Mercurial > hg > isophonics-drupal-site
comparison core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php @ 0:4c8ae668cc8c
Initial import (non-working)
| author | Chris Cannam |
|---|---|
| date | Wed, 29 Nov 2017 16:09:58 +0000 |
| parents | |
| children | 7a779792577d |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:4c8ae668cc8c |
|---|---|
| 1 <?php | |
| 2 | |
| 3 namespace Drupal\Tests\rest\Functional; | |
| 4 | |
| 5 use Drupal\Core\Url; | |
| 6 use Psr\Http\Message\ResponseInterface; | |
| 7 | |
| 8 /** | |
| 9 * Trait for ResourceTestBase subclasses testing $auth=NULL, i.e. authless/anon. | |
| 10 * | |
| 11 * Characteristics: | |
| 12 * - When no authentication provider is being used, there also cannot be any | |
| 13 * particular error response for missing authentication, since by definition | |
| 14 * there is not any authentication. | |
| 15 * - For the same reason, there are no authentication edge cases to test. | |
| 16 * - Because no authentication is required, this is vulnerable to CSRF attacks | |
| 17 * by design. Hence a REST resource should probably only allow for anonymous | |
| 18 * for safe (GET/HEAD) HTTP methods, and only with extreme care should unsafe | |
| 19 * (POST/PATCH/DELETE) HTTP methods be allowed for a REST resource that allows | |
| 20 * anonymous access. | |
| 21 */ | |
| 22 trait AnonResourceTestTrait { | |
| 23 | |
| 24 /** | |
| 25 * {@inheritdoc} | |
| 26 */ | |
| 27 protected function assertResponseWhenMissingAuthentication(ResponseInterface $response) { | |
| 28 throw new \LogicException('When testing for anonymous users, authentication cannot be missing.'); | |
| 29 } | |
| 30 | |
| 31 /** | |
| 32 * {@inheritdoc} | |
| 33 */ | |
| 34 protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {} | |
| 35 | |
| 36 } |