class EntityResourceTestBase

Same name in other branches
  1. 9 core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php \Drupal\Tests\rest\Functional\EntityResource\EntityResourceTestBase
  2. 10 core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php \Drupal\Tests\rest\Functional\EntityResource\EntityResourceTestBase
  3. 11.x core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php \Drupal\Tests\rest\Functional\EntityResource\EntityResourceTestBase

Even though there is the generic EntityResource, it's necessary for every entity type to have its own test, because they each have different fields, validation constraints, et cetera. It's not because the generic case works, that every case works.

Furthermore, it's necessary to test every format separately, because there can be entity type-specific normalization or serialization problems.

Subclass this for every entity type. Also respect instructions in \Drupal\rest\Tests\ResourceTestBase.

For example, for the node test coverage, there is the (abstract) \Drupal\Tests\rest\Functional\EntityResource\Node\NodeResourceTestBase, which is then again subclassed for every authentication provider:

  • \Drupal\Tests\rest\Functional\EntityResource\Node\NodeJsonAnonTest
  • \Drupal\Tests\rest\Functional\EntityResource\Node\NodeJsonBasicAuthTest
  • \Drupal\Tests\rest\Functional\EntityResource\Node\NodeJsonCookieTest

But the HAL module also adds a new format ('hal_json'), so that format also needs test coverage (for its own peculiarities in normalization & encoding):

  • \Drupal\Tests\hal\Functional\EntityResource\Node\NodeHalJsonAnonTest
  • \Drupal\Tests\hal\Functional\EntityResource\Node\NodeHalJsonBasicAuthTest
  • \Drupal\Tests\hal\Functional\EntityResource\Node\NodeHalJsonCookieTest

In other words: for every entity type there should be: 1. an abstract subclass that includes the entity type-specific authorization (permissions or perhaps custom access control handling, such as node grants), plus 2. a concrete subclass extending the abstract entity type-specific subclass that specifies the exact

$format;

,

$mimeType;

and

$auth;

for this concrete test. Usually that's all that's necessary: most concrete subclasses will be very thin.

For every of these concrete subclasses, a comprehensive test scenario will run per HTTP method:

  • ::testGet()
  • ::testPost()
  • ::testPatch()
  • ::testDelete()

If there is an entity type-specific edge case scenario to test, then add that to the entity type-specific abstract subclass. Example: \Drupal\Tests\rest\Functional\EntityResource\Comment\CommentResourceTestBase::testPostDxWithoutCriticalBaseFields

If there is an entity type-specific format-specific edge case to test, then add that to a concrete subclass. Example: \Drupal\Tests\hal\Functional\EntityResource\Comment\CommentHalJsonTestBase::$patchProtectedFieldNames

Hierarchy

Expanded class hierarchy of EntityResourceTestBase

50 files declare their use of EntityResourceTestBase
ActionResourceTestBase.php in core/modules/system/tests/src/Functional/Rest/ActionResourceTestBase.php
BaseFieldOverrideResourceTestBase.php in core/tests/Drupal/FunctionalTests/Rest/BaseFieldOverrideResourceTestBase.php
BlockContentResourceTestBase.php in core/modules/block_content/tests/src/Functional/Rest/BlockContentResourceTestBase.php
BlockContentTypeResourceTestBase.php in core/modules/block_content/tests/src/Functional/Rest/BlockContentTypeResourceTestBase.php
BlockResourceTestBase.php in core/modules/block/tests/src/Functional/Rest/BlockResourceTestBase.php

... See full list

File

core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php, line 74

Namespace

Drupal\Tests\rest\Functional\EntityResource
View source
abstract class EntityResourceTestBase extends ResourceTestBase {
    
    /**
     * The tested entity type.
     *
     * @var string
     */
    protected static $entityTypeId = NULL;
    
    /**
     * The fields that are protected against modification during PATCH requests.
     *
     * Keys are field names, values are expected access denied reasons.
     *
     * @var string[]
     */
    protected static $patchProtectedFieldNames;
    
    /**
     * The fields that need a different (random) value for each new entity created
     * by a POST request.
     *
     * @var string[]
     */
    protected static $uniqueFieldNames = [];
    
    /**
     * Optionally specify which field is the 'label' field. Some entities specify
     * a 'label_callback', but not a 'label' entity key. For example: User.
     *
     * @see ::getInvalidNormalizedEntityToCreate
     *
     * @var string|null
     */
    protected static $labelFieldName = NULL;
    
    /**
     * The entity ID for the first created entity in testPost().
     *
     * The default value of 2 should work for most content entities.
     *
     * @see ::testPost()
     *
     * @var string|int
     */
    protected static $firstCreatedEntityId = 2;
    
    /**
     * The entity ID for the second created entity in testPost().
     *
     * The default value of 3 should work for most content entities.
     *
     * @see ::testPost()
     *
     * @var string|int
     */
    protected static $secondCreatedEntityId = 3;
    
    /**
     * The main entity used for testing.
     *
     * @var \Drupal\Core\Entity\EntityInterface
     */
    protected $entity;
    
    /**
     * Another entity of the same type used for testing.
     *
     * @var \Drupal\Core\Entity\EntityInterface
     */
    protected $anotherEntity;
    
    /**
     * The entity storage.
     *
     * @var \Drupal\Core\Entity\EntityStorageInterface
     */
    protected $entityStorage;
    
    /**
     * Modules to install.
     *
     * @var array
     */
    public static $modules = [
        'rest_test',
        'text',
    ];
    
    /**
     * Provides an entity resource.
     *
     * @param bool $single_format
     *   Provisions a single-format entity REST resource. Defaults to FALSE.
     */
    protected function provisionEntityResource($single_format = FALSE) {
        if ($existing = $this->resourceConfigStorage
            ->load(static::$resourceConfigId)) {
            $existing->delete();
        }
        $format = $single_format ? [
            static::$format,
        ] : [
            static::$format,
            'foobar',
        ];
        // It's possible to not have any authentication providers enabled, when
        // testing public (anonymous) usage of a REST resource.
        $auth = isset(static::$auth) ? [
            static::$auth,
        ] : [];
        $this->provisionResource($format, $auth);
    }
    
    /**
     * {@inheritdoc}
     */
    public function setUp() {
        parent::setUp();
        // Calculate REST Resource config entity ID.
        static::$resourceConfigId = 'entity.' . static::$entityTypeId;
        $this->entityStorage = $this->container
            ->get('entity_type.manager')
            ->getStorage(static::$entityTypeId);
        // Create an entity.
        $this->entity = $this->createEntity();
        if ($this->entity instanceof FieldableEntityInterface) {
            // Add access-protected field.
            FieldStorageConfig::create([
                'entity_type' => static::$entityTypeId,
                'field_name' => 'field_rest_test',
                'type' => 'text',
            ])->setCardinality(1)
                ->save();
            FieldConfig::create([
                'entity_type' => static::$entityTypeId,
                'field_name' => 'field_rest_test',
                'bundle' => $this->entity
                    ->bundle(),
            ])
                ->setLabel('Test field')
                ->setTranslatable(FALSE)
                ->save();
            // Add multi-value field.
            FieldStorageConfig::create([
                'entity_type' => static::$entityTypeId,
                'field_name' => 'field_rest_test_multivalue',
                'type' => 'string',
            ])->setCardinality(3)
                ->save();
            FieldConfig::create([
                'entity_type' => static::$entityTypeId,
                'field_name' => 'field_rest_test_multivalue',
                'bundle' => $this->entity
                    ->bundle(),
            ])
                ->setLabel('Test field: multi-value')
                ->setTranslatable(FALSE)
                ->save();
            // Reload entity so that it has the new field.
            $reloaded_entity = $this->entityStorage
                ->loadUnchanged($this->entity
                ->id());
            // Some entity types are not stored, hence they cannot be reloaded.
            if ($reloaded_entity !== NULL) {
                $this->entity = $reloaded_entity;
                // Set a default value on the fields.
                $this->entity
                    ->set('field_rest_test', [
                    'value' => 'All the faith they had had had had no effect on the outcome of their life.',
                ]);
                $this->entity
                    ->set('field_rest_test_multivalue', [
                    [
                        'value' => 'One',
                    ],
                    [
                        'value' => 'Two',
                    ],
                ]);
                $this->entity
                    ->set('rest_test_validation', [
                    'value' => 'allowed value',
                ]);
                $this->entity
                    ->save();
            }
        }
    }
    
    /**
     * Creates the entity to be tested.
     *
     * @return \Drupal\Core\Entity\EntityInterface
     *   The entity to be tested.
     */
    protected abstract function createEntity();
    
    /**
     * Creates another entity to be tested.
     *
     * @return \Drupal\Core\Entity\EntityInterface
     *   Another entity based on $this->entity.
     */
    protected function createAnotherEntity() {
        $entity = $this->entity
            ->createDuplicate();
        $label_key = $entity->getEntityType()
            ->getKey('label');
        if ($label_key) {
            $entity->set($label_key, $entity->label() . '_dupe');
        }
        $entity->save();
        return $entity;
    }
    
    /**
     * Returns the expected normalization of the entity.
     *
     * @see ::createEntity()
     *
     * @return array
     */
    protected abstract function getExpectedNormalizedEntity();
    
    /**
     * Returns the normalized POST entity.
     *
     * @see ::testPost
     *
     * @return array
     */
    protected abstract function getNormalizedPostEntity();
    
    /**
     * Returns the normalized PATCH entity.
     *
     * By default, reuses ::getNormalizedPostEntity(), which works fine for most
     * entity types. A counterexample: the 'comment' entity type.
     *
     * @see ::testPatch
     *
     * @return array
     */
    protected function getNormalizedPatchEntity() {
        return $this->getNormalizedPostEntity();
    }
    
    /**
     * Gets the second normalized POST entity.
     *
     * Entity types can have non-sequential IDs, and in that case the second
     * entity created for POST testing needs to be able to specify a different ID.
     *
     * @see ::testPost
     * @see ::getNormalizedPostEntity
     *
     * @return array
     *   An array structure as returned by ::getNormalizedPostEntity().
     */
    protected function getSecondNormalizedPostEntity() {
        // Return the values of the "parent" method by default.
        return $this->getNormalizedPostEntity();
    }
    
    /**
     * Gets the normalized POST entity with random values for its unique fields.
     *
     * @see ::testPost
     * @see ::getNormalizedPostEntity
     *
     * @return array
     *   An array structure as returned by ::getNormalizedPostEntity().
     */
    protected function getModifiedEntityForPostTesting() {
        $normalized_entity = $this->getNormalizedPostEntity();
        // Ensure that all the unique fields of the entity type get a new random
        // value.
        foreach (static::$uniqueFieldNames as $field_name) {
            $field_definition = $this->entity
                ->getFieldDefinition($field_name);
            $field_type_class = $field_definition->getItemDefinition()
                ->getClass();
            $normalized_entity[$field_name] = $field_type_class::generateSampleValue($field_definition);
        }
        return $normalized_entity;
    }
    
    /**
     * {@inheritdoc}
     */
    protected function getExpectedUnauthorizedAccessMessage($method) {
        if ($this->config('rest.settings')
            ->get('bc_entity_resource_permissions')) {
            return parent::getExpectedUnauthorizedAccessMessage($method);
        }
        $permission = $this->entity
            ->getEntityType()
            ->getAdminPermission();
        if ($permission !== FALSE) {
            return "The '{$permission}' permission is required.";
        }
        $http_method_to_entity_operation = [
            'GET' => 'view',
            'POST' => 'create',
            'PATCH' => 'update',
            'DELETE' => 'delete',
        ];
        $operation = $http_method_to_entity_operation[$method];
        $message = sprintf('You are not authorized to %s this %s entity', $operation, $this->entity
            ->getEntityTypeId());
        if ($this->entity
            ->bundle() !== $this->entity
            ->getEntityTypeId()) {
            $message .= ' of bundle ' . $this->entity
                ->bundle();
        }
        return "{$message}.";
    }
    
