function BasicAuthTest::testBasicAuth
Tests http basic authentication.
File
- 
              core/modules/ basic_auth/ tests/ src/ Functional/ BasicAuthTest.php, line 42 
Class
- BasicAuthTest
- Tests for BasicAuth authentication provider.
Namespace
Drupal\Tests\basic_auth\FunctionalCode
public function testBasicAuth() : void {
  // Enable page caching.
  $config = $this->config('system.performance');
  $config->set('cache.page.max_age', 300);
  $config->save();
  $account = $this->drupalCreateUser();
  $url = Url::fromRoute('router_test.11');
  // Ensure we can log in with valid authentication details.
  $this->basicAuthGet($url, $account->getAccountName(), $account->pass_raw);
  $this->assertSession()
    ->pageTextContains($account->getAccountName());
  $this->assertSession()
    ->statusCodeEquals(200);
  $this->mink
    ->resetSessions();
  $this->assertSession()
    ->responseHeaderDoesNotExist('X-Drupal-Cache');
  // Check that Cache-Control is not set to public.
  $this->assertSession()
    ->responseHeaderNotContains('Cache-Control', 'public');
  // Ensure that invalid authentication details give access denied.
  $this->basicAuthGet($url, $account->getAccountName(), $this->randomMachineName());
  $this->assertSession()
    ->pageTextNotContains($account->getAccountName());
  $this->assertSession()
    ->statusCodeEquals(403);
  $this->mink
    ->resetSessions();
  // Ensure that the user is prompted to authenticate if they are not yet
  // authenticated and the route only allows basic auth.
  $this->drupalGet($url);
  $this->assertSession()
    ->responseHeaderEquals('WWW-Authenticate', 'Basic realm="' . \Drupal::config('system.site')->get('name') . '"');
  $this->assertSession()
    ->statusCodeEquals(401);
  // Ensure that a route without basic auth defined doesn't prompt for auth.
  $this->drupalGet('admin');
  $this->assertSession()
    ->statusCodeEquals(403);
  $account = $this->drupalCreateUser([
    'access administration pages',
  ]);
  // Ensure that a route without basic auth defined doesn't allow login.
  $this->basicAuthGet(Url::fromRoute('system.admin'), $account->getAccountName(), $account->pass_raw);
  $this->assertSession()
    ->linkNotExists('Log out', 'User is not logged in');
  $this->assertSession()
    ->statusCodeEquals(403);
  $this->mink
    ->resetSessions();
  // Ensure that pages already in the page cache aren't returned from page
  // cache if basic auth credentials are provided.
  $url = Url::fromRoute('router_test.10');
  $this->drupalGet($url);
  $this->assertSession()
    ->responseHeaderEquals('X-Drupal-Cache', 'MISS');
  $this->basicAuthGet($url, $account->getAccountName(), $account->pass_raw);
  $this->assertSession()
    ->responseHeaderDoesNotExist('X-Drupal-Cache');
  // Check that Cache-Control is not set to public.
  $this->assertSession()
    ->responseHeaderNotContains('Cache-Control', 'public');
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.
