projects / yaffs-website / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
More updates to stop using dev or alpha or beta versions.
[yaffs-website] / web / core / tests / Drupal / Tests / Core / Access / CsrfAccessCheckTest.php
1 <?php
2
3 namespace Drupal\Tests\Core\Access;
4
5 use Drupal\Core\Access\AccessResult;
6 use Symfony\Component\HttpFoundation\Request;
7 use Symfony\Component\Routing\Route;
8 use Drupal\Core\Access\CsrfAccessCheck;
9 use Drupal\Tests\UnitTestCase;
10
11 /**
12  * @coversDefaultClass \Drupal\Core\Access\CsrfAccessCheck
13  * @group Access
14  */
15 class CsrfAccessCheckTest extends UnitTestCase {
16
17   /**
18    * The mock CSRF token generator.
19    *
20    * @var \Drupal\Core\Access\CsrfTokenGenerator|\PHPUnit_Framework_MockObject_MockObject
21    */
22   protected $csrfToken;
23
24   /**
25    * The access checker.
26    *
27    * @var \Drupal\Core\Access\CsrfAccessCheck
28    */
29   protected $accessCheck;
30
31   /**
32    * The mock route match.
33    *
34    * @var \Drupal\Core\RouteMatch\RouteMatchInterface|\PHPUnit_Framework_MockObject_MockObject
35    */
36   protected $routeMatch;
37
38   protected function setUp() {
39     $this->csrfToken = $this->getMockBuilder('Drupal\Core\Access\CsrfTokenGenerator')
40       ->disableOriginalConstructor()
41       ->getMock();
42
43     $this->routeMatch = $this->getMock('Drupal\Core\Routing\RouteMatchInterface');
44
45     $this->accessCheck = new CsrfAccessCheck($this->csrfToken);
46   }
47
48   /**
49    * Tests the access() method with a valid token.
50    */
51   public function testAccessTokenPass() {
52     $this->csrfToken->expects($this->once())
53       ->method('validate')
54       ->with('test_query', 'test-path/42')
55       ->will($this->returnValue(TRUE));
56
57     $this->routeMatch->expects($this->once())
58       ->method('getRawParameters')
59       ->will($this->returnValue(['node' => 42]));
60
61     $route = new Route('/test-path/{node}', [], ['_csrf_token' => 'TRUE']);
62     $request = Request::create('/test-path/42?token=test_query');
63
64     $this->assertEquals(AccessResult::allowed()->setCacheMaxAge(0), $this->accessCheck->access($route, $request, $this->routeMatch));
65   }
66
67   /**
68    * @covers ::access
69    */
70   public function testCsrfTokenInvalid() {
71     $this->csrfToken->expects($this->once())
72       ->method('validate')
73       ->with('test_query', 'test-path')
74       ->will($this->returnValue(FALSE));
75
76     $this->routeMatch->expects($this->once())
77       ->method('getRawParameters')
78       ->will($this->returnValue([]));
79
80     $route = new Route('/test-path', [], ['_csrf_token' => 'TRUE']);
81     $request = Request::create('/test-path?token=test_query');
82
83     $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is invalid.")->setCacheMaxAge(0), $this->accessCheck->access($route, $request, $this->routeMatch));
84   }
85
86   /**
87    * @covers ::access
88    */
89   public function testCsrfTokenMissing() {
90     $this->csrfToken->expects($this->once())
91       ->method('validate')
92       ->with('', 'test-path')
93       ->will($this->returnValue(FALSE));
94
95     $this->routeMatch->expects($this->once())
96       ->method('getRawParameters')
97       ->will($this->returnValue([]));
98
99     $route = new Route('/test-path', [], ['_csrf_token' => 'TRUE']);
100     $request = Request::create('/test-path');
101     $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is missing.")->setCacheMaxAge(0), $this->accessCheck->access($route, $request, $this->routeMatch));
102   }
103
104 }
Unnamed repository; edit this file 'description' to name the repository.