trait BasicAuthResourceTestTrait

Same name in other branches
  1. 8.9.x core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php \Drupal\Tests\rest\Functional\BasicAuthResourceTestTrait
  2. 10 core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php \Drupal\Tests\rest\Functional\BasicAuthResourceTestTrait
  3. 11.x core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php \Drupal\Tests\rest\Functional\BasicAuthResourceTestTrait

Trait for ResourceTestBase subclasses testing $auth=basic_auth.

Characteristics:

  • Every request must send an Authorization header.
  • When accessing a URI that requires authentication without being authenticated, a 401 response must be sent.
  • Because every request must send an authorization, there is no danger of CSRF attacks.

Hierarchy

154 files declare their use of BasicAuthResourceTestTrait
ActionHalJsonBasicAuthTest.php in core/modules/hal/tests/src/Functional/system/ActionHalJsonBasicAuthTest.php
ActionJsonBasicAuthTest.php in core/modules/system/tests/src/Functional/Rest/ActionJsonBasicAuthTest.php
ActionXmlBasicAuthTest.php in core/modules/system/tests/src/Functional/Rest/ActionXmlBasicAuthTest.php
BaseFieldOverrideHalJsonBasicAuthTest.php in core/modules/hal/tests/src/Functional/Core/BaseFieldOverrideHalJsonBasicAuthTest.php
BaseFieldOverrideJsonBasicAuthTest.php in core/tests/Drupal/FunctionalTests/Rest/BaseFieldOverrideJsonBasicAuthTest.php

... See full list

File

core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php, line 18

Namespace

Drupal\Tests\rest\Functional
View source
trait BasicAuthResourceTestTrait {
    
    /**
     * {@inheritdoc}
     */
    protected function getAuthenticationRequestOptions($method) {
        return [
            'headers' => [
                'Authorization' => 'Basic ' . base64_encode($this->account->name->value . ':' . $this->account->passRaw),
            ],
        ];
    }
    
    /**
     * {@inheritdoc}
     */
    protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
        if ($method !== 'GET') {
            return $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response);
        }
        $expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE;
        $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
            ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE))
            ->addCacheableDependency($this->config('system.site'))
            ->addCacheTags([
            'config:user.role.anonymous',
        ]);
        // Only add the 'user.roles:anonymous' cache context if its parent cache
        // context is not already present.
        if (!in_array('user.roles', $expected_cacheability->getCacheContexts(), TRUE)) {
            $expected_cacheability->addCacheContexts([
                'user.roles:anonymous',
            ]);
        }
        $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), $expected_page_cache_header_value, FALSE);
    }
    
    /**
     * {@inheritdoc}
     */
    protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
    }

}

Members


Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.