function ContextualDynamicContextTest::testTokenProtection

Same name and namespace in other branches
  1. 9 core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()
  2. 8.9.x core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()
  3. 11.x core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()

Tests the contextual placeholder content is protected by a token.

File

core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php, line 173

Class

ContextualDynamicContextTest
Tests contextual link display on the front page based on permissions.

Namespace

Drupal\Tests\contextual\Functional

Code

public function testTokenProtection() : void {
  $this->drupalLogin($this->editorUser);
  // Create a node that will have a contextual link.
  $node1 = $this->drupalCreateNode([
    'type' => 'article',
    'promote' => 1,
  ]);
  // Now, on the front page, all article nodes should have contextual links
  // placeholders, as should the view that contains them.
  $id = 'node:node=' . $node1->id() . ':changed=' . $node1->getChangedTime() . '&langcode=en';
  // Editor user: can access contextual links and can edit articles.
  $this->drupalGet('node');
  $this->assertContextualLinkPlaceHolder($id);
  $http_client = $this->getHttpClient();
  $url = Url::fromRoute('contextual.render', [], [
    'query' => [
      '_format' => 'json',
      'destination' => 'node',
    ],
  ])->setAbsolute()
    ->toString();
  $response = $http_client->request('POST', $url, [
    'cookies' => $this->getSessionCookies(),
    'form_params' => [
      'ids' => [
        $id,
      ],
      'tokens' => [],
    ],
    'http_errors' => FALSE,
  ]);
  $this->assertEquals('400', $response->getStatusCode());
  $this->assertStringContainsString('No contextual ID tokens specified.', (string) $response->getBody());
  $response = $http_client->request('POST', $url, [
    'cookies' => $this->getSessionCookies(),
    'form_params' => [
      'ids' => [
        $id,
      ],
      'tokens' => [
        'wrong_token',
      ],
    ],
    'http_errors' => FALSE,
  ]);
  $this->assertEquals('400', $response->getStatusCode());
  $this->assertStringContainsString('Invalid contextual ID specified.', (string) $response->getBody());
  $response = $http_client->request('POST', $url, [
    'cookies' => $this->getSessionCookies(),
    'form_params' => [
      'ids' => [
        $id,
      ],
      'tokens' => [
        'wrong_key' => $this->createContextualIdToken($id),
      ],
    ],
    'http_errors' => FALSE,
  ]);
  $this->assertEquals('400', $response->getStatusCode());
  $this->assertStringContainsString('Invalid contextual ID specified.', (string) $response->getBody());
  $response = $http_client->request('POST', $url, [
    'cookies' => $this->getSessionCookies(),
    'form_params' => [
      'ids' => [
        $id,
      ],
      'tokens' => [
        $this->createContextualIdToken($id),
      ],
    ],
    'http_errors' => FALSE,
  ]);
  $this->assertEquals('200', $response->getStatusCode());
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.