function CookieResourceTestTrait::assertResponseWhenMissingAuthentication

File

core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php, line 96

Class

CookieResourceTestTrait

Trait for ResourceTestBase subclasses testing $auth=cookie.

Namespace

Code

protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
  // Requests needing cookie authentication but missing it results in a 403
  // response. The cookie authentication mechanism sets no response message.
  // Hence, effectively, this is just the 403 response that one gets as the
  // anonymous user trying to access a certain REST resource.
  // @see \Drupal\user\Authentication\Provider\Cookie
  // @todo https://www.drupal.org/node/2847623
  if ($method === 'GET') {
    $expected_cookie_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
      ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
    // - \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber applies
    //   to cacheable anonymous responses: it updates their cacheability.
    // - A 403 response to a GET request is cacheable.
    // Therefore we must update our cacheability expectations accordingly.
    if (in_array('user.permissions', $expected_cookie_403_cacheability->getCacheContexts(), TRUE)) {
      $expected_cookie_403_cacheability->addCacheTags([
        'config:user.role.anonymous',
      ]);
    }
    $this->assertResourceErrorResponse(403, FALSE, $response, $expected_cookie_403_cacheability->getCacheTags(), $expected_cookie_403_cacheability->getCacheContexts(), 'MISS', FALSE);
  }
  else {
    $this->assertResourceErrorResponse(403, FALSE, $response);
  }
}