    /**
     * {@inheritdoc}
     */
    protected function getExpectedUnauthorizedAccessCacheability() {
        return (new CacheableMetadata())->setCacheTags(static::$auth ? [
            '4xx-response',
            'http_response',
        ] : [
            '4xx-response',
            'config:user.role.anonymous',
            'http_response',
        ])
            ->setCacheContexts([
            'user.permissions',
        ]);
    }
    
    /**
     * The cacheability of unauthorized 'view' entity access.
     *
     * @param bool $is_authenticated
     *   Whether the current request is authenticated or not. This matters for
     *   some entity access control handlers, but not for most.
     *
     * @return \Drupal\Core\Cache\CacheableMetadata
     *   The expected cacheability.
     */
    protected function getExpectedUnauthorizedEntityAccessCacheability($is_authenticated) {
        return new CacheableMetadata();
    }
    
    /**
     * The expected cache tags for the GET/HEAD response of the test entity.
     *
     * @see ::testGet
     *
     * @return string[]
     */
    protected function getExpectedCacheTags() {
        $expected_cache_tags = [
            'config:rest.resource.entity.' . static::$entityTypeId,
            // Necessary for 'bc_entity_resource_permissions'.
            // @see \Drupal\rest\Plugin\rest\resource\EntityResource::permissions()
'config:rest.settings',
        ];
        if (!static::$auth) {
            $expected_cache_tags[] = 'config:user.role.anonymous';
        }
        $expected_cache_tags[] = 'http_response';
        return Cache::mergeTags($expected_cache_tags, $this->entity
            ->getCacheTags());
    }
    
    /**
     * The expected cache contexts for the GET/HEAD response of the test entity.
     *
     * @see ::testGet
     *
     * @return string[]
     */
    protected function getExpectedCacheContexts() {
        return [
            'url.site',
            'user.permissions',
        ];
    }
    
    /**
     * Test a GET request for an entity, plus edge cases to ensure good DX.
     */
    public function testGet() {
        $this->initAuthentication();
        $has_canonical_url = $this->entity
            ->hasLinkTemplate('canonical');
        // The URL and Guzzle request options that will be used in this test. The
        // request options will be modified/expanded throughout this test:
        // - to first test all mistakes a developer might make, and assert that the
        //   error responses provide a good DX
        // - to eventually result in a well-formed request that succeeds.
        $url = $this->getEntityResourceUrl();
        $request_options = [];
        // DX: 404 when resource not provisioned, 403 if canonical route. HTML
        // response because missing ?_format query string.
        $response = $this->request('GET', $url, $request_options);
        $this->assertSame($has_canonical_url ? 403 : 404, $response->getStatusCode());
        $this->assertSame([
            'text/html; charset=UTF-8',
        ], $response->getHeader('Content-Type'));
        $url->setOption('query', [
            '_format' => static::$format,
        ]);
        // DX: 404 when resource not provisioned, 403 if canonical route. Non-HTML
        // response because ?_format query string is present.
        $response = $this->request('GET', $url, $request_options);
        if ($has_canonical_url) {
            $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
                ->addCacheTags([
                'config:user.role.anonymous',
            ]);
            $expected_cacheability->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
            $this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('GET'), $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), 'MISS', FALSE);
        }
        else {
            $this->assertResourceErrorResponse(404, 'No route found for "GET ' . str_replace($this->baseUrl, '', $this->getEntityResourceUrl()
                ->setAbsolute()
                ->toString()) . '"', $response);
        }
        $this->provisionEntityResource();
        // DX: forgetting authentication: authentication provider-specific error
        // response.
        if (static::$auth) {
            $response = $this->request('GET', $url, $request_options);
            $this->assertResponseWhenMissingAuthentication('GET', $response);
        }
        $request_options[RequestOptions::HEADERS]['REST-test-auth'] = '1';
        // DX: 403 when attempting to use unallowed authentication provider.
        $response = $this->request('GET', $url, $request_options);
        $this->assertResourceErrorResponse(403, 'The used authentication method is not allowed on this route.', $response);
        unset($request_options[RequestOptions::HEADERS]['REST-test-auth']);
        $request_options[RequestOptions::HEADERS]['REST-test-auth-global'] = '1';
        // DX: 403 when attempting to use unallowed global authentication provider.
        $response = $this->request('GET', $url, $request_options);
        $this->assertResourceErrorResponse(403, 'The used authentication method is not allowed on this route.', $response);
        unset($request_options[RequestOptions::HEADERS]['REST-test-auth-global']);
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions('GET'));
        // First: single format. Drupal will automatically pick the only format.
        $this->provisionEntityResource(TRUE);
        $expected_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
            ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(static::$auth !== FALSE));
        // DX: 403 because unauthorized single-format route, ?_format is omittable.
        $url->setOption('query', []);
        $response = $this->request('GET', $url, $request_options);
        if ($has_canonical_url) {
            $this->assertSame(403, $response->getStatusCode());
            $this->assertSame([
                'text/html; charset=UTF-8',
            ], $response->getHeader('Content-Type'));
        }
        else {
            $this->assertResourceErrorResponse(403, FALSE, $response, $expected_403_cacheability->getCacheTags(), $expected_403_cacheability->getCacheContexts(), static::$auth ? FALSE : 'MISS', FALSE);
        }
        $this->assertSame(static::$auth ? [] : [
            'MISS',
        ], $response->getHeader('X-Drupal-Cache'));
        // DX: 403 because unauthorized.
        $url->setOption('query', [
            '_format' => static::$format,
        ]);
        $response = $this->request('GET', $url, $request_options);
        $this->assertResourceErrorResponse(403, FALSE, $response, $expected_403_cacheability->getCacheTags(), $expected_403_cacheability->getCacheContexts(), static::$auth ? FALSE : 'MISS', FALSE);
        // Then, what we'll use for the remainder of the test: multiple formats.
        $this->provisionEntityResource();
        // DX: 406 because despite unauthorized, ?_format is not omittable.
        $url->setOption('query', []);
        $response = $this->request('GET', $url, $request_options);
        if ($has_canonical_url) {
            $this->assertSame(403, $response->getStatusCode());
            $this->assertSame([
                'HIT',
            ], $response->getHeader('X-Drupal-Dynamic-Cache'));
        }
        else {
            $this->assertSame(406, $response->getStatusCode());
            $this->assertSame([
                'UNCACHEABLE',
            ], $response->getHeader('X-Drupal-Dynamic-Cache'));
        }
        $this->assertSame([
            'text/html; charset=UTF-8',
        ], $response->getHeader('Content-Type'));
        $this->assertSame(static::$auth ? [] : [
            'MISS',
        ], $response->getHeader('X-Drupal-Cache'));
        // DX: 403 because unauthorized.
        $url->setOption('query', [
            '_format' => static::$format,
        ]);
        $response = $this->request('GET', $url, $request_options);
        $this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('GET'), $response, $expected_403_cacheability->getCacheTags(), $expected_403_cacheability->getCacheContexts(), static::$auth ? FALSE : 'MISS', FALSE);
        $this->assertArrayNotHasKey('Link', $response->getHeaders());
        $this->setUpAuthorization('GET');
        // 200 for well-formed HEAD request.
        $response = $this->request('HEAD', $url, $request_options);
        $is_cacheable_by_dynamic_page_cache = empty(array_intersect([
            'user',
            'session',
        ], $this->getExpectedCacheContexts()));
        $this->assertResourceResponse(200, '', $response, $this->getExpectedCacheTags(), $this->getExpectedCacheContexts(), static::$auth ? FALSE : 'MISS', $is_cacheable_by_dynamic_page_cache ? 'MISS' : 'UNCACHEABLE');
        $head_headers = $response->getHeaders();
        // 200 for well-formed GET request. Page Cache hit because of HEAD request.
        // Same for Dynamic Page Cache hit.
        $response = $this->request('GET', $url, $request_options);
        $this->assertResourceResponse(200, FALSE, $response, $this->getExpectedCacheTags(), $this->getExpectedCacheContexts(), static::$auth ? FALSE : 'HIT', $is_cacheable_by_dynamic_page_cache ? static::$auth ? 'HIT' : 'MISS' : 'UNCACHEABLE');
        // Assert that Dynamic Page Cache did not store a ResourceResponse object,
        // which needs serialization after every cache hit. Instead, it should
        // contain a flattened response. Otherwise performance suffers.
        // @see \Drupal\rest\EventSubscriber\ResourceResponseSubscriber::flattenResponse()
        $cache_items = $this->container
            ->get('database')
            ->select('cache_dynamic_page_cache', 'c')
            ->fields('c', [
            'cid',
            'data',
        ])
            ->condition('c.cid', '%[route]=rest.%', 'LIKE')
            ->execute()
            ->fetchAllAssoc('cid');
        if (!$is_cacheable_by_dynamic_page_cache) {
            $this->assertCount(0, $cache_items);
        }
        else {
            $this->assertCount(2, $cache_items);
            $found_cache_redirect = FALSE;
            $found_cached_200_response = FALSE;
            $other_cached_responses_are_4xx = TRUE;
            foreach ($cache_items as $cid => $cache_item) {
                $cached_data = unserialize($cache_item->data);
                if (!isset($cached_data['#cache_redirect'])) {
                    $cached_response = $cached_data['#response'];
                    if ($cached_response->getStatusCode() === 200) {
                        $found_cached_200_response = TRUE;
                    }
                    elseif (!$cached_response->isClientError()) {
                        $other_cached_responses_are_4xx = FALSE;
                    }
                    $this->assertNotInstanceOf(ResourceResponseInterface::class, $cached_response);
                    $this->assertInstanceOf(CacheableResponseInterface::class, $cached_response);
                }
                else {
                    $found_cache_redirect = TRUE;
                }
            }
            $this->assertTrue($found_cache_redirect);
            $this->assertTrue($found_cached_200_response);
            $this->assertTrue($other_cached_responses_are_4xx);
        }
        // Sort the serialization data first so we can do an identical comparison
        // for the keys with the array order the same (it needs to match with
        // identical comparison).
        $expected = $this->getExpectedNormalizedEntity();
        static::recursiveKSort($expected);
        $actual = $this->serializer
            ->decode((string) $response->getBody(), static::$format);
        static::recursiveKSort($actual);
        $this->assertSame($expected, $actual);
        // Not only assert the normalization, also assert deserialization of the
        // response results in the expected object.
        // Note: deserialization of the XML format is not supported, so only test
        // this for other formats.
        if (static::$format !== 'xml') {
            $unserialized = $this->serializer
                ->deserialize((string) $response->getBody(), get_class($this->entity), static::$format);
