Upgraded drupal core with security updates

[yaffs-website] / web / core / modules / system / tests / src / Functional / Theme / ThemeTokenTest.php

<?php

namespace Drupal\Tests\system\Functional\Theme;

use Drupal\Tests\BrowserTestBase;

/**
 * Tests the generation of 'theme_token' key in Drupal settings.
 *
 * @group Theme
 */
class ThemeTokenTest extends BrowserTestBase {

  /**
   * We want to visit the 'admin/structure/block' page.
   *
   * @var array
   */
  static public $modules = ['block'];

  /**
   * {@inheritdoc}
   */
  protected function setUp() {
    parent::setUp();
    $account = $this->drupalCreateUser(['administer blocks', 'view the administration theme']);
    $this->drupalLogin($account);
  }

  /**
   * Tests if the 'theme_token' key of 'ajaxPageState' is computed.
   */
  public function testThemeToken() {
    // Visit the block administrative page with default theme. We use that page
    // because 'misc/ajax.js' is loaded there and we can test the token
    // generation.
    $this->drupalGet('admin/structure/block');
    $settings = $this->getDrupalSettings();
    $this->assertNull($settings['ajaxPageState']['theme_token']);

    // Install 'seven' and configure it as administrative theme.
    $this->container->get('theme_installer')->install(['seven']);
    $this->config('system.theme')->set('admin', 'seven')->save();

    // Revisit the page. This time the page is displayed using the 'seven' theme
    // and that is different from the default theme ('classy').
    $this->drupalGet('admin/structure/block');
    $settings = $this->getDrupalSettings();
    $this->assertNotNull($settings['ajaxPageState']['theme_token']);
    // The CSRF token is a 43 length string.
    $this->assertTrue(is_string($settings['ajaxPageState']['theme_token']));
    $this->assertEqual(strlen($settings['ajaxPageState']['theme_token']), 43);
  }

}