Mercurial > hg > isophonics-drupal-site
annotate core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php @ 19:fa3358dc1485 tip
Add ndrum files
author | Chris Cannam |
---|---|
date | Wed, 28 Aug 2019 13:14:47 +0100 |
parents | 1fec387a4317 |
children |
rev | line source |
---|---|
Chris@0 | 1 <?php |
Chris@0 | 2 |
Chris@0 | 3 namespace Drupal\Tests\rest\Functional; |
Chris@0 | 4 |
Chris@0 | 5 use Drupal\Core\Url; |
Chris@0 | 6 use Psr\Http\Message\ResponseInterface; |
Chris@0 | 7 |
Chris@0 | 8 /** |
Chris@0 | 9 * Trait for ResourceTestBase subclasses testing $auth=NULL, i.e. authless/anon. |
Chris@0 | 10 * |
Chris@0 | 11 * Characteristics: |
Chris@0 | 12 * - When no authentication provider is being used, there also cannot be any |
Chris@0 | 13 * particular error response for missing authentication, since by definition |
Chris@0 | 14 * there is not any authentication. |
Chris@0 | 15 * - For the same reason, there are no authentication edge cases to test. |
Chris@0 | 16 * - Because no authentication is required, this is vulnerable to CSRF attacks |
Chris@0 | 17 * by design. Hence a REST resource should probably only allow for anonymous |
Chris@0 | 18 * for safe (GET/HEAD) HTTP methods, and only with extreme care should unsafe |
Chris@0 | 19 * (POST/PATCH/DELETE) HTTP methods be allowed for a REST resource that allows |
Chris@0 | 20 * anonymous access. |
Chris@0 | 21 */ |
Chris@0 | 22 trait AnonResourceTestTrait { |
Chris@0 | 23 |
Chris@0 | 24 /** |
Chris@0 | 25 * {@inheritdoc} |
Chris@0 | 26 */ |
Chris@14 | 27 protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) { |
Chris@0 | 28 throw new \LogicException('When testing for anonymous users, authentication cannot be missing.'); |
Chris@0 | 29 } |
Chris@0 | 30 |
Chris@0 | 31 /** |
Chris@0 | 32 * {@inheritdoc} |
Chris@0 | 33 */ |
Chris@12 | 34 protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) { |
Chris@12 | 35 } |
Chris@0 | 36 |
Chris@0 | 37 } |