Issue #1617918 by pfrenssen, tea.time: Test that no validation errors occur for anonymous users when $form['#token'] == FALSE

2015-09-06 22:03:13 +01:00 · 2015-09-06 22:03:13 +01:00 · 1e1a38b736
parent 45ce123503
commit 1e1a38b736
3 changed files with 60 additions and 0 deletions
--- a/core/modules/system/src/Tests/Form/ValidationTest.php
+++ b/core/modules/system/src/Tests/Form/ValidationTest.php
@ -75,6 +75,14 @@ class ValidationTest extends WebTestBase {
    $this->assertText('The form has become outdated. Copy any unsaved work in the form below');
  }

+  /**
+   * Tests that a form with a disabled CSRF token can be validated.
+   */
+  function testDisabledToken() {
+    $this->drupalPostForm('form-test/validate-no-token', [], 'Save');
+    $this->assertText('The form_test_validate_no_token form has been submitted successfully.');
+  }
+
  /**
   * Tests partial form validation through #limit_validation_errors.
   */
--- a/core/modules/system/tests/modules/form_test/form_test.routing.yml
+++ b/core/modules/system/tests/modules/form_test/form_test.routing.yml
@ -100,6 +100,14 @@ form_test.validate_required_no_title:
  requirements:
    _access: 'TRUE'

+form_test.validate_without_csrf_token:
+  path: '/form-test/validate-no-token'
+  defaults:
+    _form: '\Drupal\form_test\Form\FormTestValidateNoToken'
+    _title: 'Form validation on forms with a disabled CSRF token'
+  requirements:
+    _access: 'TRUE'
+
 form_test.validate_with_error_suppresion:
  path: '/form-test/limit-validation-errors'
  defaults:
--- a/core/modules/system/tests/modules/form_test/src/Form/FormTestValidateNoToken.php
+++ b/core/modules/system/tests/modules/form_test/src/Form/FormTestValidateNoToken.php
@ -0,0 +1,44 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\form_test\Form\FormTestValidateNoToken.
+ */
+
+namespace Drupal\form_test\Form;
+
+use Drupal\Core\Form\FormBase;
+use Drupal\Core\Form\FormStateInterface;
+
+/**
+ * Form to test the validation of forms with a disabled CSRF token.
+ */
+class FormTestValidateNoToken extends FormBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getFormId() {
+    return 'form_test_validate_no_token';
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function buildForm(array $form, FormStateInterface $form_state) {
+    $form['#token'] = FALSE;
+    $form['submit'] = [
+      '#type' => 'submit',
+      '#value' => 'Save',
+    ];
+    return $form;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function submitForm(array &$form, FormStateInterface $form_state) {
+    drupal_set_message('The form_test_validate_no_token form has been submitted successfully.');
+  }
+
+}