You are here

Home » API reference » Drupal 9

RouteProcessorCsrfTest.php in Drupal 9

Same filename and directory in other branches
  1. 8 core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php

Namespace

Drupal\Tests\Core\Access

File

core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php
View source 
<?php

namespace Drupal\Tests\Core\Access;

use Drupal\Component\Utility\Crypt;
use Drupal\Core\Render\BubbleableMetadata;
use Drupal\Tests\UnitTestCase;
use Drupal\Core\Access\RouteProcessorCsrf;
use Symfony\Component\Routing\Route;

/**
 * @coversDefaultClass \Drupal\Core\Access\RouteProcessorCsrf
 * @group Access
 */
class RouteProcessorCsrfTest extends UnitTestCase {

  /**
   * The mock CSRF token generator.
   *
   * @var \Drupal\Core\Access\CsrfTokenGenerator|\PHPUnit\Framework\MockObject\MockObject
   */
  protected $csrfToken;

  /**
   * The route processor.
   *
   * @var \Drupal\Core\Access\RouteProcessorCsrf
   */
  protected $processor;
  protected function setUp() : void {
    $this->csrfToken = $this
      ->getMockBuilder('Drupal\\Core\\Access\\CsrfTokenGenerator')
      ->disableOriginalConstructor()
      ->getMock();
    $this->processor = new RouteProcessorCsrf($this->csrfToken);
  }

  /**
   * Tests the processOutbound() method with no _csrf_token route requirement.
   */
  public function testProcessOutboundNoRequirement() {
    $this->csrfToken
      ->expects($this
      ->never())
      ->method('get');
    $route = new Route('/test-path');
    $parameters = [];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);

    // No parameters should be added to the parameters array.
    $this
      ->assertEmpty($parameters);

    // Cacheability of routes without a _csrf_token route requirement is
    // unaffected.
    $this
      ->assertEquals(new BubbleableMetadata(), $bubbleable_metadata);
  }

  /**
   * Tests the processOutbound() method with a _csrf_token route requirement.
   */
  public function testProcessOutbound() {
    $route = new Route('/test-path', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $parameters = [];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);

    // 'token' should be added to the parameters array.
    $this
      ->assertArrayHasKey('token', $parameters);

    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = 'test-path';
    $placeholder = Crypt::hashBase64($path);
    $placeholder_render_array = [
      '#lazy_builder' => [
        'route_processor_csrf:renderPlaceholderCsrfToken',
        [
          $path,
        ],
      ],
    ];
    $this
      ->assertSame($parameters['token'], $placeholder);
    $this
      ->assertEquals((new BubbleableMetadata())
      ->setAttachments([
      'placeholders' => [
        $placeholder => $placeholder_render_array,
      ],
    ]), $bubbleable_metadata);
  }

  /**
   * Tests the processOutbound() method with a dynamic path and one replacement.
   */
  public function testProcessOutboundDynamicOne() {
    $route = new Route('/test-path/{slug}', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $parameters = [
      'slug' => 100,
    ];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);

    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = 'test-path/100';
    $placeholder = Crypt::hashBase64($path);
    $placeholder_render_array = [
      '#lazy_builder' => [
        'route_processor_csrf:renderPlaceholderCsrfToken',
        [
          $path,
        ],
      ],
    ];
    $this
      ->assertEquals((new BubbleableMetadata())
      ->setAttachments([
      'placeholders' => [
        $placeholder => $placeholder_render_array,
      ],
    ]), $bubbleable_metadata);
  }

  /**
   * Tests the processOutbound() method with two parameter replacements.
   */
  public function testProcessOutboundDynamicTwo() {
    $route = new Route('{slug_1}/test-path/{slug_2}', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $parameters = [
      'slug_1' => 100,
      'slug_2' => 'test',
    ];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);

    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = '100/test-path/test';
    $placeholder = Crypt::hashBase64($path);
    $placeholder_render_array = [
      '#lazy_builder' => [
        'route_processor_csrf:renderPlaceholderCsrfToken',
        [
          $path,
        ],
      ],
    ];
    $this
      ->assertEquals((new BubbleableMetadata())
      ->setAttachments([
      'placeholders' => [
        $placeholder => $placeholder_render_array,
      ],
    ]), $bubbleable_metadata);
  }

}

Classes

Namesort descending Description
RouteProcessorCsrfTest @coversDefaultClass \Drupal\Core\Access\RouteProcessorCsrf @group Access