Mercurial > hg > isophonics-drupal-site

diff core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php @ 14:1fec387a4317

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to 8.5.2 via Composer
author Chris Cannam
date Mon, 23 Apr 2018 09:46:53 +0100
parents 7a779792577d
children 129ea1e6d783
line wrap: on
line diff
--- a/core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php	Mon Apr 23 09:33:26 2018 +0100
+++ b/core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php	Mon Apr 23 09:46:53 2018 +0100
@@ -61,7 +61,7 @@
       'pass' => $this->account->passRaw,
     ];
 
-    $request_options[RequestOptions::BODY] = $this->serializer->encode($request_body, 'json');
+    $request_options[RequestOptions::BODY] = $this->serializer->encode($request_body, static::$format);
     $request_options[RequestOptions::HEADERS] = [
       'Content-Type' => static::$mimeType,
     ];
@@ -91,11 +91,31 @@
   /**
    * {@inheritdoc}
    */
-  protected function assertResponseWhenMissingAuthentication(ResponseInterface $response) {
+  protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
     // Requests needing cookie authentication but missing it results in a 403
     // response. The cookie authentication mechanism sets no response message.
+    // Hence, effectively, this is just the 403 response that one gets as the
+    // anonymous user trying to access a certain REST resource.
+    // @see \Drupal\user\Authentication\Provider\Cookie
     // @todo https://www.drupal.org/node/2847623
-    $this->assertResourceErrorResponse(403, FALSE, $response);
+    if ($method === 'GET') {
+      $expected_cookie_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
+      // - \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber applies
+      //   to cacheable anonymous responses: it updates their cacheability.
+      // - A 403 response to a GET request is cacheable.
+      // Therefore we must update our cacheability expectations accordingly.
+      if (in_array('user.permissions', $expected_cookie_403_cacheability->getCacheContexts(), TRUE)) {
+        $expected_cookie_403_cacheability->addCacheTags(['config:user.role.anonymous']);
+      }
+      // @todo Fix \Drupal\block\BlockAccessControlHandler::mergeCacheabilityFromConditions() in https://www.drupal.org/node/2867881
+      if (static::$entityTypeId === 'block') {
+        $expected_cookie_403_cacheability->setCacheTags(str_replace('user:2', 'user:0', $expected_cookie_403_cacheability->getCacheTags()));
+      }
+      $this->assertResourceErrorResponse(403, FALSE, $response, $expected_cookie_403_cacheability->getCacheTags(), $expected_cookie_403_cacheability->getCacheContexts(), 'MISS', 'MISS');
+    }
+    else {
+      $this->assertResourceErrorResponse(403, FALSE, $response);
+    }
   }
 
   /**