public function ContextualDynamicContextTest::testTokenProtection in Drupal 10
Same name and namespace in other branches
- 8 core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()
- 9 core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()
Tests the contextual placeholder content is protected by a token.
File
- core/
modules/ contextual/ tests/ src/ Functional/ ContextualDynamicContextTest.php, line 166
Class
- ContextualDynamicContextTest
- Tests if contextual links are showing on the front page depending on permissions.
Namespace
Drupal\Tests\contextual\FunctionalCode
public function testTokenProtection() {
$this
->drupalLogin($this->editorUser);
// Create a node that will have a contextual link.
$node1 = $this
->drupalCreateNode([
'type' => 'article',
'promote' => 1,
]);
// Now, on the front page, all article nodes should have contextual links
// placeholders, as should the view that contains them.
$id = 'node:node=' . $node1
->id() . ':changed=' . $node1
->getChangedTime() . '&langcode=en';
// Editor user: can access contextual links and can edit articles.
$this
->drupalGet('node');
$this
->assertContextualLinkPlaceHolder($id);
$http_client = $this
->getHttpClient();
$url = Url::fromRoute('contextual.render', [], [
'query' => [
'_format' => 'json',
'destination' => 'node',
],
])
->setAbsolute()
->toString();
$response = $http_client
->request('POST', $url, [
'cookies' => $this
->getSessionCookies(),
'form_params' => [
'ids' => [
$id,
],
'tokens' => [],
],
'http_errors' => FALSE,
]);
$this
->assertEquals('400', $response
->getStatusCode());
$this
->assertStringContainsString('No contextual ID tokens specified.', (string) $response
->getBody());
$response = $http_client
->request('POST', $url, [
'cookies' => $this
->getSessionCookies(),
'form_params' => [
'ids' => [
$id,
],
'tokens' => [
'wrong_token',
],
],
'http_errors' => FALSE,
]);
$this
->assertEquals('400', $response
->getStatusCode());
$this
->assertStringContainsString('Invalid contextual ID specified.', (string) $response
->getBody());
$response = $http_client
->request('POST', $url, [
'cookies' => $this
->getSessionCookies(),
'form_params' => [
'ids' => [
$id,
],
'tokens' => [
'wrong_key' => $this
->createContextualIdToken($id),
],
],
'http_errors' => FALSE,
]);
$this
->assertEquals('400', $response
->getStatusCode());
$this
->assertStringContainsString('Invalid contextual ID specified.', (string) $response
->getBody());
$response = $http_client
->request('POST', $url, [
'cookies' => $this
->getSessionCookies(),
'form_params' => [
'ids' => [
$id,
],
'tokens' => [
$this
->createContextualIdToken($id),
],
],
'http_errors' => FALSE,
]);
$this
->assertEquals('200', $response
->getStatusCode());
}