X-Git-Url: http://www.aleph1.co.uk/gitweb/?a=blobdiff_plain;ds=sidebyside;f=web%2Fcore%2Fmodules%2Frest%2Ftests%2Fsrc%2FFunctional%2FCookieResourceTestTrait.php;fp=web%2Fcore%2Fmodules%2Frest%2Ftests%2Fsrc%2FFunctional%2FCookieResourceTestTrait.php;h=7ce381b889be7d3b0e767d77a6445437efcc539d;hb=af6d1fb995500ae68849458ee10d66abbdcfb252;hp=a63e41aa72fe0c9f7d397ce7462badab64eaa2b3;hpb=680c79a86e3ed402f263faeac92e89fb6d9edcc0;p=yaffs-website

diff --git a/web/core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php b/web/core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php
index a63e41aa7..7ce381b88 100644
--- a/web/core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php
+++ b/web/core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php
@@ -61,7 +61,7 @@ trait CookieResourceTestTrait {
       'pass' => $this->account->passRaw,
     ];
 
-    $request_options[RequestOptions::BODY] = $this->serializer->encode($request_body, 'json');
+    $request_options[RequestOptions::BODY] = $this->serializer->encode($request_body, static::$format);
     $request_options[RequestOptions::HEADERS] = [
       'Content-Type' => static::$mimeType,
     ];
@@ -91,11 +91,31 @@ trait CookieResourceTestTrait {
   /**
    * {@inheritdoc}
    */
-  protected function assertResponseWhenMissingAuthentication(ResponseInterface $response) {
+  protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
     // Requests needing cookie authentication but missing it results in a 403
     // response. The cookie authentication mechanism sets no response message.
+    // Hence, effectively, this is just the 403 response that one gets as the
+    // anonymous user trying to access a certain REST resource.
+    // @see \Drupal\user\Authentication\Provider\Cookie
     // @todo https://www.drupal.org/node/2847623
-    $this->assertResourceErrorResponse(403, FALSE, $response);
+    if ($method === 'GET') {
+      $expected_cookie_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
+      // - \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber applies
+      //   to cacheable anonymous responses: it updates their cacheability.
+      // - A 403 response to a GET request is cacheable.
+      // Therefore we must update our cacheability expectations accordingly.
+      if (in_array('user.permissions', $expected_cookie_403_cacheability->getCacheContexts(), TRUE)) {
+        $expected_cookie_403_cacheability->addCacheTags(['config:user.role.anonymous']);
+      }
+      // @todo Fix \Drupal\block\BlockAccessControlHandler::mergeCacheabilityFromConditions() in https://www.drupal.org/node/2867881
+      if (static::$entityTypeId === 'block') {
+        $expected_cookie_403_cacheability->setCacheTags(str_replace('user:2', 'user:0', $expected_cookie_403_cacheability->getCacheTags()));
+      }
+      $this->assertResourceErrorResponse(403, FALSE, $response, $expected_cookie_403_cacheability->getCacheTags(), $expected_cookie_403_cacheability->getCacheContexts(), 'MISS', 'MISS');
+    }
+    else {
+      $this->assertResourceErrorResponse(403, FALSE, $response);
+    }
   }
 
   /**