            $this->assertSame($unserialized->uuid(), $this->entity
                ->uuid());
        }
        // Finally, assert that the expected 'Link' headers are present.
        if ($this->entity
            ->getEntityType()
            ->getLinkTemplates()) {
            $this->assertArrayHasKey('Link', $response->getHeaders());
            $link_relation_type_manager = $this->container
                ->get('plugin.manager.link_relation_type');
            $expected_link_relation_headers = array_map(function ($relation_name) use ($link_relation_type_manager) {
                $link_relation_type = $link_relation_type_manager->createInstance($relation_name);
                return $link_relation_type->isRegistered() ? $link_relation_type->getRegisteredName() : $link_relation_type->getExtensionUri();
            }, array_keys($this->entity
                ->getEntityType()
                ->getLinkTemplates()));
            $parse_rel_from_link_header = function ($value) use ($link_relation_type_manager) {
                $matches = [];
                if (preg_match('/rel="([^"]+)"/', $value, $matches) === 1) {
                    return $matches[1];
                }
                return FALSE;
            };
            $this->assertSame($expected_link_relation_headers, array_map($parse_rel_from_link_header, $response->getHeader('Link')));
        }
        $get_headers = $response->getHeaders();
        // Verify that the GET and HEAD responses are the same. The only difference
        // is that there's no body. For this reason the 'Transfer-Encoding' and
        // 'Vary' headers are also added to the list of headers to ignore, as they
        // may be added to GET requests, depending on web server configuration. They
        // are usually 'Transfer-Encoding: chunked' and 'Vary: Accept-Encoding'.
        $ignored_headers = [
            'Date',
            'Content-Length',
            'X-Drupal-Cache',
            'X-Drupal-Dynamic-Cache',
            'Transfer-Encoding',
            'Vary',
        ];
        $header_cleaner = function ($headers) use ($ignored_headers) {
            foreach ($headers as $header => $value) {
                if (strpos($header, 'X-Drupal-Assertion-') === 0 || in_array($header, $ignored_headers)) {
                    unset($headers[$header]);
                }
            }
            return $headers;
        };
        $get_headers = $header_cleaner($get_headers);
        $head_headers = $header_cleaner($head_headers);
        $this->assertSame($get_headers, $head_headers);
        // BC: serialization_update_8302().
        // Only run this for fieldable entities. It doesn't make sense for config
        // entities as config values are already casted. They also run through the
        // ConfigEntityNormalizer, which doesn't deal with fields individually.
        // Also exclude entity_test_map_field — that has a "map" base field, which
        // only became normalizable since Drupal 8.6, so its normalization
        // containing non-stringified numbers or booleans does not break BC.
        if ($this->entity instanceof FieldableEntityInterface && static::$entityTypeId !== 'entity_test_map_field') {
            // Test primitive data casting BC (strings).
            $this->config('serialization.settings')
                ->set('bc_primitives_as_strings', TRUE)
                ->save(TRUE);
            // Rebuild the container so new config is reflected in the addition of the
            // PrimitiveDataNormalizer.
            $this->rebuildAll();
            $response = $this->request('GET', $url, $request_options);
            $this->assertResourceResponse(200, FALSE, $response, $this->getExpectedCacheTags(), $this->getExpectedCacheContexts(), static::$auth ? FALSE : 'MISS', $is_cacheable_by_dynamic_page_cache ? 'MISS' : 'UNCACHEABLE');
            // Again do an identical comparison, but this time transform the expected
            // normalized entity's values to strings. This ensures the BC layer for
            // bc_primitives_as_strings works as expected.
            $expected = $this->getExpectedNormalizedEntity();
            // Config entities are not affected.
            // @see \Drupal\serialization\Normalizer\ConfigEntityNormalizer::normalize()
            $expected = static::castToString($expected);
            static::recursiveKSort($expected);
            $actual = $this->serializer
                ->decode((string) $response->getBody(), static::$format);
            static::recursiveKSort($actual);
            $this->assertSame($expected, $actual);
            // Reset the config value and rebuild.
            $this->config('serialization.settings')
                ->set('bc_primitives_as_strings', FALSE)
                ->save(TRUE);
            $this->rebuildAll();
        }
        // BC: serialization_update_8401().
        // Only run this for fieldable entities. It doesn't make sense for config
        // entities as config values always use the raw values (as per the config
        // schema), returned directly from the ConfigEntityNormalizer, which
        // doesn't deal with fields individually.
        if ($this->entity instanceof FieldableEntityInterface) {
            // Test the BC settings for timestamp values.
            $this->config('serialization.settings')
                ->set('bc_timestamp_normalizer_unix', TRUE)
                ->save(TRUE);
            // Rebuild the container so new config is reflected in the addition of the
            // TimestampItemNormalizer.
            $this->rebuildAll();
            $response = $this->request('GET', $url, $request_options);
            $this->assertResourceResponse(200, FALSE, $response, $this->getExpectedCacheTags(), $this->getExpectedCacheContexts(), static::$auth ? FALSE : 'MISS', $is_cacheable_by_dynamic_page_cache ? 'MISS' : 'UNCACHEABLE');
            // This ensures the BC layer for bc_timestamp_normalizer_unix works as
            // expected. This method should be using
            // ::formatExpectedTimestampValue() to generate the timestamp value. This
            // will take into account the above config setting.
            $expected = $this->getExpectedNormalizedEntity();
            // Config entities are not affected.
            // @see \Drupal\serialization\Normalizer\ConfigEntityNormalizer::normalize()
            static::recursiveKSort($expected);
            $actual = $this->serializer
                ->decode((string) $response->getBody(), static::$format);
            static::recursiveKSort($actual);
            $this->assertSame($expected, $actual);
            // Reset the config value and rebuild.
            $this->config('serialization.settings')
                ->set('bc_timestamp_normalizer_unix', FALSE)
                ->save(TRUE);
            $this->rebuildAll();
        }
        // BC: rest_update_8203().
        $this->config('rest.settings')
            ->set('bc_entity_resource_permissions', TRUE)
            ->save(TRUE);
        $this->refreshTestStateAfterRestConfigChange();
        // DX: 403 when unauthorized.
        $response = $this->request('GET', $url, $request_options);
        $expected_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
        // Permission checking now happens first, so it's the only cache context we
        // could possibly vary by.
        $expected_403_cacheability->setCacheContexts([
            'user.permissions',
        ]);
        // @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond()
        if (static::$auth === FALSE) {
            $expected_403_cacheability->addCacheTags([
                'config:user.role.anonymous',
            ]);
        }
        $this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('GET'), $response, $expected_403_cacheability->getCacheTags(), $expected_403_cacheability->getCacheContexts(), static::$auth ? FALSE : 'MISS', FALSE);
        $this->grantPermissionsToTestedRole([
            'restful get entity:' . static::$entityTypeId,
        ]);
        // 200 for well-formed request.
        $response = $this->request('GET', $url, $request_options);
        $expected_cache_tags = $this->getExpectedCacheTags();
        $expected_cache_contexts = $this->getExpectedCacheContexts();
        // @todo Fix BlockAccessControlHandler::mergeCacheabilityFromConditions() in
        //   https://www.drupal.org/node/2867881
        if (static::$entityTypeId === 'block') {
            $expected_cache_contexts = Cache::mergeContexts($expected_cache_contexts, [
                'user.permissions',
            ]);
        }
        // \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber applies to
        // cacheable anonymous responses: it updates their cacheability. Therefore
        // we must update our cacheability expectations for anonymous responses
        // accordingly.
        if (!static::$auth && in_array('user.permissions', $expected_cache_contexts, TRUE)) {
            $expected_cache_tags = Cache::mergeTags($expected_cache_tags, [
                'config:user.role.anonymous',
            ]);
        }
        $this->assertResourceResponse(200, FALSE, $response, $expected_cache_tags, $expected_cache_contexts, static::$auth ? FALSE : 'MISS', $is_cacheable_by_dynamic_page_cache ? 'MISS' : 'UNCACHEABLE');
        $this->resourceConfigStorage
            ->load(static::$resourceConfigId)
            ->disable()
            ->save();
        $this->refreshTestStateAfterRestConfigChange();
        // DX: upon disabling a resource, it's immediately no longer available.
        $this->assertResourceNotAvailable($url, $request_options);
        $this->resourceConfigStorage
            ->load(static::$resourceConfigId)
            ->enable()
            ->save();
        $this->refreshTestStateAfterRestConfigChange();
        // DX: upon re-enabling a resource, immediate 200.
        $response = $this->request('GET', $url, $request_options);
        $this->assertResourceResponse(200, FALSE, $response, $expected_cache_tags, $expected_cache_contexts, static::$auth ? FALSE : 'MISS', $is_cacheable_by_dynamic_page_cache ? 'MISS' : 'UNCACHEABLE');
        $this->resourceConfigStorage
            ->load(static::$resourceConfigId)
            ->delete();
        $this->refreshTestStateAfterRestConfigChange();
        // DX: upon deleting a resource, it's immediately no longer available.
        $this->assertResourceNotAvailable($url, $request_options);
        $this->provisionEntityResource();
        $url->setOption('query', [
            '_format' => 'non_existing_format',
        ]);
        // DX: 406 when requesting unsupported format.
        $response = $this->request('GET', $url, $request_options);
        $this->assert406Response($response);
        $this->assertSame([
            'text/plain; charset=UTF-8',
        ], $response->getHeader('Content-Type'));
        $request_options[RequestOptions::HEADERS]['Accept'] = static::$mimeType;
        // DX: 406 when requesting unsupported format but specifying Accept header:
        // should result in a text/plain response.
        $response = $this->request('GET', $url, $request_options);
        $this->assert406Response($response);
        $this->assertSame([
            'text/plain; charset=UTF-8',
        ], $response->getHeader('Content-Type'));
        $url = Url::fromRoute('rest.entity.' . static::$entityTypeId . '.GET');
        $url->setRouteParameter(static::$entityTypeId, 987654321);
        $url->setOption('query', [
            '_format' => static::$format,
        ]);
        // DX: 404 when GETting non-existing entity.
        $response = $this->request('GET', $url, $request_options);
        $path = str_replace('987654321', '{' . static::$entityTypeId . '}', $url->setAbsolute()
            ->setOptions([
            'base_url' => '',
            'query' => [],
        ])
            ->toString());
        $message = 'The "' . static::$entityTypeId . '" parameter was not converted for the path "' . $path . '" (route name: "rest.entity.' . static::$entityTypeId . '.GET")';
        $this->assertResourceErrorResponse(404, $message, $response);
    }
    
