You are here

Home » API reference » RESTful 7 » RestfulCsrfTokenTestCase.test » RestfulCsrfTokenTestCase

function RestfulCsrfTokenTestCase::testCsrfToken in RESTful 7

Same name and namespace in other branches
  1. 7.2 tests/RestfulCsrfTokenTestCase.test \RestfulCsrfTokenTestCase::testCsrfToken()

Test the validation of a CSRF token for authenticated users.

File

tests/RestfulCsrfTokenTestCase.test, line 32
Contains RestfulCsrfTokenTestCase

Class

RestfulCsrfTokenTestCase
@file Contains RestfulCsrfTokenTestCase

Code

function testCsrfToken() {
  global $user;
  $write_operations = array(
    \RestfulInterface::POST,
    \RestfulInterface::PUT,
    \RestfulInterface::PATCH,
    \RestfulInterface::DELETE,
  );
  $permissions = array(
    'create article content',
    'edit any article content',
    'delete any article content',
  );
  $account = $this
    ->drupalCreateUser($permissions);
  $this
    ->drupalLogin($account);
  $user = $account;

  // Check CSRF is not checked for read operations.
  $this
    ->checkCsrfRequest(array(
    \RestfulInterface::GET,
  ), FALSE);
  $this
    ->checkCsrfRequest($write_operations, TRUE);
}