annotate core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php @ 14:1fec387a4317
Update Drupal core to 8.5.2 via Composer
| author |
Chris Cannam |
| date |
Mon, 23 Apr 2018 09:46:53 +0100 |
| parents |
7a779792577d |
| children |
129ea1e6d783 |
| rev |
line source |
|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\Tests\rest\Functional;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\Core\Url;
|
|
Chris@0
|
6 use Psr\Http\Message\ResponseInterface;
|
|
Chris@0
|
7
|
|
Chris@0
|
8 /**
|
|
Chris@0
|
9 * Trait for ResourceTestBase subclasses testing $auth=basic_auth.
|
|
Chris@0
|
10 *
|
|
Chris@0
|
11 * Characteristics:
|
|
Chris@0
|
12 * - Every request must send an Authorization header.
|
|
Chris@0
|
13 * - When accessing a URI that requires authentication without being
|
|
Chris@0
|
14 * authenticated, a 401 response must be sent.
|
|
Chris@0
|
15 * - Because every request must send an authorization, there is no danger of
|
|
Chris@0
|
16 * CSRF attacks.
|
|
Chris@14
|
17 *
|
|
Chris@14
|
18 * @see \Drupal\Tests\rest\Functional\BasicAuthResourceWithInterfaceTranslationTestTrait
|
|
Chris@0
|
19 */
|
|
Chris@0
|
20 trait BasicAuthResourceTestTrait {
|
|
Chris@0
|
21
|
|
Chris@0
|
22 /**
|
|
Chris@0
|
23 * {@inheritdoc}
|
|
Chris@0
|
24 */
|
|
Chris@0
|
25 protected function getAuthenticationRequestOptions($method) {
|
|
Chris@0
|
26 return [
|
|
Chris@0
|
27 'headers' => [
|
|
Chris@0
|
28 'Authorization' => 'Basic ' . base64_encode($this->account->name->value . ':' . $this->account->passRaw),
|
|
Chris@0
|
29 ],
|
|
Chris@0
|
30 ];
|
|
Chris@0
|
31 }
|
|
Chris@0
|
32
|
|
Chris@0
|
33 /**
|
|
Chris@0
|
34 * {@inheritdoc}
|
|
Chris@0
|
35 */
|
|
Chris@14
|
36 protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
|
|
Chris@14
|
37 $expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE;
|
|
Chris@14
|
38 // @see \Drupal\basic_auth\Authentication\Provider\BasicAuth::challengeException()
|
|
Chris@14
|
39 $expected_dynamic_page_cache_header_value = $expected_page_cache_header_value;
|
|
Chris@14
|
40 $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response, ['4xx-response', 'config:system.site', 'config:user.role.anonymous', 'http_response'], ['user.roles:anonymous'], $expected_page_cache_header_value, $expected_dynamic_page_cache_header_value);
|
|
Chris@0
|
41 }
|
|
Chris@0
|
42
|
|
Chris@0
|
43 /**
|
|
Chris@0
|
44 * {@inheritdoc}
|
|
Chris@0
|
45 */
|
|
Chris@12
|
46 protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
|
|
Chris@12
|
47 }
|
|
Chris@0
|
48
|
|
Chris@0
|
49 }
|
