/**
* Tests PATCHing security-sensitive base fields of the logged in account.
*/
public function testPatchDxForSecuritySensitiveBaseFields() { // The anonymous user is never allowed to modify itself.
if (!
static::
$auth) { $this->
markTestSkipped();
} $this->
initAuthentication();
$this->
provisionEntityResource();
/** @var \Drupal\user\UserInterface $user */
$user =
static::
$auth ?
$this->account : User::
load(0
);
// @todo Remove the array_diff_key() call in https://www.drupal.org/node/2821077.
$original_normalization =
array_diff_key($this->serializer->
normalize($user,
static::
$format),
['created' => TRUE, 'changed' => TRUE, 'name' => TRUE
]);
// Since this test must be performed by the user that is being modified,
// we cannot use $this->getUrl().
$url =
$user->
toUrl()->
setOption('query',
['_format' =>
static::
$format]);
$request_options =
[ RequestOptions::HEADERS =>
['Content-Type' =>
static::
$mimeType],
];