function CookieResourceTestTrait::assertResponseWhenMissingAuthentication

Same name in other branches
  1. 8.9.x core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php \Drupal\Tests\rest\Functional\CookieResourceTestTrait::assertResponseWhenMissingAuthentication()
  2. 10 core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php \Drupal\Tests\rest\Functional\CookieResourceTestTrait::assertResponseWhenMissingAuthentication()
  3. 11.x core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php \Drupal\Tests\rest\Functional\CookieResourceTestTrait::assertResponseWhenMissingAuthentication()

File

core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php, line 94

Class

CookieResourceTestTrait
Trait for ResourceTestBase subclasses testing $auth=cookie.

Namespace

Drupal\Tests\rest\Functional

Code

protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
    // Requests needing cookie authentication but missing it results in a 403
    // response. The cookie authentication mechanism sets no response message.
    // Hence, effectively, this is just the 403 response that one gets as the
    // anonymous user trying to access a certain REST resource.
    // @see \Drupal\user\Authentication\Provider\Cookie
    // @todo https://www.drupal.org/node/2847623
    if ($method === 'GET') {
        $expected_cookie_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
            ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
        // - \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber applies
        //   to cacheable anonymous responses: it updates their cacheability.
        // - A 403 response to a GET request is cacheable.
        // Therefore we must update our cacheability expectations accordingly.
        if (in_array('user.permissions', $expected_cookie_403_cacheability->getCacheContexts(), TRUE)) {
            $expected_cookie_403_cacheability->addCacheTags([
                'config:user.role.anonymous',
            ]);
        }
        // @todo Fix \Drupal\block\BlockAccessControlHandler::mergeCacheabilityFromConditions() in https://www.drupal.org/node/2867881
        if (static::$entityTypeId === 'block') {
            $expected_cookie_403_cacheability->setCacheTags(str_replace('user:2', 'user:0', $expected_cookie_403_cacheability->getCacheTags()));
        }
        $this->assertResourceErrorResponse(403, FALSE, $response, $expected_cookie_403_cacheability->getCacheTags(), $expected_cookie_403_cacheability->getCacheContexts(), 'MISS', FALSE);
    }
    else {
        $this->assertResourceErrorResponse(403, FALSE, $response);
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.