Fixes for functional security tests break custom tests
FunctionalTestCase.php the line
$this->securityContext->refreshTokens(); causes severe problems for Christopher Hlubek's tests that deal with security. That line was added in https://review.typo3.org/9676 to fix #34466.
I tested without that line and indeed all functional security tests in FLOW3 still pass, if the exception expectation in
MethodSecurityTest is again changed from
Christopher: how do your tests fail? Maybe you also have the same wrong expectation?
Updated by Christopher Hlubek over 9 years ago
I'm debugging it right now. It seems that "$this->disableAuthorization()" doesn't do that with the fix for #34466 in place. Since no tokens are authenticated anymore, any code that needs authentication throws an
AuthenticationRequiredException. So we need to authenticate a token here to disable authorization (sounds funny).
I'll try to create a functional test in FLOW3 that tests this behavior.