trait AnonResourceTestTrait in Drupal 8

Trait for ResourceTestBase subclasses testing $auth=NULL, i.e. authless/anon.

Characteristics:

• When no authentication provider is being used, there also cannot be any particular error response for missing authentication, since by definition there is not any authentication.
• For the same reason, there are no authentication edge cases to test.
• Because no authentication is required, this is vulnerable to CSRF attacks by design. Hence a REST resource should probably only allow for anonymous for safe (GET/HEAD) HTTP methods, and only with extreme care should unsafe (POST/PATCH/DELETE) HTTP methods be allowed for a REST resource that allows anonymous access.

Hierarchy

File

core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php, line 22

Namespace

trait AnonResourceTestTrait {

  /**
   * {@inheritdoc}
   */
  protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
    throw new \LogicException('When testing for anonymous users, authentication cannot be missing.');
  }

  /**
   * {@inheritdoc}
   */
  protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
  }

}

Members

Name contains

Name does not contain

Type

Name	Modifiers	Type	Description	Overrides
AnonResourceTestTrait::assertAuthenticationEdgeCases	protected	function
AnonResourceTestTrait::assertResponseWhenMissingAuthentication	protected	function