    /**
     * Transforms a normalization: casts all non-string types to strings.
     *
     * @param array $normalization
     *   A normalization to transform.
     *
     * @return array
     *   The transformed normalization.
     */
    protected static function castToString(array $normalization) {
        foreach ($normalization as $key => $value) {
            if (is_bool($value)) {
                $normalization[$key] = (string) (int) $value;
            }
            elseif (is_int($value) || is_float($value)) {
                $normalization[$key] = (string) $value;
            }
            elseif (is_array($value)) {
                $normalization[$key] = static::castToString($value);
            }
        }
        return $normalization;
    }
    
    /**
     * Tests a POST request for an entity, plus edge cases to ensure good DX.
     */
    public function testPost() {
        // @todo Remove this in https://www.drupal.org/node/2300677.
        if ($this->entity instanceof ConfigEntityInterface) {
            $this->assertTrue(TRUE, 'POSTing config entities is not yet supported.');
            return;
        }
        $this->initAuthentication();
        $has_canonical_url = $this->entity
            ->hasLinkTemplate('canonical');
        // Try with all of the following request bodies.
        $unparseable_request_body = '!{>}<';
        $parseable_valid_request_body = $this->serializer
            ->encode($this->getNormalizedPostEntity(), static::$format);
        $parseable_valid_request_body_2 = $this->serializer
            ->encode($this->getSecondNormalizedPostEntity(), static::$format);
        $parseable_invalid_request_body = $this->serializer
            ->encode($this->makeNormalizationInvalid($this->getNormalizedPostEntity(), 'label'), static::$format);
        $parseable_invalid_request_body_2 = $this->serializer
            ->encode($this->getNormalizedPostEntity() + [
            'uuid' => [
                $this->randomMachineName(129),
            ],
        ], static::$format);
        $parseable_invalid_request_body_3 = $this->serializer
            ->encode($this->getNormalizedPostEntity() + [
            'field_rest_test' => [
                [
                    'value' => $this->randomString(),
                ],
            ],
        ], static::$format);
        // The URL and Guzzle request options that will be used in this test. The
        // request options will be modified/expanded throughout this test:
        // - to first test all mistakes a developer might make, and assert that the
        //   error responses provide a good DX
        // - to eventually result in a well-formed request that succeeds.
        $url = $this->getEntityResourcePostUrl();
        $request_options = [];
        // DX: 404 when resource not provisioned. HTML response because missing
        // ?_format query string.
        $response = $this->request('POST', $url, $request_options);
        $this->assertSame(404, $response->getStatusCode());
        $this->assertSame([
            'text/html; charset=UTF-8',
        ], $response->getHeader('Content-Type'));
        $url->setOption('query', [
            '_format' => static::$format,
        ]);
        // DX: 404 when resource not provisioned.
        $response = $this->request('POST', $url, $request_options);
        $this->assertResourceErrorResponse(404, 'No route found for "POST ' . str_replace($this->baseUrl, '', $this->getEntityResourcePostUrl()
            ->setAbsolute()
            ->toString()) . '"', $response);
        $this->provisionEntityResource();
        // Simulate the developer again forgetting the ?_format query string.
        $url->setOption('query', []);
        // DX: 415 when no Content-Type request header. HTML response because
        // missing ?_format query string.
        $response = $this->request('POST', $url, $request_options);
        $this->assertSame(415, $response->getStatusCode());
        $this->assertSame([
            'text/html; charset=UTF-8',
        ], $response->getHeader('Content-Type'));
        $this->assertStringContainsString('A client error happened', (string) $response->getBody());
        $url->setOption('query', [
            '_format' => static::$format,
        ]);
        // DX: 415 when no Content-Type request header.
        $response = $this->request('POST', $url, $request_options);
        $this->assertResourceErrorResponse(415, 'No "Content-Type" request header specified', $response);
        $request_options[RequestOptions::HEADERS]['Content-Type'] = static::$mimeType;
        if (static::$auth) {
            // DX: forgetting authentication: authentication provider-specific error
            // response.
            $response = $this->request('POST', $url, $request_options);
            $this->assertResponseWhenMissingAuthentication('POST', $response);
        }
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions('POST'));
        // DX: 403 when unauthorized.
        $response = $this->request('POST', $url, $request_options);
        $this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('POST'), $response);
        $this->setUpAuthorization('POST');
        // DX: 400 when no request body.
        $response = $this->request('POST', $url, $request_options);
        $this->assertResourceErrorResponse(400, 'No entity content received.', $response);
        $request_options[RequestOptions::BODY] = $unparseable_request_body;
        // DX: 400 when unparseable request body.
        $response = $this->request('POST', $url, $request_options);
        $this->assertResourceErrorResponse(400, 'Syntax error', $response);
        $request_options[RequestOptions::BODY] = $parseable_invalid_request_body;
        // DX: 422 when invalid entity: multiple values sent for single-value field.
        $response = $this->request('POST', $url, $request_options);
        if ($label_field = $this->entity
            ->getEntityType()
            ->hasKey('label') ? $this->entity
            ->getEntityType()
            ->getKey('label') : static::$labelFieldName) {
            $label_field_capitalized = $this->entity
                ->getFieldDefinition($label_field)
                ->getLabel();
            $this->assertResourceErrorResponse(422, "Unprocessable Entity: validation failed.\n{$label_field}: {$label_field_capitalized}: this field cannot hold more than 1 values.\n", $response);
        }
        $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_2;
        // DX: 422 when invalid entity: UUID field too long.
        // @todo Fix this in https://www.drupal.org/node/2149851.
        if ($this->entity
            ->getEntityType()
            ->hasKey('uuid')) {
            $response = $this->request('POST', $url, $request_options);
            $this->assertResourceErrorResponse(422, "Unprocessable Entity: validation failed.\nuuid.0.value: UUID: may not be longer than 128 characters.\n", $response);
        }
        $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_3;
        // DX: 403 when entity contains field without 'edit' access.
        $response = $this->request('POST', $url, $request_options);
        $this->assertResourceErrorResponse(403, "Access denied on creating field 'field_rest_test'.", $response);
        $request_options[RequestOptions::BODY] = $parseable_valid_request_body;
        // Before sending a well-formed request, allow the normalization and
        // authentication provider edge cases to also be tested.
        $this->assertNormalizationEdgeCases('POST', $url, $request_options);
        $this->assertAuthenticationEdgeCases('POST', $url, $request_options);
        $request_options[RequestOptions::HEADERS]['Content-Type'] = 'text/xml';
        // DX: 415 when request body in existing but not allowed format.
        $response = $this->request('POST', $url, $request_options);
        $this->assertResourceErrorResponse(415, 'No route found that matches "Content-Type: text/xml"', $response);
        $request_options[RequestOptions::HEADERS]['Content-Type'] = static::$mimeType;
        // 201 for well-formed request.
        $response = $this->request('POST', $url, $request_options);
        $this->assertResourceResponse(201, FALSE, $response);
        if ($has_canonical_url) {
            $location = $this->entityStorage
                ->load(static::$firstCreatedEntityId)
                ->toUrl('canonical')
                ->setAbsolute(TRUE)
                ->toString();
            $this->assertSame([
                $location,
            ], $response->getHeader('Location'));
        }
        else {
            $this->assertSame([], $response->getHeader('Location'));
        }
        $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
        // If the entity is stored, perform extra checks.
        if (get_class($this->entityStorage) !== ContentEntityNullStorage::class) {
            // Assert that the entity was indeed created, and that the response body
            // contains the serialized created entity.
            $created_entity = $this->entityStorage
                ->loadUnchanged(static::$firstCreatedEntityId);
            $created_entity_normalization = $this->serializer
                ->normalize($created_entity, static::$format, [
                'account' => $this->account,
            ]);
            $this->assertSame($created_entity_normalization, $this->serializer
                ->decode((string) $response->getBody(), static::$format));
            $this->assertStoredEntityMatchesSentNormalization($this->getNormalizedPostEntity(), $created_entity);
        }
        $this->config('rest.settings')
            ->set('bc_entity_resource_permissions', TRUE)
            ->save(TRUE);
        $this->refreshTestStateAfterRestConfigChange();
        $request_options[RequestOptions::BODY] = $parseable_valid_request_body_2;
        // DX: 403 when unauthorized.
        $response = $this->request('POST', $url, $request_options);
        $this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('POST'), $response);
        $this->grantPermissionsToTestedRole([
            'restful post entity:' . static::$entityTypeId,
        ]);
        // 201 for well-formed request.
        // If the entity is stored, delete the first created entity (in case there
        // is a uniqueness constraint).
        if (get_class($this->entityStorage) !== ContentEntityNullStorage::class) {
            $this->entityStorage
                ->load(static::$firstCreatedEntityId)
                ->delete();
        }
        $response = $this->request('POST', $url, $request_options);
        $this->assertResourceResponse(201, FALSE, $response);
        $created_entity = $this->entityStorage
            ->load(static::$secondCreatedEntityId);
        if ($has_canonical_url) {
            $location = $created_entity->toUrl('canonical')
                ->setAbsolute(TRUE)
                ->toString();
            $this->assertSame([
                $location,
            ], $response->getHeader('Location'));
        }
        else {
            $this->assertSame([], $response->getHeader('Location'));
        }
        $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
        if ($this->entity
            ->getEntityType()
            ->getStorageClass() !== ContentEntityNullStorage::class && $this->entity
            ->getEntityType()
            ->hasKey('uuid')) {
            // 500 when creating an entity with a duplicate UUID.
            $normalized_entity = $this->getModifiedEntityForPostTesting();
            $normalized_entity[$created_entity->getEntityType()
                ->getKey('uuid')] = [
                [
                    'value' => $created_entity->uuid(),
                ],
            ];
            if ($label_field) {
                $normalized_entity[$label_field] = [
                    [
                        'value' => $this->randomMachineName(),
                    ],
                ];
            }
            $request_options[RequestOptions::BODY] = $this->serializer
                ->encode($normalized_entity, static::$format);
            $response = $this->request('POST', $url, $request_options);
            $this->assertSame(500, $response->getStatusCode());
            $this->assertStringContainsString('Internal Server Error', (string) $response->getBody());
            // 201 when successfully creating an entity with a new UUID.
            $normalized_entity = $this->getModifiedEntityForPostTesting();
            $new_uuid = \Drupal::service('uuid')->generate();
            $normalized_entity[$created_entity->getEntityType()
                ->getKey('uuid')] = [
                [
                    'value' => $new_uuid,
                ],
            ];
            if ($label_field) {
                $normalized_entity[$label_field] = [
                    [
                        'value' => $this->randomMachineName(),
                    ],
                ];
            }
            $request_options[RequestOptions::BODY] = $this->serializer
                ->encode($normalized_entity, static::$format);
            $response = $this->request('POST', $url, $request_options);
            $this->assertResourceResponse(201, FALSE, $response);
            $entities = $this->entityStorage
                ->loadByProperties([
                $created_entity->getEntityType()
                    ->getKey('uuid') => $new_uuid,
            ]);
            $new_entity = reset($entities);
            $this->assertNotNull($new_entity);
            $new_entity->delete();
        }
        // BC: old default POST URLs have their path updated by the inbound path
        // processor \Drupal\rest\PathProcessor\PathProcessorEntityResourceBC to the
        // new URL, which is derived from the 'create' link template if an entity
        // type specifies it.
        if ($this->entity
            ->getEntityType()
            ->hasLinkTemplate('create')) {
            $this->entityStorage
                ->load(static::$secondCreatedEntityId)
                ->delete();
            $old_url = Url::fromUri('base:entity/' . static::$entityTypeId);
            $old_url->setOption('query', [
                '_format' => static::$format,
            ]);
            $response = $this->request('POST', $old_url, $request_options);
            $this->assertResourceResponse(201, FALSE, $response);
        }
    }
    
