Due to the static nature of the current framework version, it is very difficult to unit test, as you can't really mock a lot of components.
The best thing you can do is adopt a thin controller - fat model design, and make sure your model methods are testable.
You don't really unit test using curl, if you do HTTP requests, you're doing functional tests. The cURL commandline tools have full cookie support, so the token should be present.
thanks for the response. I also tried invoking the controller ( not via curl but via request::forge()->set_method('post') ) it triggered my controller without checking the csrf token, but i have encountered a problem
1. there are no way to send parameters via request -> i saw in the documentation that i can send object in execute($object) but this will just popupate the URI params -> i can declare $_POST[]/$_GET params in the test codes and able to get the input::post()/get() params but i cant find a way to declare a json params
( parameters get via Input::json() )
2. this will bypass my core ( low prio base on harro statement ) i posted my issue in SO ( according to your response it hard to test with csrf )
If with parameters you mean GET or POST variables, then yes, due to the static nature of the Input class, there is only one global instance. So you can't use Request::forge() for this. Input::json() directly reads from php://input, so that can't be mocked either.
Inproving testability is one of the major issues Fuel v2 is going to rectify.
Donate
