function CookieResourceTestTrait::assertResponseWhenMissingAuthentication

File

core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php, line 96

Class

CookieResourceTestTrait

Trait for ResourceTestBase subclasses testing $auth=cookie.

Namespace

Code

protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
    // Requests needing cookie authentication but missing it results in a 403
    // response. The cookie authentication mechanism sets no response message.
    // Hence, effectively, this is just the 403 response that one gets as the
    // anonymous user trying to access a certain REST resource.
    // @see \Drupal\user\Authentication\Provider\Cookie
    // @todo https://www.drupal.org/node/2847623
    if ($method === 'GET') {
        $expected_cookie_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
            ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
        // - \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber applies
        //   to cacheable anonymous responses: it updates their cacheability.
        // - A 403 response to a GET request is cacheable.
        // Therefore we must update our cacheability expectations accordingly.
        if (in_array('user.permissions', $expected_cookie_403_cacheability->getCacheContexts(), TRUE)) {
            $expected_cookie_403_cacheability->addCacheTags([
                'config:user.role.anonymous',
            ]);
        }
        $this->assertResourceErrorResponse(403, FALSE, $response, $expected_cookie_403_cacheability->getCacheTags(), $expected_cookie_403_cacheability->getCacheContexts(), 'MISS', FALSE);
    }
    else {
        $this->assertResourceErrorResponse(403, FALSE, $response);
    }
}