function StyleSerializerTest::testRestViewsAuthentication

Same name in other branches
  1. 8.9.x core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()
  2. 10 core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()
  3. 11.x core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()

Checks that the auth options restricts access to a REST views display.

File

core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php, line 98

Class

StyleSerializerTest
Tests the serializer style plugin.

Namespace

Drupal\Tests\rest\Functional\Views

Code

public function testRestViewsAuthentication() {
    // Assume the view is hidden behind a permission.
    $this->drupalGet('test/serialize/auth_with_perm', [
        'query' => [
            '_format' => 'json',
        ],
    ]);
    $this->assertSession()
        ->statusCodeEquals(401);
    // Not even logging in would make it possible to see the view, because then
    // we are denied based on authentication method (cookie).
    $this->drupalLogin($this->adminUser);
    $this->drupalGet('test/serialize/auth_with_perm', [
        'query' => [
            '_format' => 'json',
        ],
    ]);
    $this->assertSession()
        ->statusCodeEquals(403);
    $this->drupalLogout();
    // But if we use the basic auth authentication strategy, we should be able
    // to see the page.
    $url = $this->buildUrl('test/serialize/auth_with_perm');
    $response = \Drupal::httpClient()->get($url, [
        'auth' => [
            $this->adminUser
                ->getAccountName(),
            $this->adminUser->pass_raw,
        ],
        'query' => [
            '_format' => 'json',
        ],
    ]);
    // Ensure that any changes to variables in the other thread are picked up.
    $this->refreshVariables();
    $this->assertSession()
        ->statusCodeEquals(200);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.