    /**
     * Tests a PATCH request for an entity, plus edge cases to ensure good DX.
     */
    public function testPatch() {
        // @todo Remove this in https://www.drupal.org/node/2300677.
        if ($this->entity instanceof ConfigEntityInterface) {
            $this->assertTrue(TRUE, 'PATCHing config entities is not yet supported.');
            return;
        }
        // Patch testing requires that another entity of the same type exists.
        $this->anotherEntity = $this->createAnotherEntity();
        $this->initAuthentication();
        $has_canonical_url = $this->entity
            ->hasLinkTemplate('canonical');
        // Try with all of the following request bodies.
        $unparseable_request_body = '!{>}<';
        $parseable_valid_request_body = $this->serializer
            ->encode($this->getNormalizedPatchEntity(), static::$format);
        $parseable_valid_request_body_2 = $this->serializer
            ->encode($this->getNormalizedPatchEntity(), static::$format);
        $parseable_invalid_request_body = $this->serializer
            ->encode($this->makeNormalizationInvalid($this->getNormalizedPatchEntity(), 'label'), static::$format);
        $parseable_invalid_request_body_2 = $this->serializer
            ->encode($this->getNormalizedPatchEntity() + [
            'field_rest_test' => [
                [
                    'value' => $this->randomString(),
                ],
            ],
        ], static::$format);
        // The 'field_rest_test' field does not allow 'view' access, so does not end
        // up in the normalization. Even when we explicitly add it the normalization
        // that we send in the body of a PATCH request, it is considered invalid.
        $parseable_invalid_request_body_3 = $this->serializer
            ->encode($this->getNormalizedPatchEntity() + [
            'field_rest_test' => $this->entity
                ->get('field_rest_test')
                ->getValue(),
        ], static::$format);
        // The URL and Guzzle request options that will be used in this test. The
        // request options will be modified/expanded throughout this test:
        // - to first test all mistakes a developer might make, and assert that the
        //   error responses provide a good DX
        // - to eventually result in a well-formed request that succeeds.
        $url = $this->getEntityResourceUrl();
        $request_options = [];
        // DX: 404 when resource not provisioned, 405 if canonical route. Plain text
        // or HTML response because missing ?_format query string.
        $response = $this->request('PATCH', $url, $request_options);
        if ($has_canonical_url) {
            $this->assertSame(405, $response->getStatusCode());
            $this->assertSame([
                'GET, POST, HEAD',
            ], $response->getHeader('Allow'));
            $this->assertSame([
                'text/html; charset=UTF-8',
            ], $response->getHeader('Content-Type'));
            $this->assertStringContainsString('A client error happened', (string) $response->getBody());
        }
        else {
            $this->assertSame(404, $response->getStatusCode());
            $this->assertSame([
                'text/html; charset=UTF-8',
            ], $response->getHeader('Content-Type'));
        }
        $url->setOption('query', [
            '_format' => static::$format,
        ]);
        // DX: 404 when resource not provisioned, 405 if canonical route.
        $response = $this->request('PATCH', $url, $request_options);
        if ($has_canonical_url) {
            $this->assertResourceErrorResponse(405, 'No route found for "PATCH ' . str_replace($this->baseUrl, '', $this->getEntityResourceUrl()
                ->setAbsolute()
                ->toString()) . '": Method Not Allowed (Allow: GET, POST, HEAD)', $response);
        }
        else {
            $this->assertResourceErrorResponse(404, 'No route found for "PATCH ' . str_replace($this->baseUrl, '', $this->getEntityResourceUrl()
                ->setAbsolute()
                ->toString()) . '"', $response);
        }
        $this->provisionEntityResource();
        // Simulate the developer again forgetting the ?_format query string.
        $url->setOption('query', []);
        // DX: 415 when no Content-Type request header.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertSame(415, $response->getStatusCode());
        $this->assertSame([
            'text/html; charset=UTF-8',
        ], $response->getHeader('Content-Type'));
        $this->assertStringContainsString('A client error happened', (string) $response->getBody());
        $url->setOption('query', [
            '_format' => static::$format,
        ]);
        // DX: 415 when no Content-Type request header.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(415, 'No "Content-Type" request header specified', $response);
        $request_options[RequestOptions::HEADERS]['Content-Type'] = static::$mimeType;
        if (static::$auth) {
            // DX: forgetting authentication: authentication provider-specific error
            // response.
            $response = $this->request('PATCH', $url, $request_options);
            $this->assertResponseWhenMissingAuthentication('PATCH', $response);
        }
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions('PATCH'));
        // DX: 403 when unauthorized.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('PATCH'), $response);
        $this->setUpAuthorization('PATCH');
        // DX: 400 when no request body.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(400, 'No entity content received.', $response);
        $request_options[RequestOptions::BODY] = $unparseable_request_body;
        // DX: 400 when unparseable request body.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(400, 'Syntax error', $response);
        $request_options[RequestOptions::BODY] = $parseable_invalid_request_body;
        // DX: 422 when invalid entity: multiple values sent for single-value field.
        $response = $this->request('PATCH', $url, $request_options);
        if ($label_field = $this->entity
            ->getEntityType()
            ->hasKey('label') ? $this->entity
            ->getEntityType()
            ->getKey('label') : static::$labelFieldName) {
            $label_field_capitalized = $this->entity
                ->getFieldDefinition($label_field)
                ->getLabel();
            $this->assertResourceErrorResponse(422, "Unprocessable Entity: validation failed.\n{$label_field}: {$label_field_capitalized}: this field cannot hold more than 1 values.\n", $response);
        }
        $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_2;
        // DX: 403 when entity contains field without 'edit' access.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(403, "Access denied on updating field 'field_rest_test'.", $response);
        // DX: 403 when entity trying to update an entity's ID field.
        $request_options[RequestOptions::BODY] = $this->serializer
            ->encode($this->makeNormalizationInvalid($this->getNormalizedPatchEntity(), 'id'), static::$format);
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(403, "Access denied on updating field '{$this->entity->getEntityType()->getKey('id')}'. The entity ID cannot be changed.", $response);
        if ($this->entity
            ->getEntityType()
            ->hasKey('uuid')) {
            // DX: 403 when entity trying to update an entity's UUID field.
            $request_options[RequestOptions::BODY] = $this->serializer
                ->encode($this->makeNormalizationInvalid($this->getNormalizedPatchEntity(), 'uuid'), static::$format);
            $response = $this->request('PATCH', $url, $request_options);
            $this->assertResourceErrorResponse(403, "Access denied on updating field '{$this->entity->getEntityType()->getKey('uuid')}'. The entity UUID cannot be changed.", $response);
        }
        $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_3;
        // DX: 403 when entity contains field without 'edit' nor 'view' access, even
        // when the value for that field matches the current value. This is allowed
        // in principle, but leads to information disclosure.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(403, "Access denied on updating field 'field_rest_test'.", $response);
        // DX: 403 when sending PATCH request with updated read-only fields.
        $this->assertPatchProtectedFieldNamesStructure();
        list($modified_entity, $original_values) = static::getModifiedEntityForPatchTesting($this->entity);
        // Send PATCH request by serializing the modified entity, assert the error
        // response, change the modified entity field that caused the error response
        // back to its original value, repeat.
        foreach (static::$patchProtectedFieldNames as $patch_protected_field_name => $reason) {
            $request_options[RequestOptions::BODY] = $this->serializer
                ->serialize($modified_entity, static::$format);
            $response = $this->request('PATCH', $url, $request_options);
            $this->assertResourceErrorResponse(403, "Access denied on updating field '" . $patch_protected_field_name . "'." . ($reason !== NULL ? ' ' . $reason : ''), $response);
            $modified_entity->get($patch_protected_field_name)
                ->setValue($original_values[$patch_protected_field_name]);
        }
        if ($this->entity instanceof FieldableEntityInterface) {
            // Change the rest_test_validation field to prove that then its validation
            // does run.
            $override = [
                'rest_test_validation' => [
                    [
                        'value' => 'ALWAYS_FAIL',
                    ],
                ],
            ];
            $valid_request_body = $override + $this->getNormalizedPatchEntity() + $this->serializer
                ->normalize($modified_entity, static::$format);
            $request_options[RequestOptions::BODY] = $this->serializer
                ->serialize($valid_request_body, static::$format);
            $response = $this->request('PATCH', $url, $request_options);
            $this->assertResourceErrorResponse(422, "Unprocessable Entity: validation failed.\nrest_test_validation: REST test validation failed\n", $response);
            // Set the rest_test_validation field to always fail validation, which
            // allows asserting that not modifying that field does not trigger
            // validation errors.
            $this->entity
                ->set('rest_test_validation', 'ALWAYS_FAIL');
            $this->entity
                ->save();
            // Information disclosure prevented: when a malicious user correctly
            // guesses the current invalid value of a field, ensure a 200 is not sent
            // because this would disclose to the attacker what the current value is.
            // @see rest_test_entity_field_access()
            $response = $this->request('PATCH', $url, $request_options);
            $this->assertResourceErrorResponse(422, "Unprocessable Entity: validation failed.\nrest_test_validation: REST test validation failed\n", $response);
            // All requests after the above one will not include this field (neither
            // its current value nor any other), and therefore all subsequent test
            // assertions should not trigger a validation error.
        }
        // 200 for well-formed PATCH request that sends all fields (even including
        // read-only ones, but with unchanged values).
        $valid_request_body = $this->getNormalizedPatchEntity() + $this->serializer
            ->normalize($this->entity, static::$format);
        $request_options[RequestOptions::BODY] = $this->serializer
            ->serialize($valid_request_body, static::$format);
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceResponse(200, FALSE, $response);
        $request_options[RequestOptions::BODY] = $parseable_valid_request_body;
        // Before sending a well-formed request, allow the normalization and
        // authentication provider edge cases to also be tested.
        $this->assertNormalizationEdgeCases('PATCH', $url, $request_options);
        $this->assertAuthenticationEdgeCases('PATCH', $url, $request_options);
        $request_options[RequestOptions::HEADERS]['Content-Type'] = 'text/xml';
        // DX: 415 when request body in existing but not allowed format.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(415, 'No route found that matches "Content-Type: text/xml"', $response);
        $request_options[RequestOptions::HEADERS]['Content-Type'] = static::$mimeType;
        // 200 for well-formed request.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceResponse(200, FALSE, $response);
        $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
        // Assert that the entity was indeed updated, and that the response body
        // contains the serialized updated entity.
        $updated_entity = $this->entityStorage
            ->loadUnchanged($this->entity
            ->id());
        $updated_entity_normalization = $this->serializer
            ->normalize($updated_entity, static::$format, [
            'account' => $this->account,
        ]);
        $this->assertSame($updated_entity_normalization, $this->serializer
            ->decode((string) $response->getBody(), static::$format));
        $this->assertStoredEntityMatchesSentNormalization($this->getNormalizedPatchEntity(), $updated_entity);
        // Ensure that fields do not get deleted if they're not present in the PATCH
        // request. Test this using the configurable field that we added, but which
        // is not sent in the PATCH request.
        $this->assertSame('All the faith they had had had had no effect on the outcome of their life.', $updated_entity->get('field_rest_test')->value);
        // Multi-value field: remove item 0. Then item 1 becomes item 0.
        $normalization_multi_value_tests = $this->getNormalizedPatchEntity();
        $normalization_multi_value_tests['field_rest_test_multivalue'] = $this->entity
            ->get('field_rest_test_multivalue')
            ->getValue();
        $normalization_remove_item = $normalization_multi_value_tests;
        unset($normalization_remove_item['field_rest_test_multivalue'][0]);
        $request_options[RequestOptions::BODY] = $this->serializer
            ->encode($normalization_remove_item, static::$format);
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceResponse(200, FALSE, $response);
        $this->assertSame([
            0 => [
                'value' => 'Two',
            ],
        ], $this->entityStorage
            ->loadUnchanged($this->entity
            ->id())
            ->get('field_rest_test_multivalue')
            ->getValue());
        // Multi-value field: add one item before the existing one, and one after.
        $normalization_add_items = $normalization_multi_value_tests;
        $normalization_add_items['field_rest_test_multivalue'][2] = [
            'value' => 'Three',
        ];
        $request_options[RequestOptions::BODY] = $this->serializer
            ->encode($normalization_add_items, static::$format);
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceResponse(200, FALSE, $response);
        $this->assertSame([
            0 => [
                'value' => 'One',
            ],
            1 => [
                'value' => 'Two',
            ],
            2 => [
                'value' => 'Three',
            ],
        ], $this->entityStorage
            ->loadUnchanged($this->entity
            ->id())
            ->get('field_rest_test_multivalue')
            ->getValue());
        // BC: rest_update_8203().
        $this->config('rest.settings')
            ->set('bc_entity_resource_permissions', TRUE)
            ->save(TRUE);
        $this->refreshTestStateAfterRestConfigChange();
        $request_options[RequestOptions::BODY] = $parseable_valid_request_body_2;
        // DX: 403 when unauthorized.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('PATCH'), $response);
        $this->grantPermissionsToTestedRole([
            'restful patch entity:' . static::$entityTypeId,
        ]);
        // 200 for well-formed request.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceResponse(200, FALSE, $response);
        $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
    }
    
    /**
     * Tests a DELETE request for an entity, plus edge cases to ensure good DX.
     */
    public function testDelete() {
        // @todo Remove this in https://www.drupal.org/node/2300677.
        if ($this->entity instanceof ConfigEntityInterface) {
            $this->assertTrue(TRUE, 'DELETEing config entities is not yet supported.');
            return;
        }
        $this->initAuthentication();
        $has_canonical_url = $this->entity
            ->hasLinkTemplate('canonical');
        // The URL and Guzzle request options that will be used in this test. The
        // request options will be modified/expanded throughout this test:
        // - to first test all mistakes a developer might make, and assert that the
        //   error responses provide a good DX
        // - to eventually result in a well-formed request that succeeds.
        $url = $this->getEntityResourceUrl();
        $request_options = [];
        // DX: 404 when resource not provisioned, but 405 if canonical route. Plain
        // text  or HTML response because missing ?_format query string.
        $response = $this->request('DELETE', $url, $request_options);
        if ($has_canonical_url) {
            $this->assertSame(405, $response->getStatusCode());
            $this->assertSame([
                'GET, POST, HEAD',
            ], $response->getHeader('Allow'));
            $this->assertSame([
                'text/html; charset=UTF-8',
            ], $response->getHeader('Content-Type'));
            $this->assertStringContainsString('A client error happened', (string) $response->getBody());
        }
        else {
            $this->assertSame(404, $response->getStatusCode());
            $this->assertSame([
                'text/html; charset=UTF-8',
            ], $response->getHeader('Content-Type'));
        }
        $url->setOption('query', [
            '_format' => static::$format,
        ]);
        // DX: 404 when resource not provisioned, 405 if canonical route.
        $response = $this->request('DELETE', $url, $request_options);
        if ($has_canonical_url) {
            $this->assertSame([
                'GET, POST, HEAD',
            ], $response->getHeader('Allow'));
            $this->assertResourceErrorResponse(405, 'No route found for "DELETE ' . str_replace($this->baseUrl, '', $this->getEntityResourceUrl()
                ->setAbsolute()
                ->toString()) . '": Method Not Allowed (Allow: GET, POST, HEAD)', $response);
        }
        else {
            $this->assertResourceErrorResponse(404, 'No route found for "DELETE ' . str_replace($this->baseUrl, '', $this->getEntityResourceUrl()
                ->setAbsolute()
                ->toString()) . '"', $response);
        }
        $this->provisionEntityResource();
        if (static::$auth) {
            // DX: forgetting authentication: authentication provider-specific error
            // response.
            $response = $this->request('DELETE', $url, $request_options);
            $this->assertResponseWhenMissingAuthentication('DELETE', $response);
        }
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions('PATCH'));
        // DX: 403 when unauthorized.
        $response = $this->request('DELETE', $url, $request_options);
        $this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('DELETE'), $response);
        $this->setUpAuthorization('DELETE');
        // Before sending a well-formed request, allow the authentication provider's
        // edge cases to also be tested.
        $this->assertAuthenticationEdgeCases('DELETE', $url, $request_options);
        // 204 for well-formed request.
        $response = $this->request('DELETE', $url, $request_options);
        $this->assertResourceResponse(204, '', $response);
        $this->config('rest.settings')
            ->set('bc_entity_resource_permissions', TRUE)
            ->save(TRUE);
        $this->refreshTestStateAfterRestConfigChange();
        $this->entity = $this->createEntity();
        $url = $this->getEntityResourceUrl()
            ->setOption('query', $url->getOption('query'));
        // DX: 403 when unauthorized.
        $response = $this->request('DELETE', $url, $request_options);
        $this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('DELETE'), $response);
        $this->grantPermissionsToTestedRole([
            'restful delete entity:' . static::$entityTypeId,
        ]);
        // 204 for well-formed request.
        $response = $this->request('DELETE', $url, $request_options);
        $this->assertResourceResponse(204, '', $response);
    }
    
