function RouteProcessorCsrfTest::testProcessOutboundJsonFormat

Tests JSON requests to get no placeholders, but real tokens.

File

core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php, line 145

Class

RouteProcessorCsrfTest
@coversDefaultClass \Drupal\Core\Access\RouteProcessorCsrf @group Access

Namespace

Drupal\Tests\Core\Access

Code

public function testProcessOutboundJsonFormat() : void {
    // Create a new request mock that returns 'json' format.
    $request = $this->createMock('Symfony\\Component\\HttpFoundation\\Request');
    $request->expects($this->once())
        ->method('getRequestFormat')
        ->willReturn('json');
    $this->requestStack = $this->createMock('Symfony\\Component\\HttpFoundation\\RequestStack');
    $this->requestStack
        ->expects($this->once())
        ->method('getCurrentRequest')
        ->willReturn($request);
    // Mock that the CSRF token service should be called once with 'test-path'
    // and return a test token.
    $this->csrfToken
        ->expects($this->any())
        ->method('get')
        ->with('test-path')
        ->willReturn('real_token_value');
    $this->processor = new RouteProcessorCsrf($this->csrfToken, $this->requestStack);
    $route = new Route('/test-path', [], [
        '_csrf_token' => 'TRUE',
    ]);
    $parameters = [];
    // For JSON requests, the actual CSRF token should be in parameters,
    // regardless of whether cache metadata is present.
    $this->processor
        ->processOutbound('test', $route, $parameters);
    $this->assertEquals('real_token_value', $parameters['token']);
    $this->processor
        ->processOutbound('test', $route, $parameters, new BubbleableMetadata());
    $this->assertEquals('real_token_value', $parameters['token']);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.