Issue #2983504 by ApacheEx, Lendude, Tessa Bakker: Add a way to easily set the cookies in a request done using the Guzzle client

core/modules/editor/tests/src/Functional/EditorSecurityTest.php

@@ -6,7 +6,6 @@ use Drupal\Component\Serialization\Json;
 use Drupal\editor\Entity\Editor;
 use Drupal\filter\Entity\FilterFormat;
 use Drupal\Tests\BrowserTestBase;
-use GuzzleHttp\Cookie\CookieJar;
 
 /**
  * Tests XSS protection for content creators when using text editors.
@@ -390,7 +389,7 @@ class EditorSecurityTest extends BrowserTestBase {
     //  - switch to every other text format/editor
     //  - assert the XSS-filtered values that we get from the server
     $this->drupalLogin($this->privilegedUser);
-    $cookies = $this->getCookies();
+    $cookies = $this->getSessionCookies();
 
     foreach ($expected as $case) {
       $this->drupalGet('node/' . $case['node_id'] . '/edit');
@@ -451,18 +450,4 @@ class EditorSecurityTest extends BrowserTestBase {
     $this->assertIdentical(self::$sampleContent, $dom_node[0]->getText(), 'The value was filtered by the Insecure text editor XSS filter.');
   }
 
-  /**
-   * Get session cookies from current session.
-   *
-   * @return \GuzzleHttp\Cookie\CookieJar
-   *   A cookie jar with the current session.
-   */
-  protected function getCookies() {
-    $domain = parse_url($this->getUrl(), PHP_URL_HOST);
-    $session_id = $this->getSession()->getCookie($this->getSessionName());
-    $cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
-
-    return $cookies;
-  }
-
 }

core/modules/editor/tests/src/Functional/QuickEditIntegrationLoadingTest.php

@@ -6,7 +6,6 @@ use Drupal\Component\Serialization\Json;
 use Drupal\Core\EventSubscriber\MainContentViewSubscriber;
 use Drupal\filter\Entity\FilterFormat;
 use Drupal\Tests\BrowserTestBase;
-use GuzzleHttp\Cookie\CookieJar;
 
 /**
  * Tests Quick Edit module integration endpoints.
@@ -91,7 +90,7 @@ class QuickEditIntegrationLoadingTest extends BrowserTestBase {
       // return a different error message depending of the missing permission.
       $response = $client->post($this->buildUrl('editor/node/1/body/en/full'), [
         'query' => http_build_query([MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax']),
-        'cookies' => $this->getCookies(),
+        'cookies' => $this->getSessionCookies(),
         'headers' => [
           'Accept' => 'application/json',
           'Content-Type' => 'application/x-www-form-urlencoded',
@@ -125,7 +124,7 @@ class QuickEditIntegrationLoadingTest extends BrowserTestBase {
     $client = $this->getHttpClient();
     $response = $client->post($this->buildUrl('editor/node/1/body/en/full'), [
       'query' => http_build_query([MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax']),
-      'cookies' => $this->getCookies(),
+      'cookies' => $this->getSessionCookies(),
       'headers' => [
         'Accept' => 'application/json',
         'Content-Type' => 'application/x-www-form-urlencoded',
@@ -140,17 +139,4 @@ class QuickEditIntegrationLoadingTest extends BrowserTestBase {
     $this->assertIdentical('<p>Do you also love Drupal?</p><img src="druplicon.png" data-caption="Druplicon" />', $ajax_commands[0]['data'], 'The editorGetUntransformedText command contains the expected data.');
   }
 
-  /**
-   * Get session cookies from current session.
-   *
-   * @return \GuzzleHttp\Cookie\CookieJar
-   */
-  protected function getCookies() {
-    $domain = parse_url($this->getUrl(), PHP_URL_HOST);
-    $session_id = $this->getSession()->getCookie($this->getSessionName());
-    $cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
-
-    return $cookies;
-  }
-
 }

core/modules/history/tests/src/Functional/HistoryTest.php

@@ -6,7 +6,6 @@ use Drupal\Component\Serialization\Json;
 use Drupal\Core\Url;
 use Drupal\Tests\BrowserTestBase;
 use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
-use GuzzleHttp\Cookie\CookieJar;
 
 /**
  * Tests the History endpoints.
@@ -38,20 +37,6 @@ class HistoryTest extends BrowserTestBase {
    */
   protected $testNode;
 
-  /**
-   * The cookie jar holding the testing session cookies for Guzzle requests.
-   *
-   * @var \GuzzleHttp\Client
-   */
-  protected $client;
-
-  /**
-   * The Guzzle HTTP client.
-   *
-   * @var \GuzzleHttp\Cookie\CookieJar
-   */
-  protected $cookies;
-
   protected function setUp() {
     parent::setUp();
 
@@ -60,8 +45,6 @@ class HistoryTest extends BrowserTestBase {
     $this->user = $this->drupalCreateUser(['create page content', 'access content']);
     $this->drupalLogin($this->user);
     $this->testNode = $this->drupalCreateNode(['type' => 'page', 'uid' => $this->user->id()]);
-
-    $this->client = $this->getHttpClient();
   }
 
