Chris@0
|
1 <?php
|
Chris@0
|
2
|
Chris@0
|
3 namespace Drupal\Tests\rest\Functional;
|
Chris@0
|
4
|
Chris@0
|
5 use Drupal\Core\Url;
|
Chris@0
|
6 use Psr\Http\Message\ResponseInterface;
|
Chris@0
|
7
|
Chris@0
|
8 /**
|
Chris@0
|
9 * Trait for ResourceTestBase subclasses testing $auth=basic_auth.
|
Chris@0
|
10 *
|
Chris@0
|
11 * Characteristics:
|
Chris@0
|
12 * - Every request must send an Authorization header.
|
Chris@0
|
13 * - When accessing a URI that requires authentication without being
|
Chris@0
|
14 * authenticated, a 401 response must be sent.
|
Chris@0
|
15 * - Because every request must send an authorization, there is no danger of
|
Chris@0
|
16 * CSRF attacks.
|
Chris@0
|
17 */
|
Chris@0
|
18 trait BasicAuthResourceTestTrait {
|
Chris@0
|
19
|
Chris@0
|
20 /**
|
Chris@0
|
21 * {@inheritdoc}
|
Chris@0
|
22 */
|
Chris@0
|
23 protected function getAuthenticationRequestOptions($method) {
|
Chris@0
|
24 return [
|
Chris@0
|
25 'headers' => [
|
Chris@0
|
26 'Authorization' => 'Basic ' . base64_encode($this->account->name->value . ':' . $this->account->passRaw),
|
Chris@0
|
27 ],
|
Chris@0
|
28 ];
|
Chris@0
|
29 }
|
Chris@0
|
30
|
Chris@0
|
31 /**
|
Chris@0
|
32 * {@inheritdoc}
|
Chris@0
|
33 */
|
Chris@14
|
34 protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
|
Chris@17
|
35 if ($method !== 'GET') {
|
Chris@17
|
36 return $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response);
|
Chris@17
|
37 }
|
Chris@17
|
38
|
Chris@14
|
39 $expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE;
|
Chris@17
|
40 $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
|
Chris@17
|
41 ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE))
|
Chris@17
|
42 // @see \Drupal\basic_auth\Authentication\Provider\BasicAuth::challengeException()
|
Chris@17
|
43 ->addCacheableDependency($this->config('system.site'))
|
Chris@17
|
44 // @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond()
|
Chris@17
|
45 ->addCacheTags(['config:user.role.anonymous']);
|
Chris@17
|
46 // Only add the 'user.roles:anonymous' cache context if its parent cache
|
Chris@17
|
47 // context is not already present.
|
Chris@17
|
48 if (!in_array('user.roles', $expected_cacheability->getCacheContexts(), TRUE)) {
|
Chris@17
|
49 $expected_cacheability->addCacheContexts(['user.roles:anonymous']);
|
Chris@17
|
50 }
|
Chris@17
|
51 $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), $expected_page_cache_header_value, FALSE);
|
Chris@0
|
52 }
|
Chris@0
|
53
|
Chris@0
|
54 /**
|
Chris@0
|
55 * {@inheritdoc}
|
Chris@0
|
56 */
|
Chris@12
|
57 protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
|
Chris@12
|
58 }
|
Chris@0
|
59
|
Chris@0
|
60 }
|