Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\Tests\rest\Functional;
Chris@0: 
Chris@0: use Drupal\Core\Url;
Chris@0: use Psr\Http\Message\ResponseInterface;
Chris@0: 
Chris@0: /**
Chris@0:  * Trait for ResourceTestBase subclasses testing $auth=basic_auth.
Chris@0:  *
Chris@0:  * Characteristics:
Chris@0:  * - Every request must send an Authorization header.
Chris@0:  * - When accessing a URI that requires authentication without being
Chris@0:  *   authenticated, a 401 response must be sent.
Chris@0:  * - Because every request must send an authorization, there is no danger of
Chris@0:  *   CSRF attacks.
Chris@0:  */
Chris@0: trait BasicAuthResourceTestTrait {
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   protected function getAuthenticationRequestOptions($method) {
Chris@0:     return [
Chris@0:       'headers' => [
Chris@0:         'Authorization' => 'Basic ' . base64_encode($this->account->name->value . ':' . $this->account->passRaw),
Chris@0:       ],
Chris@0:     ];
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@14:   protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
Chris@17:     if ($method !== 'GET') {
Chris@17:       return $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response);
Chris@17:     }
Chris@17: 
Chris@14:     $expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE;
Chris@17:     $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
Chris@17:       ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE))
Chris@17:       // @see \Drupal\basic_auth\Authentication\Provider\BasicAuth::challengeException()
Chris@17:       ->addCacheableDependency($this->config('system.site'))
Chris@17:       // @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond()
Chris@17:       ->addCacheTags(['config:user.role.anonymous']);
Chris@17:     // Only add the 'user.roles:anonymous' cache context if its parent cache
Chris@17:     // context is not already present.
Chris@17:     if (!in_array('user.roles', $expected_cacheability->getCacheContexts(), TRUE)) {
Chris@17:       $expected_cacheability->addCacheContexts(['user.roles:anonymous']);
Chris@17:     }
Chris@17:     $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), $expected_page_cache_header_value, FALSE);
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@12:   protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
Chris@12:   }
Chris@0: 
Chris@0: }