3 namespace Drupal\Tests\Core\Access;
5 use Drupal\Core\Access\AccessResult;
6 use Symfony\Component\HttpFoundation\Request;
7 use Symfony\Component\Routing\Route;
8 use Drupal\Core\Access\CsrfAccessCheck;
9 use Drupal\Tests\UnitTestCase;
12 * @coversDefaultClass \Drupal\Core\Access\CsrfAccessCheck
15 class CsrfAccessCheckTest extends UnitTestCase {
18 * The mock CSRF token generator.
20 * @var \Drupal\Core\Access\CsrfTokenGenerator|\PHPUnit_Framework_MockObject_MockObject
27 * @var \Drupal\Core\Access\CsrfAccessCheck
29 protected $accessCheck;
32 * The mock route match.
34 * @var \Drupal\Core\RouteMatch\RouteMatchInterface|\PHPUnit_Framework_MockObject_MockObject
36 protected $routeMatch;
38 protected function setUp() {
39 $this->csrfToken = $this->getMockBuilder('Drupal\Core\Access\CsrfTokenGenerator')
40 ->disableOriginalConstructor()
43 $this->routeMatch = $this->getMock('Drupal\Core\Routing\RouteMatchInterface');
45 $this->accessCheck = new CsrfAccessCheck($this->csrfToken);
49 * Tests the access() method with a valid token.
51 public function testAccessTokenPass() {
52 $this->csrfToken->expects($this->once())
54 ->with('test_query', 'test-path/42')
55 ->will($this->returnValue(TRUE));
57 $this->routeMatch->expects($this->once())
58 ->method('getRawParameters')
59 ->will($this->returnValue(['node' => 42]));
61 $route = new Route('/test-path/{node}', [], ['_csrf_token' => 'TRUE']);
62 $request = Request::create('/test-path/42?token=test_query');
64 $this->assertEquals(AccessResult::allowed()->setCacheMaxAge(0), $this->accessCheck->access($route, $request, $this->routeMatch));
70 public function testCsrfTokenInvalid() {
71 $this->csrfToken->expects($this->once())
73 ->with('test_query', 'test-path')
74 ->will($this->returnValue(FALSE));
76 $this->routeMatch->expects($this->once())
77 ->method('getRawParameters')
78 ->will($this->returnValue([]));
80 $route = new Route('/test-path', [], ['_csrf_token' => 'TRUE']);
81 $request = Request::create('/test-path?token=test_query');
83 $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is invalid.")->setCacheMaxAge(0), $this->accessCheck->access($route, $request, $this->routeMatch));
89 public function testCsrfTokenMissing() {
90 $this->csrfToken->expects($this->once())
92 ->with('', 'test-path')
93 ->will($this->returnValue(FALSE));
95 $this->routeMatch->expects($this->once())
96 ->method('getRawParameters')
97 ->will($this->returnValue([]));
99 $route = new Route('/test-path', [], ['_csrf_token' => 'TRUE']);
100 $request = Request::create('/test-path');
101 $this->assertEquals(AccessResult::forbidden("'csrf_token' URL query argument is missing.")->setCacheMaxAge(0), $this->accessCheck->access($route, $request, $this->routeMatch));