Issue #2817745 by Wim Leers: Add test coverage to prove that REST resource's...

    class: Drupal\rest_test\Authentication\Provider\TestAuth

    tags:

      - { name: authentication_provider, provider_id: 'rest_test_auth' }

  rest_test.authentication.test_auth_global:

    class: Drupal\rest_test\Authentication\Provider\TestAuthGlobal

    tags:

      - { name: authentication_provider, provider_id: 'rest_test_auth_global', global: TRUE }

<?php

namespace Drupal\rest_test\Authentication\Provider;

use Drupal\Core\Authentication\AuthenticationProviderInterface;

use Symfony\Component\HttpFoundation\Request;

/**

 * Global authentication provider for testing purposes.

 */

class TestAuthGlobal implements AuthenticationProviderInterface {

  /**

   * {@inheritdoc}

   */

  public function applies(Request $request) {

    return $request->headers->has('REST-test-auth-global');

  }

  /**

   * {@inheritdoc}

   */

  public function authenticate(Request $request) {

    return NULL;

  }

}

    $this->assertResourceErrorResponse(403, 'The used authentication method is not allowed on this route.', $response);

    unset($request_options[RequestOptions::HEADERS]['REST-test-auth']);

    $request_options[RequestOptions::HEADERS]['REST-test-auth-global'] = '1';

    // DX: 403 when attempting to use unallowed global authentication provider.

    $response = $this->request('GET', $url, $request_options);

    $this->assertResourceErrorResponse(403, 'The used authentication method is not allowed on this route.', $response);

    unset($request_options[RequestOptions::HEADERS]['REST-test-auth-global']);

    $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions('GET'));