Mercurial > hg > isophonics-drupal-site
comparison core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php @ 17:129ea1e6d783
Update, including to Drupal core 8.6.10
| author | Chris Cannam |
|---|---|
| date | Thu, 28 Feb 2019 13:21:36 +0000 |
| parents | 1fec387a4317 |
| children |
comparison
equal
deleted
inserted
replaced
| 16:c2387f117808 | 17:129ea1e6d783 |
|---|---|
| 12 * - Every request must send an Authorization header. | 12 * - Every request must send an Authorization header. |
| 13 * - When accessing a URI that requires authentication without being | 13 * - When accessing a URI that requires authentication without being |
| 14 * authenticated, a 401 response must be sent. | 14 * authenticated, a 401 response must be sent. |
| 15 * - Because every request must send an authorization, there is no danger of | 15 * - Because every request must send an authorization, there is no danger of |
| 16 * CSRF attacks. | 16 * CSRF attacks. |
| 17 * | |
| 18 * @see \Drupal\Tests\rest\Functional\BasicAuthResourceWithInterfaceTranslationTestTrait | |
| 19 */ | 17 */ |
| 20 trait BasicAuthResourceTestTrait { | 18 trait BasicAuthResourceTestTrait { |
| 21 | 19 |
| 22 /** | 20 /** |
| 23 * {@inheritdoc} | 21 * {@inheritdoc} |
| 32 | 30 |
| 33 /** | 31 /** |
| 34 * {@inheritdoc} | 32 * {@inheritdoc} |
| 35 */ | 33 */ |
| 36 protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) { | 34 protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) { |
| 35 if ($method !== 'GET') { | |
| 36 return $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response); | |
| 37 } | |
| 38 | |
| 37 $expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE; | 39 $expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE; |
| 38 // @see \Drupal\basic_auth\Authentication\Provider\BasicAuth::challengeException() | 40 $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability() |
| 39 $expected_dynamic_page_cache_header_value = $expected_page_cache_header_value; | 41 ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE)) |
| 40 $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response, ['4xx-response', 'config:system.site', 'config:user.role.anonymous', 'http_response'], ['user.roles:anonymous'], $expected_page_cache_header_value, $expected_dynamic_page_cache_header_value); | 42 // @see \Drupal\basic_auth\Authentication\Provider\BasicAuth::challengeException() |
| 43 ->addCacheableDependency($this->config('system.site')) | |
| 44 // @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond() | |
| 45 ->addCacheTags(['config:user.role.anonymous']); | |
| 46 // Only add the 'user.roles:anonymous' cache context if its parent cache | |
| 47 // context is not already present. | |
| 48 if (!in_array('user.roles', $expected_cacheability->getCacheContexts(), TRUE)) { | |
| 49 $expected_cacheability->addCacheContexts(['user.roles:anonymous']); | |
| 50 } | |
| 51 $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), $expected_page_cache_header_value, FALSE); | |
| 41 } | 52 } |
| 42 | 53 |
| 43 /** | 54 /** |
| 44 * {@inheritdoc} | 55 * {@inheritdoc} |
| 45 */ | 56 */ |