You are here

public function StyleSerializerTest::testRestViewsAuthentication in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()
  2. 9 core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()

Checks that the auth options restricts access to a REST views display.

File

core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php, line 95

Class

StyleSerializerTest
Tests the serializer style plugin.

Namespace

Drupal\Tests\rest\Functional\Views

Code

public function testRestViewsAuthentication() {

  // Assume the view is hidden behind a permission.
  $this
    ->drupalGet('test/serialize/auth_with_perm', [
    'query' => [
      '_format' => 'json',
    ],
  ]);
  $this
    ->assertSession()
    ->statusCodeEquals(401);

  // Not even logging in would make it possible to see the view, because then
  // we are denied based on authentication method (cookie).
  $this
    ->drupalLogin($this->adminUser);
  $this
    ->drupalGet('test/serialize/auth_with_perm', [
    'query' => [
      '_format' => 'json',
    ],
  ]);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalLogout();

  // But if we use the basic auth authentication strategy, we should be able
  // to see the page.
  $url = $this
    ->buildUrl('test/serialize/auth_with_perm');
  $response = \Drupal::httpClient()
    ->get($url, [
    'auth' => [
      $this->adminUser
        ->getAccountName(),
      $this->adminUser->pass_raw,
    ],
    'query' => [
      '_format' => 'json',
    ],
  ]);

  // Ensure that any changes to variables in the other thread are picked up.
  $this
    ->refreshVariables();
  $this
    ->assertSession()
    ->statusCodeEquals(200);
}