annotate core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php @ 18:af1871eacc83
Update to Drupal core 8.7.1
| author |
Chris Cannam |
| date |
Thu, 09 May 2019 15:33:08 +0100 |
| parents |
1fec387a4317 |
| children |
|
| rev |
line source |
|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\Tests\rest\Functional;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\Core\Url;
|
|
Chris@0
|
6 use Psr\Http\Message\ResponseInterface;
|
|
Chris@0
|
7
|
|
Chris@0
|
8 /**
|
|
Chris@0
|
9 * Trait for ResourceTestBase subclasses testing $auth=NULL, i.e. authless/anon.
|
|
Chris@0
|
10 *
|
|
Chris@0
|
11 * Characteristics:
|
|
Chris@0
|
12 * - When no authentication provider is being used, there also cannot be any
|
|
Chris@0
|
13 * particular error response for missing authentication, since by definition
|
|
Chris@0
|
14 * there is not any authentication.
|
|
Chris@0
|
15 * - For the same reason, there are no authentication edge cases to test.
|
|
Chris@0
|
16 * - Because no authentication is required, this is vulnerable to CSRF attacks
|
|
Chris@0
|
17 * by design. Hence a REST resource should probably only allow for anonymous
|
|
Chris@0
|
18 * for safe (GET/HEAD) HTTP methods, and only with extreme care should unsafe
|
|
Chris@0
|
19 * (POST/PATCH/DELETE) HTTP methods be allowed for a REST resource that allows
|
|
Chris@0
|
20 * anonymous access.
|
|
Chris@0
|
21 */
|
|
Chris@0
|
22 trait AnonResourceTestTrait {
|
|
Chris@0
|
23
|
|
Chris@0
|
24 /**
|
|
Chris@0
|
25 * {@inheritdoc}
|
|
Chris@0
|
26 */
|
|
Chris@14
|
27 protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
|
|
Chris@0
|
28 throw new \LogicException('When testing for anonymous users, authentication cannot be missing.');
|
|
Chris@0
|
29 }
|
|
Chris@0
|
30
|
|
Chris@0
|
31 /**
|
|
Chris@0
|
32 * {@inheritdoc}
|
|
Chris@0
|
33 */
|
|
Chris@12
|
34 protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
|
|
Chris@12
|
35 }
|
|
Chris@0
|
36
|
|
Chris@0
|
37 }
|
