Version 1

[yaffs-website] / web / core / modules / rest / tests / src / Functional / BasicAuthResourceTestTrait.php

diff --git a/web/core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php b/web/core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php
new file mode 100644 (file)
index 0000000..6f8c621
--- /dev/null
+++ b/web/core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php
@@ -0,0 +1,43 @@
+<?php
+
+namespace Drupal\Tests\rest\Functional;
+
+use Drupal\Core\Url;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Trait for ResourceTestBase subclasses testing $auth=basic_auth.
+ *
+ * Characteristics:
+ * - Every request must send an Authorization header.
+ * - When accessing a URI that requires authentication without being
+ *   authenticated, a 401 response must be sent.
+ * - Because every request must send an authorization, there is no danger of
+ *   CSRF attacks.
+ */
+trait BasicAuthResourceTestTrait {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function getAuthenticationRequestOptions($method) {
+    return [
+      'headers' => [
+        'Authorization' => 'Basic ' . base64_encode($this->account->name->value . ':' . $this->account->passRaw),
+      ],
+    ];
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function assertResponseWhenMissingAuthentication(ResponseInterface $response) {
+    $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response);
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {}
+
+}