function RoutePathGenerationTraitTest::testCsrfTokenCompleteLifeCycle
Tests that CSRF token creation and validation is consistent.
This checks that CsrfAccessCheck() and RouteProcessorCsrf() produce the same results.
Multiple cases are provided for an optional parameter (non-empty, empty, null, undefined).
@dataProvider providerTestCsrfTokenCompleteLifeCycle
File
-
core/
tests/ Drupal/ Tests/ Core/ Access/ RoutePathGenerationTraitTest.php, line 77
Class
- RoutePathGenerationTraitTest
- @covers \Drupal\Core\Access\RoutePathGenerationTrait[[api-linebreak]] @group Access
Namespace
Drupal\Tests\Core\AccessCode
public function testCsrfTokenCompleteLifeCycle($params) : void {
// Mock a route.
$route = $this->createMock(Route::class);
$route->method('getPath')
->willReturn('test/example/{param}');
$route->method('hasRequirement')
->with('_csrf_token')
->willReturn(TRUE);
// Process the route so the "token" param is generated.
$routeParams = $params;
$this->processor
->processOutbound('test.example', $route, $routeParams);
$requestParams = $params + [
'token' => $routeParams['token'],
];
// Mock Parameter bag.
$parameterBag = $this->createMock(ParameterBagInterface::class);
$parameterBag->method('get')
->willReturnCallback(function ($key, $default = NULL) use ($requestParams) {
return $requestParams[$key] ?? $default;
});
$parameterBag->method('all')
->willReturn($requestParams);
// Get a real InputBag because it is a final class.
$inputBag = new InputBag($requestParams);
// Mock Request.
$request = $this->createMock(Request::class);
$request->query = $inputBag;
// Mock RouteMatch.
$routeMatch = $this->createMock(RouteMatchInterface::class);
$routeMatch->method('getRawParameters')
->willReturn($parameterBag);
// Check for allowed access.
$this->assertInstanceOf(AccessResultAllowed::class, $this->accessCheck
->access($route, $request, $routeMatch));
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.