function RouteProcessorCsrfTest::testProcessOutboundJsonFormat

Tests JSON requests to get no placeholders, but real tokens.

File

core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php, line 145

Class

RouteProcessorCsrfTest
@coversDefaultClass \Drupal\Core\Access\RouteProcessorCsrf[[api-linebreak]] @group Access

Namespace

Drupal\Tests\Core\Access

Code

public function testProcessOutboundJsonFormat() : void {
  // Create a new request mock that returns 'json' format.
  $request = $this->createMock('Symfony\\Component\\HttpFoundation\\Request');
  $request->expects($this->once())
    ->method('getRequestFormat')
    ->willReturn('json');
  $this->requestStack = $this->createMock('Symfony\\Component\\HttpFoundation\\RequestStack');
  $this->requestStack
    ->expects($this->once())
    ->method('getCurrentRequest')
    ->willReturn($request);
  // Mock that the CSRF token service should be called once with 'test-path'
  // and return a test token.
  $this->csrfToken
    ->expects($this->any())
    ->method('get')
    ->with('test-path')
    ->willReturn('real_token_value');
  $this->processor = new RouteProcessorCsrf($this->csrfToken, $this->requestStack);
  $route = new Route('/test-path', [], [
    '_csrf_token' => 'TRUE',
  ]);
  $parameters = [];
  // For JSON requests, the actual CSRF token should be in parameters,
  // regardless of whether cache metadata is present.
  $this->processor
    ->processOutbound('test', $route, $parameters);
  $this->assertEquals('real_token_value', $parameters['token']);
  $this->processor
    ->processOutbound('test', $route, $parameters, new BubbleableMetadata());
  $this->assertEquals('real_token_value', $parameters['token']);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.