CsrfAccessCheckTest.php

Same filename and directory in other branches
  1. 9 core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php
  2. 8.9.x core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php
  3. 11.x core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php

Namespace

Drupal\Tests\Core\Access

File

core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php

View on git.drupalcode.org
View source 
<?php

declare (strict_types=1);
namespace Drupal\Tests\Core\Access;

use Drupal\Core\Access\AccessResult;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
use Drupal\Core\Access\CsrfAccessCheck;
use Drupal\Tests\UnitTestCase;

/**
 * @coversDefaultClass \Drupal\Core\Access\CsrfAccessCheck
 * @group Access
 */
class CsrfAccessCheckTest extends UnitTestCase {
  
  /**
   * The mock CSRF token generator.
   *
   * @var \Drupal\Core\Access\CsrfTokenGenerator|\PHPUnit\Framework\MockObject\MockObject
   */
  protected $csrfToken;
  
  /**
   * The access checker.
   *
   * @var \Drupal\Core\Access\CsrfAccessCheck
   */
  protected $accessCheck;
  
  /**
   * The mock route match.
   *
   * @var \Drupal\Core\Routing\RouteMatchInterface|\PHPUnit\Framework\MockObject\MockObject
   */
  protected $routeMatch;
  
  /**
   * {@inheritdoc}
   */
  protected function setUp() : void {
    parent::setUp();
    $this->csrfToken = $this->getMockBuilder('Drupal\\Core\\Access\\CsrfTokenGenerator')
      ->disableOriginalConstructor()
      ->getMock();
    $this->routeMatch = $this->createMock('Drupal\\Core\\Routing\\RouteMatchInterface');
    $this->accessCheck = new CsrfAccessCheck($this->csrfToken);
  }
  
  /**
   * Tests the access() method with a valid token.
   */
  public function testAccessTokenPass() : void {
    $this->csrfToken
      ->expects($this->once())
      ->method('validate')
      ->with('test_query', 'test-path/42')
      ->willReturn(TRUE);
    $this->routeMatch
      ->expects($this->once())
      ->method('getRawParameters')
      ->willReturn([
      'node' => 42,
    ]);
    $route = new Route('/test-path/{node}', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $request = Request::create('/test-path/42?token=test_query');
    $this->assertEquals(AccessResult::allowed()->setCacheMaxAge(0), $this->accessCheck
      ->access($route, $request, $this->routeMatch));
  }
  
  /**
   * @covers ::access
   */
  public function testCsrfTokenInvalid() : void {
    $this->csrfToken
      ->expects($this->once())
      ->method('validate')
      ->with('test_query', 'test-path')
      ->willReturn(FALSE);
    $this->routeMatch
      ->expects($this->once())
      ->method('getRawParameters')
      ->willReturn([]);
    $route = new Route('/test-path', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $request = Request::create('/test-path?token=test_query');
    $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is invalid.")->setCacheMaxAge(0), $this->accessCheck
      ->access($route, $request, $this->routeMatch));
  }
  
  /**
   * @covers ::access
   */
  public function testCsrfTokenMissing() : void {
    $this->csrfToken
      ->expects($this->once())
      ->method('validate')
      ->with('', 'test-path')
      ->willReturn(FALSE);
    $this->routeMatch
      ->expects($this->once())
      ->method('getRawParameters')
      ->willReturn([]);
    $route = new Route('/test-path', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $request = Request::create('/test-path');
    $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is missing.")->setCacheMaxAge(0), $this->accessCheck
      ->access($route, $request, $this->routeMatch));
  }

}

Classes

Title Deprecated Summary
CsrfAccessCheckTest @coversDefaultClass \Drupal\Core\Access\CsrfAccessCheck[[api-linebreak]] @group Access

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.