    /**
     * {@inheritdoc}
     */
    protected function assertNormalizationEdgeCases($method, Url $url, array $request_options) {
        // \Drupal\serialization\Normalizer\EntityNormalizer::denormalize(): entity
        // types with bundles MUST send their bundle field to be denormalizable.
        $entity_type = $this->entity
            ->getEntityType();
        if ($entity_type->hasKey('bundle')) {
            $bundle_field_name = $this->entity
                ->getEntityType()
                ->getKey('bundle');
            $normalization = $this->getNormalizedPostEntity();
            // The bundle type itself can be validated only if there's a bundle entity
            // type.
            if ($entity_type->getBundleEntityType()) {
                $normalization[$bundle_field_name] = 'bad_bundle_name';
                $request_options[RequestOptions::BODY] = $this->serializer
                    ->encode($normalization, static::$format);
                // DX: 422 when incorrect entity type bundle is specified.
                $response = $this->request($method, $url, $request_options);
                $this->assertResourceErrorResponse(422, '"bad_bundle_name" is not a valid bundle type for denormalization.', $response);
            }
            unset($normalization[$bundle_field_name]);
            $request_options[RequestOptions::BODY] = $this->serializer
                ->encode($normalization, static::$format);
            // DX: 422 when no entity type bundle is specified.
            $response = $this->request($method, $url, $request_options);
            $this->assertResourceErrorResponse(422, sprintf('Could not determine entity type bundle: "%s" field is missing.', $bundle_field_name), $response);
        }
    }
    
    /**
     * Asserts structure of $patchProtectedFieldNames.
     */
    protected function assertPatchProtectedFieldNamesStructure() {
        $is_null_or_string = function ($value) {
            return is_null($value) || is_string($value);
        };
        $keys_are_field_names = Inspector::assertAllStrings(array_keys(static::$patchProtectedFieldNames));
        $values_are_expected_access_denied_reasons = Inspector::assertAll($is_null_or_string, static::$patchProtectedFieldNames);
        $this->assertTrue($keys_are_field_names && $values_are_expected_access_denied_reasons, 'In Drupal 8.6, the structure of $patchProtectedFieldNames changed. It used to be an array with field names as values. Now those values are the keys, and their values should be either NULL or a string: a string containing the reason for why the field cannot be PATCHed, or NULL otherwise.');
    }
    
    /**
     * Gets an entity resource's GET/PATCH/DELETE URL.
     *
     * @return \Drupal\Core\Url
     *   The URL to GET/PATCH/DELETE.
     */
    protected function getEntityResourceUrl() {
        $has_canonical_url = $this->entity
            ->hasLinkTemplate('canonical');
        // Note that the 'canonical' link relation type must be specified explicitly
        // in the call to ::toUrl(). 'canonical' is the default for
        // \Drupal\Core\Entity\Entity::toUrl(), but ConfigEntityBase overrides this.
        return $has_canonical_url ? $this->entity
            ->toUrl('canonical') : Url::fromUri('base:entity/' . static::$entityTypeId . '/' . $this->entity
            ->id());
    }
    
    /**
     * Gets an entity resource's POST URL.
     *
     * @return \Drupal\Core\Url
     *   The URL to POST to.
     */
    protected function getEntityResourcePostUrl() {
        $has_create_url = $this->entity
            ->hasLinkTemplate('create');
        return $has_create_url ? Url::fromUri('internal:' . $this->entity
            ->getEntityType()
            ->getLinkTemplate('create')) : Url::fromUri('base:entity/' . static::$entityTypeId);
    }
    
    /**
     * Clones the given entity and modifies all PATCH-protected fields.
     *
     * @param \Drupal\Core\Entity\EntityInterface $entity
     *   The entity being tested and to modify.
     *
     * @return array
     *   Contains two items:
     *   1. The modified entity object.
     *   2. The original field values, keyed by field name.
     *
     * @internal
     */
    protected static function getModifiedEntityForPatchTesting(EntityInterface $entity) {
        $modified_entity = clone $entity;
        $original_values = [];
        foreach (array_keys(static::$patchProtectedFieldNames) as $field_name) {
            $field = $modified_entity->get($field_name);
            $original_values[$field_name] = $field->getValue();
            switch ($field->getItemDefinition()
                ->getClass()) {
                case EntityReferenceItem::class:
                    // EntityReferenceItem::generateSampleValue() picks one of the last 50
                    // entities of the supported type & bundle. We don't care if the value
                    // is valid, we only care that it's different.
                    $field->setValue([
                        'target_id' => 99999,
                    ]);
                    break;
                case BooleanItem::class:
                    // BooleanItem::generateSampleValue() picks either 0 or 1. So a 50%
                    // chance of not picking a different value.
                    $field->value = (int) $field->value === 1 ? '0' : '1';
                    break;
                case PathItem::class:
                    // PathItem::generateSampleValue() doesn't set a PID, which causes
                    // PathItem::postSave() to fail. Keep the PID (and other properties),
                    // just modify the alias.
                    $field->alias = str_replace(' ', '-', strtolower((new Random())->sentences(3)));
                    break;
                default:
                    $original_field = clone $field;
                    while ($field->equals($original_field)) {
                        $field->generateSampleItems();
                    }
                    break;
            }
        }
        return [
            $modified_entity,
            $original_values,
        ];
    }
    
    /**
     * Makes the given entity normalization invalid.
     *
     * @param array $normalization
     *   An entity normalization.
     * @param string $entity_key
     *   The entity key whose normalization to make invalid.
     *
     * @return array
     *   The updated entity normalization, now invalid.
     */
    protected function makeNormalizationInvalid(array $normalization, $entity_key) {
        $entity_type = $this->entity
            ->getEntityType();
        switch ($entity_key) {
            case 'label':
                // Add a second label to this entity to make it invalid.
                if ($label_field = $entity_type->hasKey('label') ? $entity_type->getKey('label') : static::$labelFieldName) {
                    $normalization[$label_field][1]['value'] = 'Second Title';
                }
                break;
            case 'id':
                $normalization[$entity_type->getKey('id')][0]['value'] = $this->anotherEntity
                    ->id();
                break;
            case 'uuid':
                $normalization[$entity_type->getKey('uuid')][0]['value'] = $this->anotherEntity
                    ->uuid();
                break;
        }
        return $normalization;
    }
    
    /**
     * Asserts a 406 response… or in some cases a 403 response, because weirdness.
     *
     * Asserting a 406 response should be easy, but it's not, due to bugs.
     *
     * Drupal returns a 403 response instead of a 406 response when:
     * - there is a canonical route, i.e. one that serves HTML
     * - unless the user is logged in with any non-global authentication provider,
     *   because then they tried to access a route that requires the user to be
     *   authenticated, but they used an authentication provider that is only
     *   accepted for specific routes, and HTML routes never have such specific
     *   authentication providers specified. (By default, only 'cookie' is a
     *   global authentication provider.)
     *
     * @todo Remove this in https://www.drupal.org/node/2805279.
     *
     * @param \Psr\Http\Message\ResponseInterface $response
     *   The response to assert.
     */
    protected function assert406Response(ResponseInterface $response) {
        if ($this->entity
            ->hasLinkTemplate('canonical') && ($this->account && static::$auth !== 'cookie')) {
            $this->assertSame(403, $response->getStatusCode());
        }
        else {
            // This is the desired response.
            $this->assertSame(406, $response->getStatusCode());
            $actual_link_header = $response->getHeader('Link');
            if ($actual_link_header) {
                $this->assertIsArray($actual_link_header);
                $expected_type = explode(';', static::$mimeType)[0];
                $this->assertStringContainsString('?_format=' . static::$format . '>; rel="alternate"; type="' . $expected_type . '"', $actual_link_header[0]);
                $this->assertStringContainsString('?_format=foobar>; rel="alternate"', $actual_link_header[0]);
            }
        }
    }
    
    /**
     * Asserts that a resource is unavailable: 404, 406 if it has canonical route.
     *
     * @param \Drupal\Core\Url $url
     *   URL to request.
     * @param array $request_options
     *   Request options to apply.
     */
    protected function assertResourceNotAvailable(Url $url, array $request_options) {
        $has_canonical_url = $this->entity
            ->hasLinkTemplate('canonical');
        $response = $this->request('GET', $url, $request_options);
        if (!$has_canonical_url) {
            $this->assertSame(404, $response->getStatusCode());
        }
        else {
            $this->assert406Response($response);
        }
    }
    
    /**
     * Asserts that the stored entity matches the sent normalization.
     *
     * @param array $sent_normalization
     *   An entity normalization.
     * @param \Drupal\Core\Entity\FieldableEntityInterface $modified_entity
     *   The entity object of the modified (PATCHed or POSTed) entity.
     */
    protected function assertStoredEntityMatchesSentNormalization(array $sent_normalization, FieldableEntityInterface $modified_entity) {
        foreach ($sent_normalization as $field_name => $field_normalization) {
            // Some top-level keys in the normalization may not be fields on the
            // entity (for example '_links' and '_embedded' in the HAL normalization).
            if ($modified_entity->hasField($field_name)) {
                $field_definition = $modified_entity->get($field_name)
                    ->getFieldDefinition();
                $property_definitions = $field_definition->getItemDefinition()
                    ->getPropertyDefinitions();
                $expected_stored_data = [];
                // Some fields don't have any property definitions, so there's nothing
                // to denormalize.
                if (empty($property_definitions)) {
                    $expected_stored_data = $field_normalization;
                }
                else {
                    // Denormalize every sent field item property to make it possible to
                    // compare against the stored value.
                    $denormalization_context = [
                        'field_definition' => $field_definition,
                    ];
                    foreach ($field_normalization as $delta => $expected_field_item_normalization) {
                        foreach ($property_definitions as $property_name => $property_definition) {
                            // Not every property is required to be sent.
                            if (!array_key_exists($property_name, $field_normalization[$delta])) {
                                continue;
                            }
                            // Computed properties are not stored.
                            if ($property_definition->isComputed()) {
                                continue;
                            }
                            $property_value = $field_normalization[$delta][$property_name];
                            $property_value_class = $property_definitions[$property_name]->getClass();
                            $expected_stored_data[$delta][$property_name] = $this->serializer
                                ->supportsDenormalization($property_value, $property_value_class, NULL, $denormalization_context) ? $this->serializer
                                ->denormalize($property_value, $property_value_class, NULL, $denormalization_context) : $property_value;
                        }
                    }
                    // Fields are stored in the database, when read they are represented
                    // as strings in PHP memory.
                    $expected_stored_data = static::castToString($expected_stored_data);
                }
                // Subset, not same, because we can e.g. send just the target_id for the
                // bundle in a PATCH or POST request; the response will include more
                // properties.
                $this->assertArraySubset($expected_stored_data, $modified_entity->get($field_name)
                    ->getValue(), TRUE);
            }
        }
    }

