You are here

public function MenuLinkContentTest::testLinkOptionsSerialization in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/jsonapi/tests/src/Functional/MenuLinkContentTest.php \Drupal\Tests\jsonapi\Functional\MenuLinkContentTest::testLinkOptionsSerialization()
  2. 9 core/modules/jsonapi/tests/src/Functional/MenuLinkContentTest.php \Drupal\Tests\jsonapi\Functional\MenuLinkContentTest::testLinkOptionsSerialization()

Tests requests using a serialized field item property.

See also

https://security.drupal.org/node/161923

File

core/modules/jsonapi/tests/src/Functional/MenuLinkContentTest.php, line 196

Class

MenuLinkContentTest
JSON:API integration test for the "MenuLinkContent" content entity type.

Namespace

Drupal\Tests\jsonapi\Functional

Code

public function testLinkOptionsSerialization() {
  $this
    ->config('jsonapi.settings')
    ->set('read_only', FALSE)
    ->save(TRUE);
  $document = $this
    ->getPostDocument();
  $document['data']['attributes']['link']['options'] = "O:44:\"Symfony\\Component\\Process\\Pipes\\WindowsPipes\":8:{s:51:\"\\Symfony\\Component\\Process\\Pipes\\WindowsPipes\0files\";a:1:{i:0;s:3:\"foo\";}s:57:\"\0Symfony\\Component\\Process\\Pipes\\WindowsPipes\0fileHandles\";a:0:{}s:55:\"\0Symfony\\Component\\Process\\Pipes\\WindowsPipes\0readBytes\";a:2:{i:1;i:0;i:2;i:0;}s:59:\"\0Symfony\\Component\\Process\\Pipes\\WindowsPipes\0disableOutput\";b:0;s:5:\"pipes\";a:0:{}s:58:\"\0Symfony\\Component\\Process\\Pipes\\AbstractPipes\0inputBuffer\";s:0:\"\";s:52:\"\0Symfony\\Component\\Process\\Pipes\\AbstractPipes\0input\";N;s:54:\"\0Symfony\\Component\\Process\\Pipes\\AbstractPipes\0blocked\";b:1;}";
  $url = Url::fromRoute(sprintf('jsonapi.%s.collection.post', static::$resourceTypeName));
  $request_options = [];
  $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
  $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
  $request_options[RequestOptions::BODY] = Json::encode($document);
  $request_options = NestedArray::mergeDeep($request_options, $this
    ->getAuthenticationRequestOptions());

  // Ensure 403 when unauthorized.
  $response = $this
    ->request('POST', $url, $request_options);
  $reason = $this
    ->getExpectedUnauthorizedAccessMessage('POST');
  $this
    ->assertResourceErrorResponse(403, (string) $reason, $url, $response);
  $this
    ->setUpAuthorization('POST');

  // Ensure that an exception is thrown.
  $response = $this
    ->request('POST', $url, $request_options);
  $this
    ->assertResourceErrorResponse(500, (string) 'The generic FieldItemNormalizer cannot denormalize string values for "options" properties of the "link" field (field item class: Drupal\\link\\Plugin\\Field\\FieldType\\LinkItem).', $url, $response);

  // Create a menu link content entity without the serialized property.
  unset($document['data']['attributes']['link']['options']);
  $request_options[RequestOptions::BODY] = Json::encode($document);
  $response = $this
    ->request('POST', $url, $request_options);
  $document = Json::decode((string) $response
    ->getBody());
  $internal_id = $document['data']['attributes']['drupal_internal__id'];

  // Load the created menu item and add link options to it.
  $menu_link = MenuLinkContent::load($internal_id);
  $menu_link
    ->get('link')
    ->first()
    ->set('options', [
    'fragment' => 'test',
  ]);
  $menu_link
    ->save();

  // Fetch the link.
  unset($request_options[RequestOptions::BODY]);
  $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), [
    'entity' => $document['data']['id'],
  ]);
  $response = $this
    ->request('GET', $url, $request_options);
  $response_body = (string) $response
    ->getBody();

  // Ensure that the entity can be updated using a response document.
  $request_options[RequestOptions::BODY] = $response_body;
  $response = $this
    ->request('PATCH', $url, $request_options);
  $this
    ->assertResourceResponse(200, Json::decode($response_body), $response);
}