trait AnonResourceTestTrait
Same name and namespace in other branches
- 9 core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php \Drupal\Tests\rest\Functional\AnonResourceTestTrait
- 8.9.x core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php \Drupal\Tests\rest\Functional\AnonResourceTestTrait
- 10 core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php \Drupal\Tests\rest\Functional\AnonResourceTestTrait
Defines a trait for testing with no authentication provider.
This is intended to be used with \Drupal\Tests\rest\Functional\ResourceTestBase.
Characteristics:
- When no authentication provider is being used, there also cannot be any particular error response for missing authentication, since by definition there is not any authentication.
- For the same reason, there are no authentication edge cases to test.
- Because no authentication is required, this is vulnerable to CSRF attacks by design. Hence a REST resource should probably only allow for anonymous for safe (GET/HEAD) HTTP methods, and only with extreme care should unsafe (POST/PATCH/DELETE) HTTP methods be allowed for a REST resource that allows anonymous access.
Hierarchy
- trait \Drupal\Tests\rest\Functional\AnonResourceTestTrait
108 files declare their use of AnonResourceTestTrait
- ActionJsonAnonTest.php in core/
modules/ system/ tests/ src/ Functional/ Rest/ ActionJsonAnonTest.php - ActionJsonAnonTest.php in core/
modules/ action/ tests/ src/ Functional/ Rest/ ActionJsonAnonTest.php - ActionXmlAnonTest.php in core/
modules/ system/ tests/ src/ Functional/ Rest/ ActionXmlAnonTest.php - ActionXmlAnonTest.php in core/
modules/ action/ tests/ src/ Functional/ Rest/ ActionXmlAnonTest.php - BaseFieldOverrideJsonAnonTest.php in core/
tests/ Drupal/ FunctionalTests/ Rest/ BaseFieldOverrideJsonAnonTest.php
File
-
core/
modules/ rest/ tests/ src/ Functional/ AnonResourceTestTrait.php, line 27
Namespace
Drupal\Tests\rest\FunctionalView source
trait AnonResourceTestTrait {
/**
* {@inheritdoc}
*/
protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
throw new \LogicException('When testing for anonymous users, authentication cannot be missing.');
}
/**
* {@inheritdoc}
*/
protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
}
}Members
| Title Sort descending | Modifiers | Object type | Summary |
|---|---|---|---|
| AnonResourceTestTrait::assertAuthenticationEdgeCases | protected | function | |
| AnonResourceTestTrait::assertResponseWhenMissingAuthentication | protected | function |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.