You are here

public function FormBuilderTest::testInvalidToken in Drupal 9

Same name and namespace in other branches
  1. 8 core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php \Drupal\Tests\Core\Form\FormBuilderTest::testInvalidToken()

@covers ::doBuildForm

@dataProvider providerTestInvalidToken

File

core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php, line 813
Contains \Drupal\Tests\Core\Form\FormBuilderTest.

Class

FormBuilderTest
@coversDefaultClass \Drupal\Core\Form\FormBuilder @group Form

Namespace

Drupal\Tests\Core\Form

Code

public function testInvalidToken($expected, $valid_token, $user_is_authenticated) {
  $form_token = 'the_form_token';
  $form_id = 'test_form_id';
  if (is_bool($valid_token)) {
    $this->csrfToken
      ->expects($this
      ->any())
      ->method('get')
      ->willReturnArgument(0);
    $this->csrfToken
      ->expects($this
      ->atLeastOnce())
      ->method('validate')
      ->willReturn($valid_token);
  }
  $current_user = $this
    ->prophesize(AccountInterface::class);
  $current_user
    ->isAuthenticated()
    ->willReturn($user_is_authenticated);
  $property = new \ReflectionProperty(FormBuilder::class, 'currentUser');
  $property
    ->setAccessible(TRUE);
  $property
    ->setValue($this->formBuilder, $current_user
    ->reveal());
  $expected_form = $form_id();
  $form_arg = $this
    ->getMockForm($form_id, $expected_form);

  // Set up some request data so we can be sure it is removed when a token is
  // invalid.
  $this->request->request
    ->set('foo', 'bar');
  $_POST['foo'] = 'bar';
  $form_state = new FormState();
  $input['form_id'] = $form_id;
  $input['form_token'] = $form_token;
  $input['test'] = 'example-value';
  $form_state
    ->setUserInput($input);
  $form = $this
    ->simulateFormSubmission($form_id, $form_arg, $form_state, FALSE);
  $this
    ->assertSame($expected, $form_state
    ->hasInvalidToken());
  if ($expected) {
    $this
      ->assertEmpty($form['test']['#value']);
    $this
      ->assertEmpty($form_state
      ->getValue('test'));
    $this
      ->assertEmpty($_POST);
    $this
      ->assertEmpty(iterator_to_array($this->request->request
      ->getIterator()));
  }
  else {
    $this
      ->assertEquals('example-value', $form['test']['#value']);
    $this
      ->assertEquals('example-value', $form_state
      ->getValue('test'));
    $this
      ->assertEquals('bar', $_POST['foo']);
    $this
      ->assertEquals('bar', $this->request->request
      ->get('foo'));
  }
}