class RouteProcessorCsrfTest

Same name and namespace in other branches
  1. 11.x core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php \Drupal\Tests\Core\Access\RouteProcessorCsrfTest
  2. 10 core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php \Drupal\Tests\Core\Access\RouteProcessorCsrfTest
  3. 9 core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php \Drupal\Tests\Core\Access\RouteProcessorCsrfTest
  4. 8.9.x core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php \Drupal\Tests\Core\Access\RouteProcessorCsrfTest

Tests Drupal\Core\Access\RouteProcessorCsrf.

Attributes

#[CoversClass(RouteProcessorCsrf::class)] #[Group('Access')]

Hierarchy

Expanded class hierarchy of RouteProcessorCsrfTest

File

View on git.drupalcode.org

core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php, line 21

Namespace

Drupal\Tests\Core\Access
View source 
class RouteProcessorCsrfTest extends UnitTestCase {
  
  /**
   * The mock CSRF token generator.
   */
  protected CsrfTokenGenerator&MockObject $csrfToken;
  
  /**
   * The mock request stack.
   */
  protected RequestStack&MockObject $requestStack;
  
  /**
   * The route processor.
   */
  protected RouteProcessorCsrf $processor;
  
  /**
   * {@inheritdoc}
   */
  protected function setUp() : void {
    parent::setUp();
    $this->csrfToken = $this->getMockBuilder('Drupal\\Core\\Access\\CsrfTokenGenerator')
      ->disableOriginalConstructor()
      ->getMock();
    $this->requestStack = $this->getMockBuilder('Symfony\\Component\\HttpFoundation\\RequestStack')
      ->disableOriginalConstructor()
      ->getMock();
    $request = $this->createMock('Symfony\\Component\\HttpFoundation\\Request');
    $request->expects($this->any())
      ->method('getRequestFormat')
      ->willReturn('html');
    $this->requestStack
      ->expects($this->any())
      ->method('getCurrentRequest')
      ->willReturn($request);
    $this->processor = new RouteProcessorCsrf($this->csrfToken, $this->requestStack);
  }
  
  /**
   * Tests the processOutbound() method with no _csrf_token route requirement.
   */
  public function testProcessOutboundNoRequirement() : void {
    $this->csrfToken
      ->expects($this->never())
      ->method('get');
    $route = new Route('/test-path');
    $parameters = [];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);
    // No parameters should be added to the parameters array.
    $this->assertEmpty($parameters);
    // Cacheability of routes without a _csrf_token route requirement is
    // unaffected.
    $this->assertEquals(new BubbleableMetadata(), $bubbleable_metadata);
  }
  
  /**
   * Tests the processOutbound() method with a _csrf_token route requirement.
   */
  public function testProcessOutbound() : void {
    $route = new Route('/test-path', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $parameters = [];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);
    // 'token' should be added to the parameters array.
    $this->assertArrayHasKey('token', $parameters);
    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = 'test-path';
    $placeholder = Crypt::hashBase64($path);
    $placeholder_render_array = [
      '#lazy_builder' => [
        'route_processor_csrf:renderPlaceholderCsrfToken',
        [
          $path,
        ],
      ],
    ];
    $this->assertSame($parameters['token'], $placeholder);
    $this->assertEquals((new BubbleableMetadata())->setAttachments([
      'placeholders' => [
        $placeholder => $placeholder_render_array,
      ],
    ]), $bubbleable_metadata);
  }
  
  /**
   * Tests the processOutbound() method with a dynamic path and one replacement.
   */
  public function testProcessOutboundDynamicOne() : void {
    $route = new Route('/test-path/{slug}', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $parameters = [
      'slug' => 100,
    ];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);
    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = 'test-path/100';
    $placeholder = Crypt::hashBase64($path);
    $placeholder_render_array = [
      '#lazy_builder' => [
        'route_processor_csrf:renderPlaceholderCsrfToken',
        [
          $path,
        ],
      ],
    ];
    $this->assertEquals((new BubbleableMetadata())->setAttachments([
      'placeholders' => [
        $placeholder => $placeholder_render_array,
      ],
    ]), $bubbleable_metadata);
  }
  
