function RouteProcessorCsrfTest::testProcessOutboundJsonFormat
Tests JSON requests to get no placeholders, but real tokens.
File
-
core/
tests/ Drupal/ Tests/ Core/ Access/ RouteProcessorCsrfTest.php, line 145
Class
- RouteProcessorCsrfTest
- @coversDefaultClass \Drupal\Core\Access\RouteProcessorCsrf @group Access
Namespace
Drupal\Tests\Core\AccessCode
public function testProcessOutboundJsonFormat() : void {
// Create a new request mock that returns 'json' format.
$request = $this->createMock('Symfony\\Component\\HttpFoundation\\Request');
$request->expects($this->once())
->method('getRequestFormat')
->willReturn('json');
$this->requestStack = $this->createMock('Symfony\\Component\\HttpFoundation\\RequestStack');
$this->requestStack
->expects($this->once())
->method('getCurrentRequest')
->willReturn($request);
// Mock that the CSRF token service should be called once with 'test-path'
// and return a test token.
$this->csrfToken
->expects($this->any())
->method('get')
->with('test-path')
->willReturn('real_token_value');
$this->processor = new RouteProcessorCsrf($this->csrfToken, $this->requestStack);
$route = new Route('/test-path', [], [
'_csrf_token' => 'TRUE',
]);
$parameters = [];
// For JSON requests, the actual CSRF token should be in parameters,
// regardless of whether cache metadata is present.
$this->processor
->processOutbound('test', $route, $parameters);
$this->assertEquals('real_token_value', $parameters['token']);
$this->processor
->processOutbound('test', $route, $parameters, new BubbleableMetadata());
$this->assertEquals('real_token_value', $parameters['token']);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.