class CsrfAccessCheckTest

Same name in other branches
  1. 9 core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest
  2. 8.9.x core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest
  3. 10 core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest

@coversDefaultClass \Drupal\Core\Access\CsrfAccessCheck @group Access

Hierarchy

Expanded class hierarchy of CsrfAccessCheckTest

File

core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php, line 20

Namespace

Drupal\Tests\Core\Access
View source 
class CsrfAccessCheckTest extends UnitTestCase {
    
    /**
     * The mock CSRF token generator.
     */
    protected CsrfTokenGenerator $csrfToken;
    
    /**
     * The access checker.
     */
    protected CsrfAccessCheck $accessCheck;
    
    /**
     * The mock route match.
     */
    protected RouteMatchInterface $routeMatch;
    
    /**
     * The mock parameter bag.
     */
    protected ParameterBagInterface $parameterBag;
    
    /**
     * {@inheritdoc}
     */
    protected function setUp() : void {
        parent::setUp();
        $this->csrfToken = $this->getMockBuilder(CsrfTokenGenerator::class)
            ->disableOriginalConstructor()
            ->getMock();
        $this->parameterBag = $this->createMock(ParameterBagInterface::class);
        $this->routeMatch = $this->createMock(RouteMatchInterface::class);
        $this->accessCheck = new CsrfAccessCheck($this->csrfToken);
    }
    
    /**
     * Tests the access() method with a valid token.
     */
    public function testAccessTokenPass() : void {
        $this->csrfToken
            ->expects($this->once())
            ->method('validate')
            ->with('test_query', 'test-path/42')
            ->willReturn(TRUE);
        $this->parameterBag
            ->method('all')
            ->willReturn([
            'node' => 42,
        ]);
        $this->routeMatch
            ->expects($this->once())
            ->method('getRawParameters')
            ->willReturn($this->parameterBag);
        $route = new Route('/test-path/{node}', [], [
            '_csrf_token' => 'TRUE',
        ]);
        $request = Request::create('/test-path/42?token=test_query');
        $this->assertEquals(AccessResult::allowed()->setCacheMaxAge(0), $this->accessCheck
            ->access($route, $request, $this->routeMatch));
    }
    
    /**
     * @covers ::access
     */
    public function testCsrfTokenInvalid() : void {
        $this->csrfToken
            ->expects($this->once())
            ->method('validate')
            ->with('test_query', 'test-path')
            ->willReturn(FALSE);
        $this->parameterBag
            ->method('all')
            ->willReturn([]);
        $this->routeMatch
            ->expects($this->once())
            ->method('getRawParameters')
            ->willReturn($this->parameterBag);
        $route = new Route('/test-path', [], [
            '_csrf_token' => 'TRUE',
        ]);
        $request = Request::create('/test-path?token=test_query');
        $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is invalid.")->setCacheMaxAge(0), $this->accessCheck
            ->access($route, $request, $this->routeMatch));
    }
    
    /**
     * @covers ::access
     */
    public function testCsrfTokenMissing() : void {
        $this->csrfToken
            ->expects($this->once())
            ->method('validate')
            ->with('', 'test-path')
            ->willReturn(FALSE);
        $this->parameterBag
            ->method('all')
            ->willReturn([]);
        $this->routeMatch
            ->expects($this->once())
            ->method('getRawParameters')
            ->willReturn($this->parameterBag);
        $route = new Route('/test-path', [], [
            '_csrf_token' => 'TRUE',
        ]);
        $request = Request::create('/test-path');
        $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is missing.")->setCacheMaxAge(0), $this->accessCheck
            ->access($route, $request, $this->routeMatch));
    }

}

Members

Title Modifiers Object type Summary Overriden Title
CsrfAccessCheckTest::$accessCheck protected property The access checker.
CsrfAccessCheckTest::$csrfToken protected property The mock CSRF token generator.
CsrfAccessCheckTest::$parameterBag protected property The mock parameter bag.
CsrfAccessCheckTest::$routeMatch protected property The mock route match.
CsrfAccessCheckTest::setUp protected function Overrides UnitTestCase::setUp
CsrfAccessCheckTest::testAccessTokenPass public function Tests the access() method with a valid token.
CsrfAccessCheckTest::testCsrfTokenInvalid public function @covers ::access
CsrfAccessCheckTest::testCsrfTokenMissing public function @covers ::access
ExpectDeprecationTrait::expectDeprecation public function Adds an expected deprecation.
ExpectDeprecationTrait::setUpErrorHandler public function Sets up the test error handler.
ExpectDeprecationTrait::tearDownErrorHandler public function Tears down the test error handler.
RandomGeneratorTrait::getRandomGenerator protected function Gets the random generator for the utility methods.
RandomGeneratorTrait::randomMachineName protected function Generates a unique random string containing letters and numbers.
RandomGeneratorTrait::randomObject public function Generates a random PHP object.
RandomGeneratorTrait::randomString public function Generates a pseudo-random string of ASCII characters of codes 32 to 126.
UnitTestCase::$root protected property The app root.
UnitTestCase::getClassResolverStub protected function Returns a stub class resolver.
UnitTestCase::getConfigFactoryStub public function Returns a stub config factory that behaves according to the passed array.
UnitTestCase::getContainerWithCacheTagsInvalidator protected function Sets up a container with a cache tags invalidator.
UnitTestCase::getStringTranslationStub public function Returns a stub translation manager that just returns the passed string.
UnitTestCase::setDebugDumpHandler public static function Registers the dumper CLI handler when the DebugDump extension is enabled.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.