trait BasicAuthResourceTestTrait in Drupal 10
Same name and namespace in other branches
- 8 core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php \Drupal\Tests\rest\Functional\BasicAuthResourceTestTrait
- 9 core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php \Drupal\Tests\rest\Functional\BasicAuthResourceTestTrait
Trait for ResourceTestBase subclasses testing $auth=basic_auth.
Characteristics:
- Every request must send an Authorization header.
- When accessing a URI that requires authentication without being authenticated, a 401 response must be sent.
- Because every request must send an authorization, there is no danger of CSRF attacks.
Hierarchy
- trait \Drupal\Tests\rest\Functional\BasicAuthResourceTestTrait
100 files declare their use of BasicAuthResourceTestTrait
- ActionJsonBasicAuthTest.php in core/
modules/ system/ tests/ src/ Functional/ Rest/ ActionJsonBasicAuthTest.php - ActionXmlBasicAuthTest.php in core/
modules/ system/ tests/ src/ Functional/ Rest/ ActionXmlBasicAuthTest.php - BaseFieldOverrideJsonBasicAuthTest.php in core/
tests/ Drupal/ FunctionalTests/ Rest/ BaseFieldOverrideJsonBasicAuthTest.php - BaseFieldOverrideXmlBasicAuthTest.php in core/
tests/ Drupal/ FunctionalTests/ Rest/ BaseFieldOverrideXmlBasicAuthTest.php - BlockContentJsonBasicAuthTest.php in core/
modules/ block_content/ tests/ src/ Functional/ Rest/ BlockContentJsonBasicAuthTest.php
File
- core/
modules/ rest/ tests/ src/ Functional/ BasicAuthResourceTestTrait.php, line 18
Namespace
Drupal\Tests\rest\FunctionalView source
trait BasicAuthResourceTestTrait {
/**
* {@inheritdoc}
*/
protected function getAuthenticationRequestOptions($method) {
return [
'headers' => [
'Authorization' => 'Basic ' . base64_encode($this->account->name->value . ':' . $this->account->passRaw),
],
];
}
/**
* {@inheritdoc}
*/
protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
if ($method !== 'GET') {
return $this
->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response);
}
$expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE;
$expected_cacheability = $this
->getExpectedUnauthorizedAccessCacheability()
->addCacheableDependency($this
->getExpectedUnauthorizedEntityAccessCacheability(FALSE))
->addCacheableDependency($this
->config('system.site'))
->addCacheTags([
'config:user.role.anonymous',
]);
// Only add the 'user.roles:anonymous' cache context if its parent cache
// context is not already present.
if (!in_array('user.roles', $expected_cacheability
->getCacheContexts(), TRUE)) {
$expected_cacheability
->addCacheContexts([
'user.roles:anonymous',
]);
}
$this
->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response, $expected_cacheability
->getCacheTags(), $expected_cacheability
->getCacheContexts(), $expected_page_cache_header_value, FALSE);
}
/**
* {@inheritdoc}
*/
protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
}
}