www.aleph1.co.uk Git - yaffs-website/blob - web/core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php

   1 <?php
   2
   3 namespace Drupal\Tests\rest\Functional;
   4
   5 use Drupal\Core\Url;
   6 use Psr\Http\Message\ResponseInterface;
   7
   8 /**
   9  * Trait for ResourceTestBase subclasses testing $auth=basic_auth.
  10  *
  11  * Characteristics:
  12  * - Every request must send an Authorization header.
  13  * - When accessing a URI that requires authentication without being
  14  *   authenticated, a 401 response must be sent.
  15  * - Because every request must send an authorization, there is no danger of
  16  *   CSRF attacks.
  17  *
  18  * @see \Drupal\Tests\rest\Functional\BasicAuthResourceWithInterfaceTranslationTestTrait
  19  */
  20 trait BasicAuthResourceTestTrait {
  21
  22   /**
  23    * {@inheritdoc}
  24    */
  25   protected function getAuthenticationRequestOptions($method) {
  26     return [
  27       'headers' => [
  28         'Authorization' => 'Basic ' . base64_encode($this->account->name->value . ':' . $this->account->passRaw),
  29       ],
  30     ];
  31   }
  32
  33   /**
  34    * {@inheritdoc}
  35    */
  36   protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
  37     $expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE;
  38     // @see \Drupal\basic_auth\Authentication\Provider\BasicAuth::challengeException()
  39     $expected_dynamic_page_cache_header_value = $expected_page_cache_header_value;
  40     $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response, ['4xx-response', 'config:system.site', 'config:user.role.anonymous', 'http_response'], ['user.roles:anonymous'], $expected_page_cache_header_value, $expected_dynamic_page_cache_header_value);
  41   }
  42
  43   /**
  44    * {@inheritdoc}
  45    */
  46   protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
  47   }
  48
  49 }