/**
* Tests the processOutbound() method with two parameter replacements.
*/
public function testProcessOutboundDynamicTwo()
{
$this->csrfToken->expects($this->once())->method('get')->with('100/test-path/test')->will($this->returnValue('test_token'));
$route = new Route('{slug_1}/test-path/{slug_2}', array(), array('_csrf_token' => 'TRUE'));
$parameters = array('slug_1' => 100, 'slug_2' => 'test');
$this->assertNull($this->processor->processOutbound('test', $route, $parameters));
}
/**
* Tests the access() method with an invalid token.
*/
public function testAccessTokenFail()
{
$this->csrfToken->expects($this->once())->method('validate')->with('test_query', 'test-path')->will($this->returnValue(FALSE));
$this->routeMatch->expects($this->once())->method('getRawParameters')->will($this->returnValue(array()));
$route = new Route('/test-path', array(), array('_csrf_token' => 'TRUE'));
$request = Request::create('/test-path?token=test_query');
$this->assertEquals(AccessResult::forbidden()->setCacheable(FALSE), $this->accessCheck->access($route, $request, $this->routeMatch));
}
/**
* Tests the processOutbound() method with two parameter replacements.
*/
public function testProcessOutboundDynamicTwo()
{
$this->csrfToken->expects($this->once())->method('get')->with('100/test-path/test')->will($this->returnValue('test_token'));
$route = new Route('{slug_1}/test-path/{slug_2}', array(), array('_csrf_token' => 'TRUE'));
$parameters = array('slug_1' => 100, 'slug_2' => 'test');
$cacheable_metadata = new CacheableMetadata();
$this->processor->processOutbound('test', $route, $parameters, $cacheable_metadata);
// Cacheability of routes with a _csrf_token route requirement is max-age=0.
$this->assertEquals((new CacheableMetadata())->setCacheMaxAge(0), $cacheable_metadata);
}
/**
* Tests the processOutbound() method with no _csrf_token route requirement.
*/
public function testProcessOutboundNoRequirement()
{
$this->csrfToken->expects($this->never())->method('get');
$route = new Route('/test-path');
$parameters = array();
$bubbleable_metadata = new BubbleableMetadata();
$this->processor->processOutbound('test', $route, $parameters, $bubbleable_metadata);
// No parameters should be added to the parameters array.
$this->assertEmpty($parameters);
// Cacheability of routes without a _csrf_token route requirement is
// unaffected.
$this->assertEquals(new BubbleableMetadata(), $bubbleable_metadata);
}
/**
* @covers ::setCache
*/
public function testSetCacheAuthUser() {
$form_build_id = 'the_form_build_id';
$form = [];
$form_state = new FormState();
$cache_token = 'the_cache_token';
$form_data = $form;
$form_data['#cache_token'] = $cache_token;
$this->formCacheStore->expects($this->once())
->method('setWithExpire')
->with($form_build_id, $form_data, $this->isType('int'));
$form_state_data = $form_state->getCacheableArray();
$form_state_data['build_info']['safe_strings'] = [];
$this->formStateCacheStore->expects($this->once())
->method('setWithExpire')
->with($form_build_id, $form_state_data, $this->isType('int'));
$this->csrfToken->expects($this->once())
->method('get')
->willReturn($cache_token);
$this->account->expects($this->once())
->method('isAuthenticated')
->willReturn(TRUE);
$this->formCache->setCache($form_build_id, $form, $form_state);
}
/**
* Tests the access() method with no _controller_request attribute set.
*
* This will use the 'ALL' access conjunction.
*/
public function testAccessTokenMissAll()
{
$this->csrfToken->expects($this->never())->method('validate');
$route = new Route('/test-path', array(), array('_csrf_token' => 'TRUE'), array('_access_mode' => 'ALL'));
$request = new Request(array('token' => 'test_query'));
$this->assertSame(AccessInterface::ALLOW, $this->accessCheck->access($route, $request, $this->account));
}
/**
* @covers ::validateForm
*/
public function testValidateValidFormToken()
{
$request_stack = new RequestStack();
$this->csrfToken->expects($this->once())->method('validate')->will($this->returnValue(TRUE));
$form_validator = $this->getMockBuilder('Drupal\\Core\\Form\\FormValidator')->setConstructorArgs([$request_stack, $this->getStringTranslationStub(), $this->csrfToken, $this->logger, $this->formErrorHandler])->setMethods(array('doValidateForm'))->getMock();
$form_validator->expects($this->once())->method('doValidateForm');
$form['#token'] = 'test_form_id';
$form_state = $this->getMockBuilder('Drupal\\Core\\Form\\FormState')->setMethods(array('setErrorByName'))->getMock();
$form_state->expects($this->never())->method('setErrorByName');
$form_state->setValue('form_token', 'some_random_token');
$form_validator->validateForm('test_form_id', $form, $form_state);
$this->assertTrue($form_state->isValidationComplete());
}
