You are here

class RouteProcessorCsrfTest in Drupal 8

Same name and namespace in other branches
  1. 9 core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php \Drupal\Tests\Core\Access\RouteProcessorCsrfTest

@coversDefaultClass \Drupal\Core\Access\RouteProcessorCsrf @group Access

Hierarchy

Expanded class hierarchy of RouteProcessorCsrfTest

File

core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php, line 15

Namespace

Drupal\Tests\Core\Access
View source
class RouteProcessorCsrfTest extends UnitTestCase {

  /**
   * The mock CSRF token generator.
   *
   * @var \Drupal\Core\Access\CsrfTokenGenerator|\PHPUnit\Framework\MockObject\MockObject
   */
  protected $csrfToken;

  /**
   * The route processor.
   *
   * @var \Drupal\Core\Access\RouteProcessorCsrf
   */
  protected $processor;
  protected function setUp() {
    $this->csrfToken = $this
      ->getMockBuilder('Drupal\\Core\\Access\\CsrfTokenGenerator')
      ->disableOriginalConstructor()
      ->getMock();
    $this->processor = new RouteProcessorCsrf($this->csrfToken);
  }

  /**
   * Tests the processOutbound() method with no _csrf_token route requirement.
   */
  public function testProcessOutboundNoRequirement() {
    $this->csrfToken
      ->expects($this
      ->never())
      ->method('get');
    $route = new Route('/test-path');
    $parameters = [];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);

    // No parameters should be added to the parameters array.
    $this
      ->assertEmpty($parameters);

    // Cacheability of routes without a _csrf_token route requirement is
    // unaffected.
    $this
      ->assertEquals(new BubbleableMetadata(), $bubbleable_metadata);
  }

  /**
   * Tests the processOutbound() method with a _csrf_token route requirement.
   */
  public function testProcessOutbound() {
    $route = new Route('/test-path', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $parameters = [];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);

    // 'token' should be added to the parameters array.
    $this
      ->assertArrayHasKey('token', $parameters);

    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = 'test-path';
    $placeholder = Crypt::hashBase64($path);
    $placeholder_render_array = [
      '#lazy_builder' => [
        'route_processor_csrf:renderPlaceholderCsrfToken',
        [
          $path,
        ],
      ],
    ];
    $this
      ->assertSame($parameters['token'], $placeholder);
    $this
      ->assertEquals((new BubbleableMetadata())
      ->setAttachments([
      'placeholders' => [
        $placeholder => $placeholder_render_array,
      ],
    ]), $bubbleable_metadata);
  }

  /**
   * Tests the processOutbound() method with a dynamic path and one replacement.
   */
  public function testProcessOutboundDynamicOne() {
    $route = new Route('/test-path/{slug}', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $parameters = [
      'slug' => 100,
    ];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);

    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = 'test-path/100';
    $placeholder = Crypt::hashBase64($path);
    $placeholder_render_array = [
      '#lazy_builder' => [
        'route_processor_csrf:renderPlaceholderCsrfToken',
        [
          $path,
        ],
      ],
    ];
    $this
      ->assertEquals((new BubbleableMetadata())
      ->setAttachments([
      'placeholders' => [
        $placeholder => $placeholder_render_array,
      ],
    ]), $bubbleable_metadata);
  }

  /**
   * Tests the processOutbound() method with two parameter replacements.
   */
  public function testProcessOutboundDynamicTwo() {
    $route = new Route('{slug_1}/test-path/{slug_2}', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $parameters = [
      'slug_1' => 100,
      'slug_2' => 'test',
    ];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);

    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = '100/test-path/test';
    $placeholder = Crypt::hashBase64($path);
    $placeholder_render_array = [
      '#lazy_builder' => [
        'route_processor_csrf:renderPlaceholderCsrfToken',
        [
          $path,
        ],
      ],
    ];
    $this
      ->assertEquals((new BubbleableMetadata())
      ->setAttachments([
      'placeholders' => [
        $placeholder => $placeholder_render_array,
      ],
    ]), $bubbleable_metadata);
  }

}

Members

Namesort descending Modifiers Type Description Overrides
PhpunitCompatibilityTrait::getMock Deprecated public function Returns a mock object for the specified class using the available method.
PhpunitCompatibilityTrait::setExpectedException Deprecated public function Compatibility layer for PHPUnit 6 to support PHPUnit 4 code.
RouteProcessorCsrfTest::$csrfToken protected property The mock CSRF token generator.
RouteProcessorCsrfTest::$processor protected property The route processor.
RouteProcessorCsrfTest::setUp protected function Overrides UnitTestCase::setUp
RouteProcessorCsrfTest::testProcessOutbound public function Tests the processOutbound() method with a _csrf_token route requirement.
RouteProcessorCsrfTest::testProcessOutboundDynamicOne public function Tests the processOutbound() method with a dynamic path and one replacement.
RouteProcessorCsrfTest::testProcessOutboundDynamicTwo public function Tests the processOutbound() method with two parameter replacements.
RouteProcessorCsrfTest::testProcessOutboundNoRequirement public function Tests the processOutbound() method with no _csrf_token route requirement.
UnitTestCase::$randomGenerator protected property The random generator.
UnitTestCase::$root protected property The app root. 1
UnitTestCase::assertArrayEquals protected function Asserts if two arrays are equal by sorting them first.
UnitTestCase::getBlockMockWithMachineName Deprecated protected function Mocks a block with a block plugin. 1
UnitTestCase::getClassResolverStub protected function Returns a stub class resolver.
UnitTestCase::getConfigFactoryStub public function Returns a stub config factory that behaves according to the passed array.
UnitTestCase::getConfigStorageStub public function Returns a stub config storage that returns the supplied configuration.
UnitTestCase::getContainerWithCacheTagsInvalidator protected function Sets up a container with a cache tags invalidator.
UnitTestCase::getRandomGenerator protected function Gets the random generator for the utility methods.
UnitTestCase::getStringTranslationStub public function Returns a stub translation manager that just returns the passed string.
UnitTestCase::randomMachineName public function Generates a unique random string containing letters and numbers.