}

Members

Title Sort descending Deprecated Modifiers Object type Summary Member alias Overriden Title Overrides
AssertHelperTrait::castSafeStrings protected static function Casts MarkupInterface objects into strings.
AssertLegacyTrait::assert protected function
AssertLegacyTrait::assertCacheTag protected function Asserts whether an expected cache tag was present in the last response.
AssertLegacyTrait::assertElementNotPresent protected function Asserts that the element with the given CSS selector is not present.
AssertLegacyTrait::assertElementPresent protected function Asserts that the element with the given CSS selector is present.
AssertLegacyTrait::assertEqual protected function
AssertLegacyTrait::assertEscaped protected function Passes if the raw text IS found escaped on the loaded page, fail otherwise.
AssertLegacyTrait::assertField protected function Asserts that a field exists with the given name or ID.
AssertLegacyTrait::assertFieldById protected function Asserts that a field exists with the given ID and value.
AssertLegacyTrait::assertFieldByName protected function Asserts that a field exists with the given name and value.
AssertLegacyTrait::assertFieldByXPath protected function Asserts that a field exists in the current page by the given XPath.
AssertLegacyTrait::assertFieldChecked protected function Asserts that a checkbox field in the current page is checked.
AssertLegacyTrait::assertFieldsByValue protected function Asserts that a field exists in the current page with a given Xpath result.
AssertLegacyTrait::assertHeader protected function Checks that current response header equals value.
AssertLegacyTrait::assertIdentical protected function
AssertLegacyTrait::assertIdenticalObject protected function
AssertLegacyTrait::assertLink protected function Passes if a link with the specified label is found.
AssertLegacyTrait::assertLinkByHref protected function Passes if a link containing a given href (part) is found.
AssertLegacyTrait::assertNoCacheTag protected function Asserts whether an expected cache tag was absent in the last response.
AssertLegacyTrait::assertNoEscaped protected function Passes if the raw text is not found escaped on the loaded page.
AssertLegacyTrait::assertNoField protected function Asserts that a field does NOT exist with the given name or ID.
AssertLegacyTrait::assertNoFieldById protected function Asserts that a field does not exist with the given ID and value.
AssertLegacyTrait::assertNoFieldByName protected function Asserts that a field does not exist with the given name and value.
AssertLegacyTrait::assertNoFieldByXPath protected function Asserts that a field does not exist or its value does not match, by XPath.
AssertLegacyTrait::assertNoFieldChecked protected function Asserts that a checkbox field in the current page is not checked.
AssertLegacyTrait::assertNoLink protected function Passes if a link with the specified label is not found.
AssertLegacyTrait::assertNoLinkByHref protected function Passes if a link containing a given href (part) is not found.
AssertLegacyTrait::assertNoOption protected function Asserts that a select option does NOT exist in the current page.
AssertLegacyTrait::assertNoPattern protected function Triggers a pass if the Perl regex pattern is not found in the raw content.
AssertLegacyTrait::assertNoRaw protected function Passes if the raw text IS not found on the loaded page, fail otherwise. 1
AssertLegacyTrait::assertNotEqual protected function
AssertLegacyTrait::assertNoText protected function Passes if the page (with HTML stripped) does not contains the text. 1
AssertLegacyTrait::assertNotIdentical protected function
AssertLegacyTrait::assertNoUniqueText protected function Passes if the text is found MORE THAN ONCE on the text version of the page.
AssertLegacyTrait::assertOption protected function Asserts that a select option in the current page exists.
AssertLegacyTrait::assertOptionByText protected function Asserts that a select option with the visible text exists.
AssertLegacyTrait::assertOptionSelected protected function Asserts that a select option in the current page is checked.
AssertLegacyTrait::assertPattern protected function Triggers a pass if the Perl regex pattern is found in the raw content.
AssertLegacyTrait::assertRaw protected function Passes if the raw text IS found on the loaded page, fail otherwise. 1
AssertLegacyTrait::assertResponse protected function Asserts the page responds with the specified response code. 1
AssertLegacyTrait::assertText protected function Passes if the page (with HTML stripped) contains the text. 1
AssertLegacyTrait::assertTextHelper protected function Helper for assertText and assertNoText.
AssertLegacyTrait::assertTitle protected function Pass if the page title is the given string.
AssertLegacyTrait::assertUniqueText protected function Passes if the text is found ONLY ONCE on the text version of the page.
AssertLegacyTrait::assertUrl protected function Passes if the internal browser&#039;s URL matches the given path.
AssertLegacyTrait::buildXPathQuery protected function Builds an XPath query.
AssertLegacyTrait::constructFieldXpath protected function Helper: Constructs an XPath for the given set of attributes and value.
AssertLegacyTrait::getAllOptions protected function Get all option elements, including nested options, in a select.
AssertLegacyTrait::getRawContent protected function Gets the current raw content.
AssertLegacyTrait::pass protected function
AssertLegacyTrait::verbose protected function
BlockCreationTrait::placeBlock protected function Creates a block instance based on default settings. Aliased as: drupalPlaceBlock
BrowserHtmlDebugTrait::$htmlOutputBaseUrl protected property The Base URI to use for links to the output files.
BrowserHtmlDebugTrait::$htmlOutputClassName protected property Class name for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputCounter protected property Counter for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputCounterStorage protected property Counter storage for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputDirectory protected property Directory name for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputEnabled protected property HTML output output enabled.
BrowserHtmlDebugTrait::$htmlOutputFile protected property The file name to write the list of URLs to.
BrowserHtmlDebugTrait::$htmlOutputTestId protected property HTML output test ID.
BrowserHtmlDebugTrait::formatHtmlOutputHeaders protected function Formats HTTP headers as string for HTML output logging.
BrowserHtmlDebugTrait::getHtmlOutputHeaders protected function Returns headers in HTML output format. 1
BrowserHtmlDebugTrait::htmlOutput protected function Logs a HTML output message in a text file.
BrowserHtmlDebugTrait::initBrowserOutputFile protected function Creates the directory to store browser output.
BrowserTestBase::$baseUrl protected property The base URL.
BrowserTestBase::$configImporter protected property The config importer that can be used in a test.
BrowserTestBase::$customTranslations protected property An array of custom translations suitable for drupal_rewrite_settings().
BrowserTestBase::$databasePrefix protected property The database prefix of this test run.
BrowserTestBase::$defaultTheme protected property The theme to install as the default for testing. 1597
BrowserTestBase::$mink protected property Mink session manager.
BrowserTestBase::$minkDefaultDriverArgs protected property
BrowserTestBase::$minkDefaultDriverClass protected property 1
BrowserTestBase::$originalContainer protected property The original container.
BrowserTestBase::$originalShutdownCallbacks protected property The original array of shutdown function callbacks.
BrowserTestBase::$preserveGlobalState protected property
BrowserTestBase::$profile protected property The profile to install as a basis for testing. 39
BrowserTestBase::$root protected property The app root.
BrowserTestBase::$runTestInSeparateProcess protected property Browser tests are run in separate processes to prevent collisions between
code that may be loaded by tests.
BrowserTestBase::$timeLimit protected property Time limit in seconds for the test.
BrowserTestBase::$translationFilesDirectory protected property The translation file directory for the test environment.
BrowserTestBase::cleanupEnvironment protected function Clean up the Simpletest environment.
BrowserTestBase::config protected function Configuration accessor for tests. Returns non-overridden configuration.
BrowserTestBase::cssSelectToXpath protected function Translates a CSS expression to its XPath equivalent.
BrowserTestBase::drupalGetHeader protected function Gets the value of an HTTP response header.
BrowserTestBase::drupalGetHeaders Deprecated protected function Returns all response headers.
BrowserTestBase::filePreDeleteCallback public static function Ensures test files are deletable.
BrowserTestBase::getDefaultDriverInstance protected function Gets an instance of the default Mink driver.
BrowserTestBase::getDrupalSettings protected function Gets the JavaScript drupalSettings variable for the currently-loaded page. 1
BrowserTestBase::getHttpClient protected function Obtain the HTTP client for the system under test.
BrowserTestBase::getMinkDriverArgs protected function Get the Mink driver args from an environment variable, if it is set. Can
be overridden in a derived class so it is possible to use a different
value for a subset of tests, e.g. the JavaScript tests.
1
BrowserTestBase::getOptions protected function Helper function to get the options of select field.
BrowserTestBase::getResponseLogHandler protected function Provides a Guzzle middleware handler to log every response received. Overrides BrowserHtmlDebugTrait::getResponseLogHandler
BrowserTestBase::getSession public function Returns Mink session.
BrowserTestBase::getSessionCookies protected function Get session cookies from current session.
BrowserTestBase::getTestMethodCaller protected function Retrieves the current calling line in the class under test. Overrides BrowserHtmlDebugTrait::getTestMethodCaller
BrowserTestBase::initFrontPage protected function Visits the front page when initializing Mink. 3
BrowserTestBase::initMink protected function Initializes Mink sessions. 1
BrowserTestBase::installDrupal public function Installs Drupal into the Simpletest site. 1
BrowserTestBase::registerSessions protected function Registers additional Mink sessions.
BrowserTestBase::tearDown protected function 3
BrowserTestBase::translatePostValues protected function Transforms a nested array into a flat array suitable for drupalPostForm().
BrowserTestBase::xpath protected function Performs an xpath search on the contents of the internal browser.
BrowserTestBase::__construct public function 1
BrowserTestBase::__sleep public function Prevents serializing any properties.
ConfigTestTrait::configImporter protected function Returns a ConfigImporter object to import test configuration.
ConfigTestTrait::copyConfig protected function Copies configuration objects from source storage to target storage.
ContentTypeCreationTrait::createContentType protected function Creates a custom content type based on default settings. Aliased as: drupalCreateContentType 1
EntityResourceTestBase::$anotherEntity protected property Another entity of the same type used for testing.
EntityResourceTestBase::$entity protected property The main entity used for testing. 47
EntityResourceTestBase::$entityStorage protected property The entity storage.
EntityResourceTestBase::$entityTypeId protected static property The tested entity type. 50
EntityResourceTestBase::$firstCreatedEntityId protected static property The entity ID for the first created entity in testPost(). 3
EntityResourceTestBase::$labelFieldName protected static property Optionally specify which field is the &#039;label&#039; field. Some entities specify
a &#039;label_callback&#039;, but not a &#039;label&#039; entity key. For example: User.
2
EntityResourceTestBase::$modules public static property Modules to install. Overrides ResourceTestBase::$modules 50
EntityResourceTestBase::$patchProtectedFieldNames protected static property The fields that are protected against modification during PATCH requests. 21
EntityResourceTestBase::$secondCreatedEntityId protected static property The entity ID for the second created entity in testPost(). 3
EntityResourceTestBase::$uniqueFieldNames protected static property The fields that need a different (random) value for each new entity created
by a POST request.
1
EntityResourceTestBase::assert406Response protected function Asserts a 406 response… or in some cases a 403 response, because weirdness.
EntityResourceTestBase::assertNormalizationEdgeCases protected function Asserts normalization-specific edge cases. Overrides ResourceTestBase::assertNormalizationEdgeCases 3
EntityResourceTestBase::assertPatchProtectedFieldNamesStructure protected function Asserts structure of $patchProtectedFieldNames.
EntityResourceTestBase::assertResourceNotAvailable protected function Asserts that a resource is unavailable: 404, 406 if it has canonical route.
EntityResourceTestBase::assertStoredEntityMatchesSentNormalization protected function Asserts that the stored entity matches the sent normalization.
EntityResourceTestBase::castToString protected static function Transforms a normalization: casts all non-string types to strings.
EntityResourceTestBase::createAnotherEntity protected function Creates another entity to be tested. 3
EntityResourceTestBase::createEntity abstract protected function Creates the entity to be tested. 50
EntityResourceTestBase::getEntityResourcePostUrl protected function Gets an entity resource&#039;s POST URL.
