function RoutePathGenerationTraitTest::testCsrfTokenCompleteLifeCycle

Tests that CSRF token creation and validation is consistent.

This checks that CsrfAccessCheck() and RouteProcessorCsrf() produce the same results.

Multiple cases are provided for an optional parameter (non-empty, empty, null, undefined).

@dataProvider providerTestCsrfTokenCompleteLifeCycle

File

core/tests/Drupal/Tests/Core/Access/RoutePathGenerationTraitTest.php, line 77

Class

RoutePathGenerationTraitTest
@covers \Drupal\Core\Access\RoutePathGenerationTrait[[api-linebreak]] @group Access

Namespace

Drupal\Tests\Core\Access

Code

public function testCsrfTokenCompleteLifeCycle($params) : void {
  // Mock a route.
  $route = $this->createMock(Route::class);
  $route->method('getPath')
    ->willReturn('test/example/{param}');
  $route->method('hasRequirement')
    ->with('_csrf_token')
    ->willReturn(TRUE);
  // Process the route so the "token" param is generated.
  $routeParams = $params;
  $this->processor
    ->processOutbound('test.example', $route, $routeParams);
  $requestParams = $params + [
    'token' => $routeParams['token'],
  ];
  // Mock Parameter bag.
  $parameterBag = $this->createMock(ParameterBagInterface::class);
  $parameterBag->method('get')
    ->willReturnCallback(function ($key, $default = NULL) use ($requestParams) {
    return $requestParams[$key] ?? $default;
  });
  $parameterBag->method('all')
    ->willReturn($requestParams);
  // Get a real InputBag because it is a final class.
  $inputBag = new InputBag($requestParams);
  // Mock Request.
  $request = $this->createMock(Request::class);
  $request->query = $inputBag;
  // Mock RouteMatch.
  $routeMatch = $this->createMock(RouteMatchInterface::class);
  $routeMatch->method('getRawParameters')
    ->willReturn($parameterBag);
  // Check for allowed access.
  $this->assertInstanceOf(AccessResultAllowed::class, $this->accessCheck
    ->access($route, $request, $routeMatch));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.