Mercurial > hg > isophonics-drupal-site

diff core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php @ 0:4c8ae668cc8c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial import (non-working)
author Chris Cannam
date Wed, 29 Nov 2017 16:09:58 +0000
parents
children 7a779792577d
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php	Wed Nov 29 16:09:58 2017 +0000
@@ -0,0 +1,43 @@
+<?php
+
+namespace Drupal\Tests\rest\Functional;
+
+use Drupal\Core\Url;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Trait for ResourceTestBase subclasses testing $auth=basic_auth.
+ *
+ * Characteristics:
+ * - Every request must send an Authorization header.
+ * - When accessing a URI that requires authentication without being
+ *   authenticated, a 401 response must be sent.
+ * - Because every request must send an authorization, there is no danger of
+ *   CSRF attacks.
+ */
+trait BasicAuthResourceTestTrait {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function getAuthenticationRequestOptions($method) {
+    return [
+      'headers' => [
+        'Authorization' => 'Basic ' . base64_encode($this->account->name->value . ':' . $this->account->passRaw),
+      ],
+    ];
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function assertResponseWhenMissingAuthentication(ResponseInterface $response) {
+    $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response);
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {}
+
+}