public function StyleSerializerTest::testRestViewsAuthentication in Drupal 9
Same name and namespace in other branches
- 8 core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()
Checks that the auth options restricts access to a REST views display.
File
- core/
modules/ rest/ tests/ src/ Functional/ Views/ StyleSerializerTest.php, line 99
Class
- StyleSerializerTest
- Tests the serializer style plugin.
Namespace
Drupal\Tests\rest\Functional\ViewsCode
public function testRestViewsAuthentication() {
// Assume the view is hidden behind a permission.
$this
->drupalGet('test/serialize/auth_with_perm', [
'query' => [
'_format' => 'json',
],
]);
$this
->assertSession()
->statusCodeEquals(401);
// Not even logging in would make it possible to see the view, because then
// we are denied based on authentication method (cookie).
$this
->drupalLogin($this->adminUser);
$this
->drupalGet('test/serialize/auth_with_perm', [
'query' => [
'_format' => 'json',
],
]);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalLogout();
// But if we use the basic auth authentication strategy, we should be able
// to see the page.
$url = $this
->buildUrl('test/serialize/auth_with_perm');
$response = \Drupal::httpClient()
->get($url, [
'auth' => [
$this->adminUser
->getAccountName(),
$this->adminUser->pass_raw,
],
'query' => [
'_format' => 'json',
],
]);
// Ensure that any changes to variables in the other thread are picked up.
$this
->refreshVariables();
$this
->assertSession()
->statusCodeEquals(200);
}