You are here

public function CsrfAccessCheckTest::testCsrfTokenInvalid in Drupal 8

Same name and namespace in other branches
  1. 9 core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest::testCsrfTokenInvalid()

@covers ::access

File

core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php, line 70

Class

CsrfAccessCheckTest
@coversDefaultClass \Drupal\Core\Access\CsrfAccessCheck @group Access

Namespace

Drupal\Tests\Core\Access

Code

public function testCsrfTokenInvalid() {
  $this->csrfToken
    ->expects($this
    ->once())
    ->method('validate')
    ->with('test_query', 'test-path')
    ->will($this
    ->returnValue(FALSE));
  $this->routeMatch
    ->expects($this
    ->once())
    ->method('getRawParameters')
    ->will($this
    ->returnValue([]));
  $route = new Route('/test-path', [], [
    '_csrf_token' => 'TRUE',
  ]);
  $request = Request::create('/test-path?token=test_query');
  $this
    ->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is invalid.")
    ->setCacheMaxAge(0), $this->accessCheck
    ->access($route, $request, $this->routeMatch));
}