Issue #3473531 by ptmkenny, cspitzlay: Crash on jsonrpc/methods route

f99e14d5 · Patrick Kenny · f4249889 · f99e14d5 · f99e14d5 · f99e14d5
Commit f99e14d5 authored 9 months ago by Patrick Kenny
--- a/modules/jsonrpc_discovery/src/Normalizer/AnnotationNormalizer.php
+++ b/modules/jsonrpc_discovery/src/Normalizer/AnnotationNormalizer.php
@@ -18,13 +18,6 @@ class AnnotationNormalizer extends NormalizerBase {

  const DEPTH_KEY = __CLASS__ . '_depth';

-  /**
-   * The normalizer service.
-   *
-   * @var \Symfony\Component\Serializer\Normalizer\NormalizerInterface
-   */
-  protected $normalizer;
-
  /**
   * {@inheritdoc}
   */
@@ -60,7 +53,7 @@ class AnnotationNormalizer extends NormalizerBase {
            }
            $context[static::DEPTH_KEY] -= 1;
          }
-          $attributes[$key] = $this->normalizer->normalize($child, $format, $context);
+          $attributes[$key] = $this->serializer->normalize($child, $format, $context);
      }
    }
    $normalized = [

--- a/modules/jsonrpc_discovery/tests/src/Functional/JsonRpcDiscoveryFunctionalTestBase.php
+++ b/modules/jsonrpc_discovery/tests/src/Functional/JsonRpcDiscoveryFunctionalTestBase.php
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\Tests\jsonrpc_discovery\Functional;
+
+use Drupal\Tests\BrowserTestBase;
+use Drupal\user\Entity\Role;
+use Drupal\user\RoleInterface;
+use Drupal\user\UserInterface;
+
+/**
+ * This class provides methods specifically for testing something.
+ *
+ * @group jsonrpc
+ */
+abstract class JsonRpcDiscoveryFunctionalTestBase extends BrowserTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected static $modules = [
+    'basic_auth',
+    'jsonrpc',
+    'jsonrpc_core',
+    'jsonrpc_discovery',
+  ];
+
+  /**
+   * A user with authenticated permissions.
+   *
+   * @var \Drupal\user\UserInterface
+   */
+  protected UserInterface $user;
+
+  /**
+   * A user with admin permissions.
+   *
+   * @var \Drupal\user\UserInterface
+   */
+  protected UserInterface $adminUser;
+
+  /**
+   * {@inheritdoc}
+   */
+  protected $defaultTheme = 'stark';
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function setUp(): void {
+    parent::setUp();
+
+    // Grant anon and authorized users permission to use JSON-RPC.
+    $anon_role = Role::load(RoleInterface::ANONYMOUS_ID);
+    $auth_role = Role::load(RoleInterface::AUTHENTICATED_ID);
+    $this->grantPermissions($anon_role, ['use jsonrpc services']);
+    $this->grantPermissions($auth_role, ['use jsonrpc services']);
+
+    $this->user = $this->drupalCreateUser([], 'user', TRUE, ['mail' => 'user@example.com']);
+
+    $this->adminUser = $this->drupalCreateUser([], 'adminUser', TRUE, ['mail' => 'admin@example.com']);
+
+    $this->adminUser->addRole($this->createAdminRole('admin', 'admin'));
+    $this->adminUser->save();
+  }
+
+}
--- a/modules/jsonrpc_discovery/tests/src/Functional/JsonRpcDiscoveryHttpTest.php
+++ b/modules/jsonrpc_discovery/tests/src/Functional/JsonRpcDiscoveryHttpTest.php
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\Tests\jsonrpc\Functional;
+
+use Drupal\Core\Url;
+use Drupal\Tests\jsonrpc_discovery\Functional\JsonRpcDiscoveryFunctionalTestBase;
+use Drupal\user\UserInterface;
+
+/**
+ * Tests the jsonrpc/methods endpoint.
+ *
+ * @group jsonrpc
+ */
+class JsonRpcDiscoveryHttpTest extends JsonRpcDiscoveryFunctionalTestBase {
+  const PLUGINS_METHOD_NAME = 'List defined plugins';
+
+  /**
+   * Executes a request to jsonrpc/methods.
+   *
+   * @return string
+   *   The absolute url.
+   */
+  protected function getMethodsUrl(): string {
+    return Url::fromRoute('jsonrpc.method_collection')
+      ->setAbsolute()->toString();
+  }
+
+  /**
+   * Provides a basic auth header.
+   *
+   * @param \Drupal\user\UserInterface $user
+   *   The user account.
+   *
+   * @return string
+   *   The basic auth header value formatted for Guzzle.
+   */
+  protected function getAuthForUser(UserInterface $user): string {
+    $name = $user->getAccountName();
+    $pass = $user->getPassword();
+    return 'Basic ' . base64_encode($name . ':' . $pass);
+  }
+
+  /**
+   * Tests getting the methods as an anonymous user.
+   */
+  public function testMethodsAnon(): void {
+    // Anon does not have access to JSON-RPC services.
+    $method_url = $this->getMethodsUrl();
+    $anon_response = \Drupal::httpClient()->get($method_url, [
+      'body' => NULL,
+      'headers' => [],
+    ]);
+    $this->assertEquals(200, $anon_response->getStatusCode());
+    // Anon does not have access to the plugins method.
+    $this->assertStringNotContainsString(self::PLUGINS_METHOD_NAME, $anon_response->getBody()
+      ->getContents());
+  }
+
+  /**
+   * Tests getting the methods as an auth user.
+   */
+  public function testMethodsAuth(): void {
+    $method_url = $this->getMethodsUrl();
+    $auth_response = \Drupal::httpClient()->get($method_url, [
+      'body' => NULL,
+      'headers' => [
+        'Authorization' => $this->getAuthForUser($this->user),
+      ],
+    ]);
+    $this->assertEquals(200, $auth_response->getStatusCode());
+    // Auth does not have access to the plugins method.
+    $this->assertStringNotContainsString(self::PLUGINS_METHOD_NAME, $auth_response->getBody()
+      ->getContents());
+  }
+
+}