function ContextualDynamicContextTest::testTokenProtection

Same name in other branches
  1. 9 core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()
  2. 10 core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()
  3. 11.x core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php \Drupal\Tests\contextual\Functional\ContextualDynamicContextTest::testTokenProtection()

Tests the contextual placeholder content is protected by a token.

File

core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php, line 166

Class

ContextualDynamicContextTest
Tests if contextual links are showing on the front page depending on permissions.

Namespace

Drupal\Tests\contextual\Functional

Code

public function testTokenProtection() {
    $this->drupalLogin($this->editorUser);
    // Create a node that will have a contextual link.
    $node1 = $this->drupalCreateNode([
        'type' => 'article',
        'promote' => 1,
    ]);
    // Now, on the front page, all article nodes should have contextual links
    // placeholders, as should the view that contains them.
    $id = 'node:node=' . $node1->id() . ':changed=' . $node1->getChangedTime() . '&langcode=en';
    // Editor user: can access contextual links and can edit articles.
    $this->drupalGet('node');
    $this->assertContextualLinkPlaceHolder($id);
    $http_client = $this->getHttpClient();
    $url = Url::fromRoute('contextual.render', [], [
        'query' => [
            '_format' => 'json',
            'destination' => 'node',
        ],
    ])->setAbsolute()
        ->toString();
    $response = $http_client->request('POST', $url, [
        'cookies' => $this->getSessionCookies(),
        'form_params' => [
            'ids' => [
                $id,
            ],
            'tokens' => [],
        ],
        'http_errors' => FALSE,
    ]);
    $this->assertEquals('400', $response->getStatusCode());
    $this->assertStringContainsString('No contextual ID tokens specified.', (string) $response->getBody());
    $response = $http_client->request('POST', $url, [
        'cookies' => $this->getSessionCookies(),
        'form_params' => [
            'ids' => [
                $id,
            ],
            'tokens' => [
                'wrong_token',
            ],
        ],
        'http_errors' => FALSE,
    ]);
    $this->assertEquals('400', $response->getStatusCode());
    $this->assertStringContainsString('Invalid contextual ID specified.', (string) $response->getBody());
    $response = $http_client->request('POST', $url, [
        'cookies' => $this->getSessionCookies(),
        'form_params' => [
            'ids' => [
                $id,
            ],
            'tokens' => [
                'wrong_key' => $this->createContextualIdToken($id),
            ],
        ],
        'http_errors' => FALSE,
    ]);
    $this->assertEquals('400', $response->getStatusCode());
    $this->assertStringContainsString('Invalid contextual ID specified.', (string) $response->getBody());
    $response = $http_client->request('POST', $url, [
        'cookies' => $this->getSessionCookies(),
        'form_params' => [
            'ids' => [
                $id,
            ],
            'tokens' => [
                $this->createContextualIdToken($id),
            ],
        ],
        'http_errors' => FALSE,
    ]);
    $this->assertEquals('200', $response->getStatusCode());
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.