  /**
   * Tests the processOutbound() method with two parameter replacements.
   */
  public function testProcessOutboundDynamicTwo() : void {
    $route = new Route('{slug_1}/test-path/{slug_2}', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $parameters = [
      'slug_1' => 100,
      'slug_2' => 'test',
    ];
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor
      ->processOutbound('test', $route, $parameters, $bubbleable_metadata);
    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = '100/test-path/test';
    $placeholder = Crypt::hashBase64($path);
    $placeholder_render_array = [
      '#lazy_builder' => [
        'route_processor_csrf:renderPlaceholderCsrfToken',
        [
          $path,
        ],
      ],
    ];
    $this->assertEquals((new BubbleableMetadata())->setAttachments([
      'placeholders' => [
        $placeholder => $placeholder_render_array,
      ],
    ]), $bubbleable_metadata);
  }
  
  /**
   * Tests JSON requests to get no placeholders, but real tokens.
   */
  public function testProcessOutboundJsonFormat() : void {
    // Create a new request mock that returns 'json' format.
    $request = $this->createMock('Symfony\\Component\\HttpFoundation\\Request');
    $request->expects($this->once())
      ->method('getRequestFormat')
      ->willReturn('json');
    $this->requestStack = $this->createMock('Symfony\\Component\\HttpFoundation\\RequestStack');
    $this->requestStack
      ->expects($this->once())
      ->method('getCurrentRequest')
      ->willReturn($request);
    // Mock that the CSRF token service should be called once with 'test-path'
    // and return a test token.
    $this->csrfToken
      ->expects($this->any())
      ->method('get')
      ->with('test-path')
      ->willReturn('real_token_value');
    $this->processor = new RouteProcessorCsrf($this->csrfToken, $this->requestStack);
    $route = new Route('/test-path', [], [
      '_csrf_token' => 'TRUE',
    ]);
    $parameters = [];
    // For JSON requests, the actual CSRF token should be in parameters,
    // regardless of whether cache metadata is present.
    $this->processor
      ->processOutbound('test', $route, $parameters);
    $this->assertEquals('real_token_value', $parameters['token']);
    $this->processor
      ->processOutbound('test', $route, $parameters, new BubbleableMetadata());
    $this->assertEquals('real_token_value', $parameters['token']);
  }

}

Members

Title Deprecated Modifiers Object type Summary Overriden Title
DrupalTestCaseTrait::checkErrorHandlerOnTearDown public function Checks the test error handler after test execution.
ExpectDeprecationTrait::expectDeprecation Deprecated public function Adds an expected deprecation.
ExpectDeprecationTrait::regularExpressionForFormatDescription private function
RandomGeneratorTrait::getRandomGenerator protected function Gets the random generator for the utility methods.
RandomGeneratorTrait::randomMachineName protected function Generates a unique random string containing letters and numbers.
RandomGeneratorTrait::randomObject public function Generates a random PHP object.
RandomGeneratorTrait::randomString public function Generates a pseudo-random string of ASCII characters of codes 32 to 126.
RouteProcessorCsrfTest::$csrfToken protected property The mock CSRF token generator.
RouteProcessorCsrfTest::$processor protected property The route processor.
RouteProcessorCsrfTest::$requestStack protected property The mock request stack.
RouteProcessorCsrfTest::setUp protected function Overrides UnitTestCase::setUp
RouteProcessorCsrfTest::testProcessOutbound public function Tests the processOutbound() method with a _csrf_token route requirement.
RouteProcessorCsrfTest::testProcessOutboundDynamicOne public function Tests the processOutbound() method with a dynamic path and one replacement.
RouteProcessorCsrfTest::testProcessOutboundDynamicTwo public function Tests the processOutbound() method with two parameter replacements.
RouteProcessorCsrfTest::testProcessOutboundJsonFormat public function Tests JSON requests to get no placeholders, but real tokens.
RouteProcessorCsrfTest::testProcessOutboundNoRequirement public function Tests the processOutbound() method with no _csrf_token route requirement.
UnitTestCase::$root protected property The app root.
UnitTestCase::getClassResolverStub protected function Returns a stub class resolver.
UnitTestCase::getConfigFactoryStub public function Returns a stub config factory that behaves according to the passed array.
UnitTestCase::getContainerWithCacheTagsInvalidator protected function Sets up a container with a cache tags invalidator.
UnitTestCase::getStringTranslationStub public function Returns a stub translation manager that just returns the passed string.
UnitTestCase::setDebugDumpHandler public static function Registers the dumper CLI handler when the DebugDump extension is enabled.
UnitTestCase::setupMockIterator protected function Set up a traversable class mock to return specific items when iterated.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.