trait AnonResourceTestTrait

Same name in other branches
  1. 8.9.x core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php \Drupal\Tests\rest\Functional\AnonResourceTestTrait
  2. 10 core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php \Drupal\Tests\rest\Functional\AnonResourceTestTrait
  3. 11.x core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php \Drupal\Tests\rest\Functional\AnonResourceTestTrait

Trait for ResourceTestBase subclasses testing $auth=NULL, i.e. authless/anon.

Characteristics:

  • When no authentication provider is being used, there also cannot be any particular error response for missing authentication, since by definition there is not any authentication.
  • For the same reason, there are no authentication edge cases to test.
  • Because no authentication is required, this is vulnerable to CSRF attacks by design. Hence a REST resource should probably only allow for anonymous for safe (GET/HEAD) HTTP methods, and only with extreme care should unsafe (POST/PATCH/DELETE) HTTP methods be allowed for a REST resource that allows anonymous access.

Hierarchy

162 files declare their use of AnonResourceTestTrait
ActionHalJsonAnonTest.php in core/modules/hal/tests/src/Functional/system/ActionHalJsonAnonTest.php
ActionJsonAnonTest.php in core/modules/system/tests/src/Functional/Rest/ActionJsonAnonTest.php
ActionXmlAnonTest.php in core/modules/system/tests/src/Functional/Rest/ActionXmlAnonTest.php
BaseFieldOverrideHalJsonAnonTest.php in core/modules/hal/tests/src/Functional/Core/BaseFieldOverrideHalJsonAnonTest.php
BaseFieldOverrideJsonAnonTest.php in core/tests/Drupal/FunctionalTests/Rest/BaseFieldOverrideJsonAnonTest.php

... See full list

File

core/modules/rest/tests/src/Functional/AnonResourceTestTrait.php, line 22

Namespace

Drupal\Tests\rest\Functional
View source
trait AnonResourceTestTrait {
    
    /**
     * {@inheritdoc}
     */
    protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
        throw new \LogicException('When testing for anonymous users, authentication cannot be missing.');
    }
    
    /**
     * {@inheritdoc}
     */
    protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
    }

}

Members


Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.