class CsrfAccessCheckTest in Drupal 10
Same name and namespace in other branches
- 8 core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest
- 9 core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest
@coversDefaultClass \Drupal\Core\Access\CsrfAccessCheck @group Access
Hierarchy
- class \Drupal\Tests\UnitTestCase extends \PHPUnit\Framework\TestCase uses \Drupal\Tests\PhpUnitCompatibilityTrait, \Symfony\Bridge\PhpUnit\ExpectDeprecationTrait, PhpUnitWarnings
- class \Drupal\Tests\Core\Access\CsrfAccessCheckTest
Expanded class hierarchy of CsrfAccessCheckTest
File
- core/
tests/ Drupal/ Tests/ Core/ Access/ CsrfAccessCheckTest.php, line 15
Namespace
Drupal\Tests\Core\AccessView source
class CsrfAccessCheckTest extends UnitTestCase {
/**
* The mock CSRF token generator.
*
* @var \Drupal\Core\Access\CsrfTokenGenerator|\PHPUnit\Framework\MockObject\MockObject
*/
protected $csrfToken;
/**
* The access checker.
*
* @var \Drupal\Core\Access\CsrfAccessCheck
*/
protected $accessCheck;
/**
* The mock route match.
*
* @var \Drupal\Core\RouteMatch\RouteMatchInterface|\PHPUnit\Framework\MockObject\MockObject
*/
protected $routeMatch;
protected function setUp() : void {
$this->csrfToken = $this
->getMockBuilder('Drupal\\Core\\Access\\CsrfTokenGenerator')
->disableOriginalConstructor()
->getMock();
$this->routeMatch = $this
->createMock('Drupal\\Core\\Routing\\RouteMatchInterface');
$this->accessCheck = new CsrfAccessCheck($this->csrfToken);
}
/**
* Tests the access() method with a valid token.
*/
public function testAccessTokenPass() {
$this->csrfToken
->expects($this
->once())
->method('validate')
->with('test_query', 'test-path/42')
->will($this
->returnValue(TRUE));
$this->routeMatch
->expects($this
->once())
->method('getRawParameters')
->will($this
->returnValue([
'node' => 42,
]));
$route = new Route('/test-path/{node}', [], [
'_csrf_token' => 'TRUE',
]);
$request = Request::create('/test-path/42?token=test_query');
$this
->assertEquals(AccessResult::allowed()
->setCacheMaxAge(0), $this->accessCheck
->access($route, $request, $this->routeMatch));
}
/**
* @covers ::access
*/
public function testCsrfTokenInvalid() {
$this->csrfToken
->expects($this
->once())
->method('validate')
->with('test_query', 'test-path')
->will($this
->returnValue(FALSE));
$this->routeMatch
->expects($this
->once())
->method('getRawParameters')
->will($this
->returnValue([]));
$route = new Route('/test-path', [], [
'_csrf_token' => 'TRUE',
]);
$request = Request::create('/test-path?token=test_query');
$this
->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is invalid.")
->setCacheMaxAge(0), $this->accessCheck
->access($route, $request, $this->routeMatch));
}
/**
* @covers ::access
*/
public function testCsrfTokenMissing() {
$this->csrfToken
->expects($this
->once())
->method('validate')
->with('', 'test-path')
->will($this
->returnValue(FALSE));
$this->routeMatch
->expects($this
->once())
->method('getRawParameters')
->will($this
->returnValue([]));
$route = new Route('/test-path', [], [
'_csrf_token' => 'TRUE',
]);
$request = Request::create('/test-path');
$this
->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is missing.")
->setCacheMaxAge(0), $this->accessCheck
->access($route, $request, $this->routeMatch));
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
CsrfAccessCheckTest:: |
protected | property | The access checker. | |
CsrfAccessCheckTest:: |
protected | property | The mock CSRF token generator. | |
CsrfAccessCheckTest:: |
protected | property | The mock route match. | |
CsrfAccessCheckTest:: |
protected | function |
Overrides UnitTestCase:: |
|
CsrfAccessCheckTest:: |
public | function | Tests the access() method with a valid token. | |
CsrfAccessCheckTest:: |
public | function | @covers ::access | |
CsrfAccessCheckTest:: |
public | function | @covers ::access | |
PhpUnitWarnings:: |
private static | property | Deprecation warnings from PHPUnit to raise with @trigger_error(). | |
PhpUnitWarnings:: |
public | function | Converts PHPUnit deprecation warnings to E_USER_DEPRECATED. | |
UnitTestCase:: |
protected | property | The random generator. | |
UnitTestCase:: |
protected | property | The app root. | 1 |
UnitTestCase:: |
protected | function | Returns a stub class resolver. | |
UnitTestCase:: |
public | function | Returns a stub config factory that behaves according to the passed array. | |
UnitTestCase:: |
public | function | Returns a stub config storage that returns the supplied configuration. | |
UnitTestCase:: |
protected | function | Sets up a container with a cache tags invalidator. | |
UnitTestCase:: |
protected | function | Gets the random generator for the utility methods. | |
UnitTestCase:: |
public | function | Returns a stub translation manager that just returns the passed string. | |
UnitTestCase:: |
public | function | Generates a unique random string containing letters and numbers. | |
UnitTestCase:: |
public static | function |