class CsrfAccessCheckTest

Same name in other branches
  1. 8.9.x core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest
  2. 10 core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest
  3. 11.x core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php \Drupal\Tests\Core\Access\CsrfAccessCheckTest

@coversDefaultClass \Drupal\Core\Access\CsrfAccessCheck @group Access

Hierarchy

Expanded class hierarchy of CsrfAccessCheckTest

File

core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php, line 15

Namespace

Drupal\Tests\Core\Access
View source 
class CsrfAccessCheckTest extends UnitTestCase {
    
    /**
     * The mock CSRF token generator.
     *
     * @var \Drupal\Core\Access\CsrfTokenGenerator|\PHPUnit\Framework\MockObject\MockObject
     */
    protected $csrfToken;
    
    /**
     * The access checker.
     *
     * @var \Drupal\Core\Access\CsrfAccessCheck
     */
    protected $accessCheck;
    
    /**
     * The mock route match.
     *
     * @var \Drupal\Core\Routing\RouteMatchInterface|\PHPUnit\Framework\MockObject\MockObject
     */
    protected $routeMatch;
    
    /**
     * {@inheritdoc}
     */
    protected function setUp() : void {
        $this->csrfToken = $this->getMockBuilder('Drupal\\Core\\Access\\CsrfTokenGenerator')
            ->disableOriginalConstructor()
            ->getMock();
        $this->routeMatch = $this->createMock('Drupal\\Core\\Routing\\RouteMatchInterface');
        $this->accessCheck = new CsrfAccessCheck($this->csrfToken);
    }
    
    /**
     * Tests the access() method with a valid token.
     */
    public function testAccessTokenPass() {
        $this->csrfToken
            ->expects($this->once())
            ->method('validate')
            ->with('test_query', 'test-path/42')
            ->willReturn(TRUE);
        $this->routeMatch
            ->expects($this->once())
            ->method('getRawParameters')
            ->willReturn([
            'node' => 42,
        ]);
        $route = new Route('/test-path/{node}', [], [
            '_csrf_token' => 'TRUE',
        ]);
        $request = Request::create('/test-path/42?token=test_query');
        $this->assertEquals(AccessResult::allowed()->setCacheMaxAge(0), $this->accessCheck
            ->access($route, $request, $this->routeMatch));
    }
    
    /**
     * @covers ::access
     */
    public function testCsrfTokenInvalid() {
        $this->csrfToken
            ->expects($this->once())
            ->method('validate')
            ->with('test_query', 'test-path')
            ->willReturn(FALSE);
        $this->routeMatch
            ->expects($this->once())
            ->method('getRawParameters')
            ->willReturn([]);
        $route = new Route('/test-path', [], [
            '_csrf_token' => 'TRUE',
        ]);
        $request = Request::create('/test-path?token=test_query');
        $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is invalid.")->setCacheMaxAge(0), $this->accessCheck
            ->access($route, $request, $this->routeMatch));
    }
    
    /**
     * @covers ::access
     */
    public function testCsrfTokenMissing() {
        $this->csrfToken
            ->expects($this->once())
            ->method('validate')
            ->with('', 'test-path')
            ->willReturn(FALSE);
        $this->routeMatch
            ->expects($this->once())
            ->method('getRawParameters')
            ->willReturn([]);
        $route = new Route('/test-path', [], [
            '_csrf_token' => 'TRUE',
        ]);
        $request = Request::create('/test-path');
        $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is missing.")->setCacheMaxAge(0), $this->accessCheck
            ->access($route, $request, $this->routeMatch));
    }

}

Members

Title Deprecated Modifiers Object type Summary Overriden Title Overrides
CsrfAccessCheckTest::$accessCheck protected property The access checker.
CsrfAccessCheckTest::$csrfToken protected property The mock CSRF token generator.
CsrfAccessCheckTest::$routeMatch protected property The mock route match.
CsrfAccessCheckTest::setUp protected function Overrides UnitTestCase::setUp
CsrfAccessCheckTest::testAccessTokenPass public function Tests the access() method with a valid token.
CsrfAccessCheckTest::testCsrfTokenInvalid public function @covers ::access
CsrfAccessCheckTest::testCsrfTokenMissing public function @covers ::access
PhpUnitWarnings::$deprecationWarnings private static property Deprecation warnings from PHPUnit to raise with @trigger_error().
PhpUnitWarnings::addWarning public function Converts PHPUnit deprecation warnings to E_USER_DEPRECATED.
UnitTestCase::$randomGenerator protected property The random generator.
UnitTestCase::$root protected property The app root. 1
UnitTestCase::assertArrayEquals Deprecated protected function Asserts if two arrays are equal by sorting them first.
UnitTestCase::getClassResolverStub protected function Returns a stub class resolver.
UnitTestCase::getConfigFactoryStub public function Returns a stub config factory that behaves according to the passed array.
UnitTestCase::getConfigStorageStub public function Returns a stub config storage that returns the supplied configuration.
UnitTestCase::getContainerWithCacheTagsInvalidator protected function Sets up a container with a cache tags invalidator.
UnitTestCase::getRandomGenerator protected function Gets the random generator for the utility methods.
UnitTestCase::getStringTranslationStub public function Returns a stub translation manager that just returns the passed string.
UnitTestCase::randomMachineName public function Generates a unique random string containing letters and numbers.
UnitTestCase::setUpBeforeClass public static function

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.