EntityResourceTestBase::getEntityResourceUrl protected function Gets an entity resource&#039;s GET/PATCH/DELETE URL.
EntityResourceTestBase::getExpectedCacheContexts protected function The expected cache contexts for the GET/HEAD response of the test entity. 29
EntityResourceTestBase::getExpectedCacheTags protected function The expected cache tags for the GET/HEAD response of the test entity. 9
EntityResourceTestBase::getExpectedNormalizedEntity abstract protected function Returns the expected normalization of the entity. 50
EntityResourceTestBase::getExpectedUnauthorizedAccessCacheability protected function Returns the expected cacheability of an unauthorized access response. Overrides ResourceTestBase::getExpectedUnauthorizedAccessCacheability 1
EntityResourceTestBase::getExpectedUnauthorizedAccessMessage protected function Return the expected error message. Overrides ResourceTestBase::getExpectedUnauthorizedAccessMessage 32
EntityResourceTestBase::getExpectedUnauthorizedEntityAccessCacheability protected function The cacheability of unauthorized &#039;view&#039; entity access. 7
EntityResourceTestBase::getModifiedEntityForPatchTesting protected static function Clones the given entity and modifies all PATCH-protected fields.
EntityResourceTestBase::getModifiedEntityForPostTesting protected function Gets the normalized POST entity with random values for its unique fields.
EntityResourceTestBase::getNormalizedPatchEntity protected function Returns the normalized PATCH entity. 5
EntityResourceTestBase::getNormalizedPostEntity abstract protected function Returns the normalized POST entity. 50
EntityResourceTestBase::getSecondNormalizedPostEntity protected function Gets the second normalized POST entity. 1
EntityResourceTestBase::makeNormalizationInvalid protected function Makes the given entity normalization invalid.
EntityResourceTestBase::provisionEntityResource protected function Provides an entity resource.
EntityResourceTestBase::setUp public function Overrides ResourceTestBase::setUp 4
EntityResourceTestBase::testDelete public function Tests a DELETE request for an entity, plus edge cases to ensure good DX. 1
EntityResourceTestBase::testGet public function Test a GET request for an entity, plus edge cases to ensure good DX. 6
EntityResourceTestBase::testPatch public function Tests a PATCH request for an entity, plus edge cases to ensure good DX. 2
EntityResourceTestBase::testPost public function Tests a POST request for an entity, plus edge cases to ensure good DX. 2
FunctionalTestSetupTrait::$apcuEnsureUniquePrefix protected property The flag to set &#039;apcu_ensure_unique_prefix&#039; setting. 1
FunctionalTestSetupTrait::$classLoader protected property The class loader to use for installation and initialization of setup.
FunctionalTestSetupTrait::$configDirectories Deprecated protected property The config directories used in this test.
FunctionalTestSetupTrait::$rootUser protected property The &quot;#1&quot; admin user.
FunctionalTestSetupTrait::doInstall protected function Execute the non-interactive installer. 1
FunctionalTestSetupTrait::getDatabaseTypes protected function Returns all supported database driver installer objects.
FunctionalTestSetupTrait::initConfig protected function Initialize various configurations post-installation. 2
FunctionalTestSetupTrait::initKernel protected function Initializes the kernel after installation.
FunctionalTestSetupTrait::initSettings protected function Initialize settings created during install.
FunctionalTestSetupTrait::initUserSession protected function Initializes user 1 for the site to be installed.
FunctionalTestSetupTrait::installDefaultThemeFromClassProperty protected function Installs the default theme defined by `static::$defaultTheme` when needed.
FunctionalTestSetupTrait::installModulesFromClassProperty protected function Install modules defined by `static::$modules`. 1
FunctionalTestSetupTrait::installParameters protected function Returns the parameters that will be used when Simpletest installs Drupal. 9
FunctionalTestSetupTrait::prepareEnvironment protected function Prepares the current environment for running the test. 23
FunctionalTestSetupTrait::prepareRequestForGenerator protected function Creates a mock request and sets it on the generator.
FunctionalTestSetupTrait::prepareSettings protected function Prepares site settings and services before installation. 2
FunctionalTestSetupTrait::rebuildAll protected function Resets and rebuilds the environment after setup.
FunctionalTestSetupTrait::rebuildContainer protected function Rebuilds \Drupal::getContainer().
FunctionalTestSetupTrait::resetAll protected function Resets all data structures after having enabled new modules.
FunctionalTestSetupTrait::setContainerParameter protected function Changes parameters in the services.yml file.
FunctionalTestSetupTrait::setupBaseUrl protected function Sets up the base URL based upon the environment variable.
FunctionalTestSetupTrait::writeSettings protected function Rewrites the settings.php file of the test site.
NodeCreationTrait::createNode protected function Creates a node based on default settings. Aliased as: drupalCreateNode
NodeCreationTrait::getNodeByTitle public function Get a node from the database based on its title. Aliased as: drupalGetNodeByTitle
PhpunitCompatibilityTrait::getMock Deprecated public function Returns a mock object for the specified class using the available method.
PhpunitCompatibilityTrait::setExpectedException Deprecated public function Compatibility layer for PHPUnit 6 to support PHPUnit 4 code.
RandomGeneratorTrait::$randomGenerator protected property The random generator.
RandomGeneratorTrait::getRandomGenerator protected function Gets the random generator for the utility methods.
RandomGeneratorTrait::randomMachineName protected function Generates a unique random string containing letters and numbers. 1
RandomGeneratorTrait::randomObject public function Generates a random PHP object.
RandomGeneratorTrait::randomString public function Generates a pseudo-random string of ASCII characters of codes 32 to 126.
RandomGeneratorTrait::randomStringValidate public function Callback for random string validation.
RefreshVariablesTrait::refreshVariables protected function Refreshes in-memory configuration and state information. 3
ResourceTestBase::$account protected property The account to use for authentication, if any.
ResourceTestBase::$auth protected static property The authentication mechanism to use in this test. 308
ResourceTestBase::$format protected static property The format to use in this test. 427
ResourceTestBase::$mimeType protected static property The MIME type that corresponds to $format. 427
ResourceTestBase::$resourceConfigId protected static property The REST Resource Config entity ID under test (i.e. a resource type). 5
ResourceTestBase::$resourceConfigStorage protected property The REST resource config entity storage.
ResourceTestBase::$serializer protected property The serializer service.
ResourceTestBase::assertAuthenticationEdgeCases abstract protected function Asserts authentication provider-specific edge cases.
ResourceTestBase::assertResourceErrorResponse protected function Asserts that a resource error response has the given message.
ResourceTestBase::assertResourceResponse protected function Asserts that a resource response has the given status code and body.
ResourceTestBase::assertResponseWhenMissingAuthentication abstract protected function Verifies the error response in case of missing authentication.
ResourceTestBase::decorateWithXdebugCookie protected function Adds the Xdebug cookie to the request options.
ResourceTestBase::getAuthenticationRequestOptions protected function Returns Guzzle request options for authentication.
ResourceTestBase::grantPermissionsToAnonymousRole protected function Grants permissions to the anonymous role.
ResourceTestBase::grantPermissionsToAuthenticatedRole protected function Grants permissions to the authenticated role.
ResourceTestBase::grantPermissionsToTestedRole protected function Grants permissions to the tested role: anonymous or authenticated. 1
ResourceTestBase::initAuthentication protected function Initializes authentication.
ResourceTestBase::provisionResource protected function Provisions the REST resource under test.
ResourceTestBase::recursiveKSort protected static function Recursively sorts an array by key.
ResourceTestBase::refreshTestStateAfterRestConfigChange protected function Refreshes the state of the tester to be in sync with the testee.
ResourceTestBase::request protected function Performs a HTTP request. Wraps the Guzzle HTTP client. 1
ResourceTestBase::setUpAuthorization abstract protected function Sets up the necessary authorization. 55
SessionTestTrait::$sessionName protected property The name of the session cookie.
SessionTestTrait::generateSessionName protected function Generates a session cookie name.
SessionTestTrait::getSessionName protected function Returns the session name in use on the child site.
StorageCopyTrait::replaceStorageContents protected static function Copy the configuration from one storage to another and remove stale items.
TestRequirementsTrait::checkModuleRequirements private function Checks missing module requirements.
TestRequirementsTrait::checkRequirements protected function Check module requirements for the Drupal use case. 1
TestRequirementsTrait::getDrupalRoot protected static function Returns the Drupal root directory.
TestSetupTrait::$configSchemaCheckerExclusions protected static property An array of config object names that are excluded from schema checking.
TestSetupTrait::$container protected property The dependency injection container used in the test.
TestSetupTrait::$kernel protected property The DrupalKernel instance used in the test.
TestSetupTrait::$originalSite protected property The site directory of the original parent site.
TestSetupTrait::$privateFilesDirectory protected property The private file directory for the test environment.
TestSetupTrait::$publicFilesDirectory protected property The public file directory for the test environment.
TestSetupTrait::$siteDirectory protected property The site directory of this test run.
TestSetupTrait::$strictConfigSchema protected property Set to TRUE to strict check all configuration saved. 2
TestSetupTrait::$tempFilesDirectory protected property The temporary file directory for the test environment.
TestSetupTrait::$testId protected property The test run ID.
TestSetupTrait::changeDatabasePrefix protected function Changes the database connection to the prefixed one.
TestSetupTrait::getConfigSchemaExclusions protected function Gets the config schema exclusions for this test.
TestSetupTrait::getDatabaseConnection public static function Returns the database connection to the site running Simpletest.
TestSetupTrait::prepareDatabasePrefix protected function Generates a database prefix for running tests. 2
UiHelperTrait::$loggedInUser protected property The current user logged in using the Mink controlled browser.
UiHelperTrait::$maximumMetaRefreshCount protected property The number of meta refresh redirects to follow, or NULL if unlimited.
UiHelperTrait::$metaRefreshCount protected property The number of meta refresh redirects followed during ::drupalGet().
UiHelperTrait::assertSession public function Returns WebAssert object. 1
UiHelperTrait::buildUrl protected function Builds an a absolute URL from a system path or a URL object.
UiHelperTrait::checkForMetaRefresh protected function Checks for meta refresh tag and if found call drupalGet() recursively.
UiHelperTrait::click protected function Clicks the element with the given CSS selector.
UiHelperTrait::clickLink protected function Follows a link by complete name.
UiHelperTrait::cssSelect protected function Searches elements using a CSS selector in the raw content.
UiHelperTrait::drupalGet protected function Retrieves a Drupal path or an absolute path. 3
UiHelperTrait::drupalLogin protected function Logs in a user using the Mink controlled browser.
UiHelperTrait::drupalLogout protected function Logs a user out of the Mink controlled browser and confirms.
UiHelperTrait::drupalPostForm protected function Executes a form submission.
UiHelperTrait::drupalUserIsLoggedIn protected function Returns whether a given user account is logged in.
UiHelperTrait::getAbsoluteUrl protected function Takes a path and returns an absolute path.
UiHelperTrait::getTextContent protected function Retrieves the plain-text content from the current page.
UiHelperTrait::getUrl protected function Get the current URL from the browser.
UiHelperTrait::prepareRequest protected function Prepare for a request to testing site. 1
UiHelperTrait::submitForm protected function Fills and submits a form.
UserCreationTrait::checkPermissions protected function Checks whether a given list of permission names is valid.
UserCreationTrait::createAdminRole protected function Creates an administrative role.
UserCreationTrait::createRole protected function Creates a role with specified permissions. Aliased as: drupalCreateRole
UserCreationTrait::createUser protected function Create a user with a given set of permissions. Aliased as: drupalCreateUser
UserCreationTrait::grantPermissions protected function Grant permissions to a user role.
UserCreationTrait::setCurrentUser protected function Switch the current logged in user.
UserCreationTrait::setUpCurrentUser protected function Creates a random user account and sets it as current user.
XdebugRequestTrait::extractCookiesFromRequest protected function Adds xdebug cookies, from request setup.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.