you can use the EF designer to generate DDL statements to create the database in Sql Server

Code First (a.k.a. Code Only): In this approach you can use your own classes and properties without having to create an .edmx file.

This is a sample of a data model not generated by the designer (including a DbGeography object):

What is the link between MVC and Entity Framework?

MVC was designed with Entity Framework as its preferred ORM (Object Relational Mapping) method. As you can see in the Add Controller dialog shown below,  Entity Framework is the default ORM (Object-relational mapping) framework used with MVC.

How does the Entity Framework support spatial objects?

Beginning from Entity Framework 5, Entity Data Model introduced two new primitive types to represent spatial objects: Geometry and Geography, and associated them with the new CLR types DBGeometry and DBGeography mentioned above.

This means that in CSDL (Conceptual Model) and SSDL (Storage Model) we now have the following types:

Now since Entity Framework supports spatial types natively, it is very easy to write a method like this one:

Where Model1Container is an entity framework model for a database that has a table called Store with a spatial column called Location. The Distance() method returns meters, according to this discussion.

You can also find a very nice video introduction about EF support for Spatial types here.

Finally this tutorial will provide you a hands-on sample for creating a custom database context class that maps to a sql table containing a spatial data field and does the basic data access operations on it.

Blocking CSRF attacks using MVC AntiForgery

Recently I came across a client request that related to his web-site being a soft target for XSS attacks and the client was completely devastated by the frequency of the site being hijacked and brought down so much so that he decided to give up on the ASP.NET framework development having (mis)heard that it is more prone to being attacked due to the vulnerabilities in the framework.

I beg to differ.

The ASP.NET framework is not only the most robust of a lot but also gives the developers incredible tools and techniques to not just avert specialized XSS/CSRF attacks but also DOS and DDOS attacks targetting web-farms/web-gardens.

Fact of the matter is, that it is not the framework but bad programming and not enough knowledge with the right tools and techniques to leverage in order to to tackle CSRF and XSS attacks that is to be blamed.

I here by explain the solution I implemented which not only helped the client re-instate his faith in Microsoft in general but also keep a close watch on the code being written and getting it frequently audited for security vulnerabilities by specialists with the domain of web-site security.

CSRF (cross-site request forgery, a.k.a. Session riding) is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.

This attack exploits the vulnerability that happens because web browsers use the user’s authentication info (user's session cookie, basic auth. credentials, IP address, Windows domain credentials, etc.) automatically for all future requests once the user has been authenticated. The site is unable to distinguish between requests originating from user actions on the site and those originating from the malicious link which the user clicked while his session cookie is valid.

The way the malicious link is constructed is explained here. Another paper describes how an e-mail with a malicious IMG tag was sent to victims. By viewing the email message, the user initiated an HTTP request, which sent a router command to change the DNS entry of a leading Mexican bank, making any subsequent access by a user to the bank go through the attacker's server.

A more detailed description of how this attack can happen in ASP.NET MVC applications is described here.

Official Solution: AntiForgery Token Helper:

ASP.NET MVC provides the API AntiForgeryToken to solve this issue. 

This is based on the solution to put a user-specific token as a hidden field on legitimate forms, thus preventing malicious forms or links to simulate a valid form post because they cannot possibly know this token.

To implement it in your MVC application you need to follow these steps:

1. Add the call to AntiForgeryToken() html extension in your form:

 The output generated will be like:

This will generate a cookie name __RequestVerificationToken on the visitor’s computer with the same random value in the hidden field above.

You can pass a parameter (named the “salt”) to the call to Html.AntiForgeryToken() that will be used to avoid having the same token across all parts of the application, in case the attacker manages to know the token value in a part of the application.

2. Filter the action method with the ValidateAntiForgeryToken attribute:

Adding the salt it would be like:

Problem with this approach:

This approach is limited to sites that use webforms and not REST services that use JSON requests. For the case where an ajax call is placed in a form it can be done using a javascript function that assigns the __RequestVerificationToken value before submitting the post request, as described here. The problem really happens when there is no interface developed for the site (i.e. REST services, a.k.a. JSON-based payloads).

Adjustment for JSON calls in MVC sites:

Two approaches exist for JSON-only inputs:

1. Since [ValidateAntiForgeryToken] only works with form-based payloads, it will raise an exception for JSON-based payloads. Sergey Barsky’s article describes how he implemented his own attribute to overcome this problem and he named it [MyValidateAntiForgeryToken]. It is simply an overload of the original attribute that takes into account the case when the content type is JSON and retrieves the variable with the standard name (__RequestVerificationToken) from the cookies collection and validates it against a value with the same name coming from the JSON object itself. The default behavior does the same algorithm except that it compares the value coming from the HTML hidden field with the value coming from the cookies. The last part of this article describes how he added this value to the knockout view model. This is specific to his case but in general you would design your JSON request to include a field with the name (__RequestVerificationToken).

2. Another approach described by Justin Etheredge here. Instead of putting the verification token as a variable inside the JSON payload like the approach above, Justin decided to inject the token inside the AJAX headers. He uses the JQuery feature called prefilters, where a prefilter is a callback function that is called before each request is sent, and prior to any $.ajax() option handling. This is the syntax:

He first creates an overload of the standard html extension @Html.AntiForgeryToken() and names it @Html.AjaxAntiForgeryToken().

Then this is how he injects the token using the prefilter feature:

He uses the method setRequestHeader of the jqXHR object, described here. jqXHR is a superset of the XMLHttpRequest object that results from an ajax call which provides more control and gives more info than the standard object.

Finally he also overloads the standard attribute [ValidateAntiForgeryToken] by changing only one line from:

Now you are using the JQuery environment itself to make sure the token is appended to the call.

Conclusion

This article described what a CSRF attack is and how it is prevented in an ASP.NET MVC application that has forms, and also various options for writing custom code that to make sure it is validated against for the case of a JSON payload that does not depend on forms.