class CsrfAccessCheckTest

Same name and namespace in other branches
  1. 9 core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest
  2. 8.9.x core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest
  3. 10 core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest

@coversDefaultClass \Drupal\Core\Access\CsrfAccessCheck
@group Access

Hierarchy

Expanded class hierarchy of CsrfAccessCheckTest

File

core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php, line 20

Namespace

Drupal\Tests\Core\Access
View on git.drupalcode.org
View source 
class CsrfAccessCheckTest extends UnitTestCase {
  
  /**
   * The mock CSRF token generator.
   */
  protected CsrfTokenGenerator $csrfToken;
  
  /**
   * The access checker.
   */
  protected CsrfAccessCheck $accessCheck;
  
  /**
   * The mock route match.
   */
  protected RouteMatchInterface $routeMatch;
  
  /**
   * The mock parameter bag.
   */
  protected ParameterBagInterface $parameterBag;
  
  /**
   * {@inheritdoc}
   */
  protected function setUp() : void {
    parent::setUp();
    $this->csrfToken = $this->getMockBuilder(CsrfTokenGenerator::class)
      ->disableOriginalConstructor()
      ->getMock();
    $this->parameterBag = $this->createMock(ParameterBagInterface::class);
    $this->routeMatch = $this->createMock(RouteMatchInterface::class);
    $this->accessCheck = new CsrfAccessCheck($this->csrfToken);
  }
  
  /**
   * Tests the access() method with a valid token.
   */
  public function testAccessTokenPass() : void {
    $this->csrfToken
      ->expects($this->once())
      ->method('validate')
      ->with('test_query', 'test-path/42')
      ->willReturn(TRUE);
    $this->parameterBag
      ->method('all')
      ->willReturn([
      'node' => 42,
    ]);
    $this->routeMatch
      ->expects($this->once())
      ->method('getRawParameters')
      ->willReturn($this->parameterBag);
    $route = new Route('/test-path/{node}', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $request = Request::create('/test-path/42?token=test_query');
    $this->assertEquals(AccessResult::allowed()->setCacheMaxAge(0), $this->accessCheck
      ->access($route, $request, $this->routeMatch));
  }
  
  /**
   * @covers ::access
   */
  public function testCsrfTokenInvalid() : void {
    $this->csrfToken
      ->expects($this->once())
      ->method('validate')
      ->with('test_query', 'test-path')
      ->willReturn(FALSE);
    $this->parameterBag
      ->method('all')
      ->willReturn([]);
    $this->routeMatch
      ->expects($this->once())
      ->method('getRawParameters')
      ->willReturn($this->parameterBag);
    $route = new Route('/test-path', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $request = Request::create('/test-path?token=test_query');
    $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is invalid.")->setCacheMaxAge(0), $this->accessCheck
      ->access($route, $request, $this->routeMatch));
  }
  
  /**
   * @covers ::access
   */
  public function testCsrfTokenMissing() : void {
    $this->csrfToken
      ->expects($this->once())
      ->method('validate')
      ->with('', 'test-path')
      ->willReturn(FALSE);
    $this->parameterBag
      ->method('all')
      ->willReturn([]);
    $this->routeMatch
      ->expects($this->once())
      ->method('getRawParameters')
      ->willReturn($this->parameterBag);
    $route = new Route('/test-path', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $request = Request::create('/test-path');
    $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is missing.")->setCacheMaxAge(0), $this->accessCheck
      ->access($route, $request, $this->routeMatch));
  }

}

Members

Title Modifiers Object type Summary Overriden Title
CsrfAccessCheckTest::$accessCheck protected property The access checker.
CsrfAccessCheckTest::$csrfToken protected property The mock CSRF token generator.
CsrfAccessCheckTest::$parameterBag protected property The mock parameter bag.
CsrfAccessCheckTest::$routeMatch protected property The mock route match.
CsrfAccessCheckTest::setUp protected function Overrides UnitTestCase::setUp
CsrfAccessCheckTest::testAccessTokenPass public function Tests the access() method with a valid token.
CsrfAccessCheckTest::testCsrfTokenInvalid public function @covers ::access[[api-linebreak]]
CsrfAccessCheckTest::testCsrfTokenMissing public function @covers ::access[[api-linebreak]]
ExpectDeprecationTrait::expectDeprecation public function Adds an expected deprecation.
ExpectDeprecationTrait::setUpErrorHandler public function Sets up the test error handler.
ExpectDeprecationTrait::tearDownErrorHandler public function Tears down the test error handler.
RandomGeneratorTrait::getRandomGenerator protected function Gets the random generator for the utility methods.
RandomGeneratorTrait::randomMachineName protected function Generates a unique random string containing letters and numbers.
RandomGeneratorTrait::randomObject public function Generates a random PHP object.
RandomGeneratorTrait::randomString public function Generates a pseudo-random string of ASCII characters of codes 32 to 126.
UnitTestCase::$root protected property The app root.
UnitTestCase::getClassResolverStub protected function Returns a stub class resolver.
UnitTestCase::getConfigFactoryStub public function Returns a stub config factory that behaves according to the passed array.
UnitTestCase::getContainerWithCacheTagsInvalidator protected function Sets up a container with a cache tags invalidator.
UnitTestCase::getStringTranslationStub public function Returns a stub translation manager that just returns the passed string.
UnitTestCase::setDebugDumpHandler public static function Registers the dumper CLI handler when the DebugDump extension is enabled.
UnitTestCase::setupMockIterator protected function Set up a traversable class mock to return specific items when iterated.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.