Updated to Drupal 8.5. Core Media not yet in use.

[yaffs-website] / web / core / modules / basic_auth / tests / src / Functional / BasicAuthTest.php

diff --git a/web/core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php b/web/core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php
index b197a7631a190f5c1ccdb57b61dc5e35ac5778cb..f844cb930531f6ff4d6edd75c7550450b633662c 100644 (file)
--- a/web/core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php
+++ b/web/core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php
@@ -7,6 +7,7 @@ use Drupal\Core\Url;
 use Drupal\Tests\basic_auth\Traits\BasicAuthTestTrait;
 use Drupal\language\Entity\ConfigurableLanguage;
 use Drupal\Tests\BrowserTestBase;
+use Drupal\user\Entity\Role;
 
 /**
  * Tests for BasicAuth authentication provider.
@@ -180,6 +181,47 @@ class BasicAuthTest extends BrowserTestBase {
     $this->assertText('Access denied', "A user friendly access denied message is displayed");
   }
 
+  /**
+   * Tests the cacheability of Basic Auth's 401 response.
+   *
+   * @see \Drupal\basic_auth\Authentication\Provider\BasicAuth::challengeException()
+   */
+  public function testCacheabilityOf401Response() {
+    $session = $this->getSession();
+    $url = Url::fromRoute('router_test.11');
+
+    $assert_response_cacheability = function ($expected_page_cache_header_value, $expected_dynamic_page_cache_header_value) use ($session, $url) {
+      $this->drupalGet($url);
+      $this->assertSession()->statusCodeEquals(401);
+      $this->assertSame($expected_page_cache_header_value, $session->getResponseHeader('X-Drupal-Cache'));
+      $this->assertSame($expected_dynamic_page_cache_header_value, $session->getResponseHeader('X-Drupal-Dynamic-Cache'));
+    };
+
+    // 1. First request: cold caches, both Page Cache and Dynamic Page Cache are
+    // now primed.
+    $assert_response_cacheability('MISS', 'MISS');
+    // 2. Second request: Page Cache HIT, we don't even hit Dynamic Page Cache.
+    // This is going to keep happening.
+    $assert_response_cacheability('HIT', 'MISS');
+    // 3. Third request: after clearing Page Cache, we now see that Dynamic Page
+    // Cache is a HIT too.
+    $this->container->get('cache.page')->deleteAll();
+    $assert_response_cacheability('MISS', 'HIT');
+    // 4. Fourth request: warm caches.
+    $assert_response_cacheability('HIT', 'HIT');
+
+    // If the permissions of the 'anonymous' role change, it may no longer be
+    // necessary to be authenticated to access this route. Therefore the cached
+    // 401 responses should be invalidated.
+    $this->grantPermissions(Role::load(Role::ANONYMOUS_ID), [$this->randomMachineName()]);
+    $assert_response_cacheability('MISS', 'MISS');
+    $assert_response_cacheability('HIT', 'MISS');
+    // Idem for when the 'system.site' config changes.
+    $this->config('system.site')->save();
+    $assert_response_cacheability('MISS', 'MISS');
+    $assert_response_cacheability('HIT', 'MISS');
+  }
+
   /**
    * Tests if the controller is called before authentication.
    *