   /**
@@ -75,16 +58,14 @@ class HistoryTest extends BrowserTestBase {
    */
   protected function getNodeReadTimestamps(array $node_ids) {
     // Perform HTTP request.
+    $http_client = $this->getHttpClient();
     $url = Url::fromRoute('history.get_last_node_view')
       ->setAbsolute()
       ->toString();
-    return $this->client->post($url, [
-      'body' => http_build_query(['node_ids' => $node_ids]),
-      'cookies' => $this->cookies,
-      'headers' => [
-        'Accept' => 'application/json',
-        'Content-Type' => 'application/x-www-form-urlencoded',
-      ],
+
+    return $http_client->request('POST', $url, [
+      'form_params' => ['node_ids' => $node_ids],
+      'cookies' => $this->getSessionCookies(),
       'http_errors' => FALSE,
     ]);
   }
@@ -99,12 +80,11 @@ class HistoryTest extends BrowserTestBase {
    *   The response body.
    */
   protected function markNodeAsRead($node_id) {
+    $http_client = $this->getHttpClient();
     $url = Url::fromRoute('history.read_node', ['node' => $node_id], ['absolute' => TRUE])->toString();
-    return $this->client->post($url, [
-      'cookies' => $this->cookies,
-      'headers' => [
-        'Accept' => 'application/json',
-      ],
+
+    return $http_client->request('POST', $url, [
+      'cookies' => $this->getSessionCookies(),
       'http_errors' => FALSE,
     ]);
   }
@@ -156,19 +136,4 @@ class HistoryTest extends BrowserTestBase {
     $this->assertEquals(403, $response->getStatusCode());
   }
 
-  /**
-   * Obtain the HTTP client and set the cookies.
-   *
-   * @return \GuzzleHttp\Client
-   *   The client with BrowserTestBase configuration.
-   */
-  protected function getHttpClient() {
-    // Similar code is also employed to test CSRF tokens.
-    // @see \Drupal\Tests\system\Functional\CsrfRequestHeaderTest::testRouteAccess()
-    $domain = parse_url($this->getUrl(), PHP_URL_HOST);
-    $session_id = $this->getSession()->getCookie($this->getSessionName());
-    $this->cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
-    return $this->getSession()->getDriver()->getClient()->getClient();
-  }
-
 }

core/modules/system/tests/src/Functional/CsrfRequestHeaderTest.php

@@ -4,7 +4,6 @@ namespace Drupal\Tests\system\Functional;
 
 use Drupal\Core\Url;
 use Drupal\Tests\BrowserTestBase;
-use GuzzleHttp\Cookie\CookieJar;
 
 /**
  * Tests protecting routes by requiring CSRF token in the request header.
@@ -27,7 +26,7 @@ class CsrfRequestHeaderTest extends BrowserTestBase {
    * uses the deprecated _access_rest_csrf.
    */
   public function testRouteAccess() {
-    $client = \Drupal::httpClient();
+    $client = $this->getHttpClient();
     $csrf_token_paths = ['deprecated/session/token', 'session/token'];
     // Test using the both the current path and a test path that returns
     // a token using the deprecated 'rest' value.
@@ -44,11 +43,6 @@ class CsrfRequestHeaderTest extends BrowserTestBase {
         $url = Url::fromRoute($route_name)
           ->setAbsolute(TRUE)
           ->toString();
-        $domain = parse_url($url, PHP_URL_HOST);
-
-        $session_id = $this->getSession()->getCookie($this->getSessionName());
-        /** @var \GuzzleHttp\Cookie\CookieJar $cookies */
-        $cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
         $post_options = [
           'headers' => ['Accept' => 'text/plain'],
           'http_errors' => FALSE,
@@ -60,7 +54,7 @@ class CsrfRequestHeaderTest extends BrowserTestBase {
 
         // Add cookies to POST options so that all other requests are for the
         // authenticated user.
-        $post_options['cookies'] = $cookies;
+        $post_options['cookies'] = $this->getSessionCookies();
 
         // Test that access is denied with no token in header.
         $result = $client->post($url, $post_options);

core/tests/Drupal/Tests/BrowserTestBase.php

@@ -17,6 +17,7 @@ use Drupal\Tests\block\Traits\BlockCreationTrait;
 use Drupal\Tests\node\Traits\ContentTypeCreationTrait;
 use Drupal\Tests\node\Traits\NodeCreationTrait;
 use Drupal\Tests\user\Traits\UserCreationTrait;
+use GuzzleHttp\Cookie\CookieJar;
 use PHPUnit\Framework\TestCase;
 use Psr\Http\Message\RequestInterface;
 use Psr\Http\Message\ResponseInterface;
@@ -489,6 +490,20 @@ abstract class BrowserTestBase extends TestCase {
     return $this->mink->getSession($name);
   }
 
+  /**
+   * Get session cookies from current session.
+   *
+   * @return \GuzzleHttp\Cookie\CookieJar
+   *   A cookie jar with the current session.
+   */
+  protected function getSessionCookies() {
+    $domain = parse_url($this->getUrl(), PHP_URL_HOST);
+    $session_id = $this->getSession()->getCookie($this->getSessionName());
+    $cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
+
+    return $cookies;
+  }
+
   /**
    * Obtain the HTTP client for the system under test.
    *