/**
* Tests the access() method with an invalid token.
*/
public function testAccessTokenFail()
{
$this->csrfToken->expects($this->once())->method('validate')->with('test_query', 'test-path')->will($this->returnValue(FALSE));
$this->routeMatch->expects($this->once())->method('getRawParameters')->will($this->returnValue(array()));
$route = new Route('/test-path', array(), array('_csrf_token' => 'TRUE'));
$request = Request::create('/test-path?token=test_query');
$this->assertEquals(AccessResult::forbidden()->setCacheable(FALSE), $this->accessCheck->access($route, $request, $this->routeMatch));
}
/**
* Tests the access() method with no _controller_request attribute set.
*
* This will use the 'ALL' access conjunction.
*/
public function testAccessTokenMissAll()
{
$this->csrfToken->expects($this->never())->method('validate');
$route = new Route('/test-path', array(), array('_csrf_token' => 'TRUE'), array('_access_mode' => 'ALL'));
$request = new Request(array('token' => 'test_query'));
$this->assertSame(AccessInterface::ALLOW, $this->accessCheck->access($route, $request, $this->account));
}
