function FormBuilderTest::testInvalidToken

Same name in other branches
  1. 9 core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php \Drupal\Tests\Core\Form\FormBuilderTest::testInvalidToken()
  2. 8.9.x core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php \Drupal\Tests\Core\Form\FormBuilderTest::testInvalidToken()
  3. 11.x core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php \Drupal\Tests\Core\Form\FormBuilderTest::testInvalidToken()

@covers ::doBuildForm

@dataProvider providerTestInvalidToken

File

core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php, line 851

Class

FormBuilderTest
@coversDefaultClass \Drupal\Core\Form\FormBuilder @group Form

Namespace

Drupal\Tests\Core\Form

Code

public function testInvalidToken($expected, $valid_token, $user_is_authenticated) : void {
    $form_token = 'the_form_token';
    $form_id = 'test_form_id';
    if (is_bool($valid_token)) {
        $this->csrfToken
            ->expects($this->any())
            ->method('get')
            ->willReturnArgument(0);
        $this->csrfToken
            ->expects($this->atLeastOnce())
            ->method('validate')
            ->willReturn($valid_token);
    }
    $current_user = $this->prophesize(AccountInterface::class);
    $current_user->isAuthenticated()
        ->willReturn($user_is_authenticated);
    $property = new \ReflectionProperty(FormBuilder::class, 'currentUser');
    $property->setValue($this->formBuilder, $current_user->reveal());
    $expected_form = $form_id();
    $form_arg = $this->getMockForm($form_id, $expected_form);
    // Set up some request data so we can be sure it is removed when a token is
    // invalid.
    $this->request->request
        ->set('foo', 'bar');
    $_POST['foo'] = 'bar';
    $form_state = new FormState();
    $input['form_id'] = $form_id;
    $input['form_token'] = $form_token;
    $input['test'] = 'example-value';
    $form_state->setUserInput($input);
    $form = $this->simulateFormSubmission($form_id, $form_arg, $form_state, FALSE);
    $this->assertSame($expected, $form_state->hasInvalidToken());
    if ($expected) {
        $this->assertEmpty($form['test']['#value']);
        $this->assertEmpty($form_state->getValue('test'));
        $this->assertEmpty($_POST);
        $this->assertEmpty(iterator_to_array($this->request->request
            ->getIterator()));
    }
    else {
        $this->assertEquals('example-value', $form['test']['#value']);
        $this->assertEquals('example-value', $form_state->getValue('test'));
        $this->assertEquals('bar', $_POST['foo']);
        $this->assertEquals('bar', $this->request->request
            ->get('foo'));
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.