You are here

protected function CookieResourceTestTrait::assertResponseWhenMissingAuthentication in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php \Drupal\Tests\rest\Functional\CookieResourceTestTrait::assertResponseWhenMissingAuthentication()

File

core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php, line 94

Class

CookieResourceTestTrait
Trait for ResourceTestBase subclasses testing $auth=cookie.

Namespace

Drupal\Tests\rest\Functional

Code

protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {

  // Requests needing cookie authentication but missing it results in a 403
  // response. The cookie authentication mechanism sets no response message.
  // Hence, effectively, this is just the 403 response that one gets as the
  // anonymous user trying to access a certain REST resource.
  // @see \Drupal\user\Authentication\Provider\Cookie
  // @todo https://www.drupal.org/node/2847623
  if ($method === 'GET') {
    $expected_cookie_403_cacheability = $this
      ->getExpectedUnauthorizedAccessCacheability()
      ->addCacheableDependency($this
      ->getExpectedUnauthorizedEntityAccessCacheability(FALSE));

    // - \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber applies
    //   to cacheable anonymous responses: it updates their cacheability.
    // - A 403 response to a GET request is cacheable.
    // Therefore we must update our cacheability expectations accordingly.
    if (in_array('user.permissions', $expected_cookie_403_cacheability
      ->getCacheContexts(), TRUE)) {
      $expected_cookie_403_cacheability
        ->addCacheTags([
        'config:user.role.anonymous',
      ]);
    }

    // @todo Fix \Drupal\block\BlockAccessControlHandler::mergeCacheabilityFromConditions() in https://www.drupal.org/node/2867881
    if (static::$entityTypeId === 'block') {
      $expected_cookie_403_cacheability
        ->setCacheTags(str_replace('user:2', 'user:0', $expected_cookie_403_cacheability
        ->getCacheTags()));
    }
    $this
      ->assertResourceErrorResponse(403, FALSE, $response, $expected_cookie_403_cacheability
      ->getCacheTags(), $expected_cookie_403_cacheability
      ->getCacheContexts(), 'MISS', FALSE);
  }
  else {
    $this
      ->assertResourceErrorResponse(403, FALSE, $response);
  }
}