Issue #2817745 by Wim Leers: Add test coverage to prove that REST resource's...

Issue #2817745 by Wim Leers: Add test coverage to prove that REST resource's "auth" configuration is also not allowing global authentication providers like "cookie" when not listed

Issue #2817745 by Wim Leers: Add test coverage to prove that REST resource's...
d20187f4 · cilefen · aa50c33f · d20187f4 · d20187f4 · d20187f4
Commit d20187f4 authored 8 years ago by cilefen
--- a/core/modules/rest/tests/modules/rest_test/rest_test.services.yml
+++ b/core/modules/rest/tests/modules/rest_test/rest_test.services.yml
@@ -3,3 +3,7 @@ services:
    class: Drupal\rest_test\Authentication\Provider\TestAuth
    tags:
      - { name: authentication_provider, provider_id: 'rest_test_auth' }
+  rest_test.authentication.test_auth_global:
+    class: Drupal\rest_test\Authentication\Provider\TestAuthGlobal
+    tags:
+      - { name: authentication_provider, provider_id: 'rest_test_auth_global', global: TRUE }
--- a/core/modules/rest/tests/modules/rest_test/src/Authentication/Provider/TestAuthGlobal.php
+++ b/core/modules/rest/tests/modules/rest_test/src/Authentication/Provider/TestAuthGlobal.php
+<?php
+
+namespace Drupal\rest_test\Authentication\Provider;
+
+use Drupal\Core\Authentication\AuthenticationProviderInterface;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Global authentication provider for testing purposes.
+ */
+class TestAuthGlobal implements AuthenticationProviderInterface {
+
+  /**
+   * {@inheritdoc}
+   */
+  public function applies(Request $request) {
+    return $request->headers->has('REST-test-auth-global');
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function authenticate(Request $request) {
+    return NULL;
+  }
+
+}
--- a/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php
+++ b/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php
@@ -363,6 +363,13 @@ public function testGet() {
    $this->assertResourceErrorResponse(403, 'The used authentication method is not allowed on this route.', $response);

    unset($request_options[RequestOptions::HEADERS]['REST-test-auth']);
+    $request_options[RequestOptions::HEADERS]['REST-test-auth-global'] = '1';
+
+    // DX: 403 when attempting to use unallowed global authentication provider.
+    $response = $this->request('GET', $url, $request_options);
+    $this->assertResourceErrorResponse(403, 'The used authentication method is not allowed on this route.', $response);
+
+    unset($request_options[RequestOptions::HEADERS]['REST-test-auth-global']);
    $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions('GET'));