RouteProcessorCsrfTest.php 4.25 KB
Newer Older
1 2 3 4
<?php

namespace Drupal\Tests\Core\Access;

5
use Drupal\Component\Utility\Crypt;
6
use Drupal\Core\Render\BubbleableMetadata;
7 8 9 10 11
use Drupal\Tests\UnitTestCase;
use Drupal\Core\Access\RouteProcessorCsrf;
use Symfony\Component\Routing\Route;

/**
12 13
 * @coversDefaultClass \Drupal\Core\Access\RouteProcessorCsrf
 * @group Access
14 15 16 17 18 19
 */
class RouteProcessorCsrfTest extends UnitTestCase {

  /**
   * The mock CSRF token generator.
   *
20
   * @var \Drupal\Core\Access\CsrfTokenGenerator|\PHPUnit\Framework\MockObject\MockObject
21 22 23 24 25 26 27 28 29 30
   */
  protected $csrfToken;

  /**
   * The route processor.
   *
   * @var \Drupal\Core\Access\RouteProcessorCsrf
   */
  protected $processor;

31
  protected function setUp(): void {
32 33 34 35 36 37 38 39
    $this->csrfToken = $this->getMockBuilder('Drupal\Core\Access\CsrfTokenGenerator')
      ->disableOriginalConstructor()
      ->getMock();

    $this->processor = new RouteProcessorCsrf($this->csrfToken);
  }

  /**
40 41
   * Tests the processOutbound() method with no _csrf_token route requirement.
   */
42 43 44 45
  public function testProcessOutboundNoRequirement() {
    $this->csrfToken->expects($this->never())
      ->method('get');

46
    $route = new Route('/test-path');
47
    $parameters = [];
48

49 50
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor->processOutbound('test', $route, $parameters, $bubbleable_metadata);
51 52
    // No parameters should be added to the parameters array.
    $this->assertEmpty($parameters);
53 54
    // Cacheability of routes without a _csrf_token route requirement is
    // unaffected.
55
    $this->assertEquals((new BubbleableMetadata()), $bubbleable_metadata);
56 57 58 59 60 61
  }

  /**
   * Tests the processOutbound() method with a _csrf_token route requirement.
   */
  public function testProcessOutbound() {
62 63
    $route = new Route('/test-path', [], ['_csrf_token' => 'TRUE']);
    $parameters = [];
64

65 66
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor->processOutbound('test', $route, $parameters, $bubbleable_metadata);
67 68
    // 'token' should be added to the parameters array.
    $this->assertArrayHasKey('token', $parameters);
69 70 71
    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = 'test-path';
72
    $placeholder = Crypt::hashBase64($path);
73 74 75 76 77
    $placeholder_render_array = [
      '#lazy_builder' => ['route_processor_csrf:renderPlaceholderCsrfToken', [$path]],
    ];
    $this->assertSame($parameters['token'], $placeholder);
    $this->assertEquals((new BubbleableMetadata())->setAttachments(['placeholders' => [$placeholder => $placeholder_render_array]]), $bubbleable_metadata);
78 79
  }

80 81 82 83
  /**
   * Tests the processOutbound() method with a dynamic path and one replacement.
   */
  public function testProcessOutboundDynamicOne() {
84 85
    $route = new Route('/test-path/{slug}', [], ['_csrf_token' => 'TRUE']);
    $parameters = ['slug' => 100];
86

87 88 89 90 91
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor->processOutbound('test', $route, $parameters, $bubbleable_metadata);
    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = 'test-path/100';
92
    $placeholder = Crypt::hashBase64($path);
93 94 95 96
    $placeholder_render_array = [
      '#lazy_builder' => ['route_processor_csrf:renderPlaceholderCsrfToken', [$path]],
    ];
    $this->assertEquals((new BubbleableMetadata())->setAttachments(['placeholders' => [$placeholder => $placeholder_render_array]]), $bubbleable_metadata);
97 98 99 100 101 102
  }

  /**
   * Tests the processOutbound() method with two parameter replacements.
   */
  public function testProcessOutboundDynamicTwo() {
103 104
    $route = new Route('{slug_1}/test-path/{slug_2}', [], ['_csrf_token' => 'TRUE']);
    $parameters = ['slug_1' => 100, 'slug_2' => 'test'];
105

106 107 108 109 110
    $bubbleable_metadata = new BubbleableMetadata();
    $this->processor->processOutbound('test', $route, $parameters, $bubbleable_metadata);
    // Bubbleable metadata of routes with a _csrf_token route requirement is a
    // placeholder.
    $path = '100/test-path/test';
111
    $placeholder = Crypt::hashBase64($path);
112 113 114 115
    $placeholder_render_array = [
      '#lazy_builder' => ['route_processor_csrf:renderPlaceholderCsrfToken', [$path]],
    ];
    $this->assertEquals((new BubbleableMetadata())->setAttachments(['placeholders' => [$placeholder => $placeholder_render_array]]), $bubbleable_metadata);
116 117
  }

118
}