function ContextualDynamicContextTest::testTokenProtection
Same name in other branches
- 9 core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()
- 10 core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()
- 11.x core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()
Tests the contextual placeholder content is protected by a token.
File
-
core/
modules/ contextual/ tests/ src/ Functional/ ContextualDynamicContextTest.php, line 166
Class
- ContextualDynamicContextTest
- Tests if contextual links are showing on the front page depending on permissions.
Namespace
Drupal\Tests\contextual\FunctionalCode
public function testTokenProtection() {
$this->drupalLogin($this->editorUser);
// Create a node that will have a contextual link.
$node1 = $this->drupalCreateNode([
'type' => 'article',
'promote' => 1,
]);
// Now, on the front page, all article nodes should have contextual links
// placeholders, as should the view that contains them.
$id = 'node:node=' . $node1->id() . ':changed=' . $node1->getChangedTime() . '&langcode=en';
// Editor user: can access contextual links and can edit articles.
$this->drupalGet('node');
$this->assertContextualLinkPlaceHolder($id);
$http_client = $this->getHttpClient();
$url = Url::fromRoute('contextual.render', [], [
'query' => [
'_format' => 'json',
'destination' => 'node',
],
])->setAbsolute()
->toString();
$response = $http_client->request('POST', $url, [
'cookies' => $this->getSessionCookies(),
'form_params' => [
'ids' => [
$id,
],
'tokens' => [],
],
'http_errors' => FALSE,
]);
$this->assertEquals('400', $response->getStatusCode());
$this->assertStringContainsString('No contextual ID tokens specified.', (string) $response->getBody());
$response = $http_client->request('POST', $url, [
'cookies' => $this->getSessionCookies(),
'form_params' => [
'ids' => [
$id,
],
'tokens' => [
'wrong_token',
],
],
'http_errors' => FALSE,
]);
$this->assertEquals('400', $response->getStatusCode());
$this->assertStringContainsString('Invalid contextual ID specified.', (string) $response->getBody());
$response = $http_client->request('POST', $url, [
'cookies' => $this->getSessionCookies(),
'form_params' => [
'ids' => [
$id,
],
'tokens' => [
'wrong_key' => $this->createContextualIdToken($id),
],
],
'http_errors' => FALSE,
]);
$this->assertEquals('400', $response->getStatusCode());
$this->assertStringContainsString('Invalid contextual ID specified.', (string) $response->getBody());
$response = $http_client->request('POST', $url, [
'cookies' => $this->getSessionCookies(),
'form_params' => [
'ids' => [
$id,
],
'tokens' => [
$this->createContextualIdToken($id),
],
],
'http_errors' => FALSE,
]);
$this->assertEquals('200', $response->getStatusCode());
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.