Merge branch 'jsonrpc_discovery_test' into '3.x'

Confirm that methods from jsonrpc_core are actually returned See merge request !35

Merge branch 'jsonrpc_discovery_test' into '3.x'
36969b2c · Patrick Kenny · e3f58d64 · 31723969 · 36969b2c · 36969b2c
Commit 36969b2c authored 7 months ago by Patrick Kenny
--- a/modules/jsonrpc_discovery/src/Normalizer/AnnotationNormalizer.php
+++ b/modules/jsonrpc_discovery/src/Normalizer/AnnotationNormalizer.php
@@ -47,7 +47,7 @@ class AnnotationNormalizer extends NormalizerBase {

        default:
          $child = $value instanceof AnnotationInterface ? $value->get() : $value;
-          if (isset($context[static::DEPTH_KEY]) && $child instanceof AnnotationInterface || (is_array($child)) && Inspector::assertAllObjects($child, AnnotationInterface::class)) {
+          if (isset($context[static::DEPTH_KEY]) && ($child instanceof AnnotationInterface || (is_array($child)) && Inspector::assertAllObjects($child, AnnotationInterface::class))) {
            if ($context[static::DEPTH_KEY] === 0) {
              break;
            }

--- a/modules/jsonrpc_discovery/tests/src/Functional/JsonRpcDiscoveryFunctionalTestBase.php
+++ b/modules/jsonrpc_discovery/tests/src/Functional/JsonRpcDiscoveryFunctionalTestBase.php
@@ -51,10 +51,8 @@ abstract class JsonRpcDiscoveryFunctionalTestBase extends BrowserTestBase {
  protected function setUp(): void {
    parent::setUp();

-    // Grant anon and authorized users permission to use JSON-RPC.
-    $anon_role = Role::load(RoleInterface::ANONYMOUS_ID);
+    // Grant authorized users permission to use JSON-RPC.
    $auth_role = Role::load(RoleInterface::AUTHENTICATED_ID);
-    $this->grantPermissions($anon_role, ['use jsonrpc services']);
    $this->grantPermissions($auth_role, ['use jsonrpc services']);

    $this->user = $this->drupalCreateUser([], 'user', TRUE, ['mail' => 'user@example.com']);

--- a/modules/jsonrpc_discovery/tests/src/Functional/JsonRpcDiscoveryHttpTest.php
+++ b/modules/jsonrpc_discovery/tests/src/Functional/JsonRpcDiscoveryHttpTest.php
@@ -38,7 +38,7 @@ class JsonRpcDiscoveryHttpTest extends JsonRpcDiscoveryFunctionalTestBase {
   */
  protected function getAuthForUser(UserInterface $user): string {
    $name = $user->getAccountName();
-    $pass = $user->getPassword();
+    $pass = $user->passRaw;
    return 'Basic ' . base64_encode($name . ':' . $pass);
  }

@@ -48,14 +48,15 @@ class JsonRpcDiscoveryHttpTest extends JsonRpcDiscoveryFunctionalTestBase {
  public function testMethodsAnon(): void {
    // Anon does not have access to JSON-RPC services.
    $method_url = $this->getMethodsUrl();
-    $anon_response = \Drupal::httpClient()->get($method_url, [
-      'body' => NULL,
-      'headers' => [],
-    ]);
-    $this->assertEquals(200, $anon_response->getStatusCode());
-    // Anon does not have access to the plugins method.
-    $this->assertStringNotContainsString(self::PLUGINS_METHOD_NAME, $anon_response->getBody()
-      ->getContents());
+    try {
+      \Drupal::httpClient()->get($method_url, [
+        'body' => NULL,
+        'headers' => [],
+      ]);
+    }
+    catch (\Exception $e) {
+      $this->assertStringContainsString('401 Unauthorized', $e->getMessage());
+    }
  }

  /**
@@ -70,8 +71,52 @@ class JsonRpcDiscoveryHttpTest extends JsonRpcDiscoveryFunctionalTestBase {
      ],
    ]);
    $this->assertEquals(200, $auth_response->getStatusCode());
+    // Need to use (string).
+    // See https://stackoverflow.com/a/30549372/1209486.
+    $message_body = (string) $auth_response->getBody();
    // Auth does not have access to the plugins method.
-    $this->assertStringNotContainsString(self::PLUGINS_METHOD_NAME, $auth_response->getBody()
+    // However, all methods will be returned.
+   $this->assertStringContainsString(self::PLUGINS_METHOD_NAME, $message_body);
+  }
+
+  /**
+   * Tests getting the methods as an admin user.
+   */
+  public function testMethodsAdmin(): void {
+    $this->drupalLogin($this->adminUser);
+    $has_plugins_method_permission = \Drupal::currentUser()->hasPermission('administer site configuration');
+    $this->assertTrue($has_plugins_method_permission, 'Admin account does not have permission to access the Plugins JSON-RPC method.');
+
+    $method_url = $this->getMethodsUrl();
+    $admin_response = \Drupal::httpClient()->get($method_url, [
+      'body' => NULL,
+      'headers' => [
+        'Authorization' => $this->getAuthForUser($this->adminUser),
+      ],
+    ]);
+    $this->assertEquals(200, $admin_response->getStatusCode());
+    $message_body = (string) $admin_response->getBody();
+    // Admin does have access to the plugins method.
+    $this->assertStringContainsString(self::PLUGINS_METHOD_NAME, $message_body);
+  }
+
+  /**
+   * Tests getting the plugins method as an admin user.
+   */
+  public function testPluginsAdmin(): void {
+    $this->drupalLogin($this->adminUser);
+    $has_plugins_method_permission = \Drupal::currentUser()->hasPermission('administer site configuration');
+    $this->assertTrue($has_plugins_method_permission, 'Admin account does not have permission to access the Plugins JSON-RPC method.');
+
+    $method_url = $this->getMethodsUrl() . '/plugins.list';
+    $admin_response = \Drupal::httpClient()->get($method_url, [
+      'body' => NULL,
+      'headers' => [
+        'Authorization' => $this->getAuthForUser($this->adminUser),
+      ],
+    ]);
+    $this->assertEquals(200, $admin_response->getStatusCode());
+    $this->assertStringContainsString(self::PLUGINS_METHOD_NAME, $admin_response->getBody()
      ->getContents());
  }