|
Chris@17
|
1 <?php
|
|
Chris@17
|
2
|
|
Chris@17
|
3 namespace Drupal\Tests\media\FunctionalJavascript;
|
|
Chris@17
|
4
|
|
Chris@17
|
5 use Drupal\Core\Session\AccountInterface;
|
|
Chris@17
|
6 use Drupal\media\Entity\Media;
|
|
Chris@17
|
7 use Drupal\media_test_oembed\Controller\ResourceController;
|
|
Chris@17
|
8 use Drupal\Tests\media\Traits\OEmbedTestTrait;
|
|
Chris@17
|
9 use Drupal\user\Entity\Role;
|
|
Chris@17
|
10 use Symfony\Component\DependencyInjection\ContainerInterface;
|
|
Chris@17
|
11
|
|
Chris@17
|
12 /**
|
|
Chris@17
|
13 * Tests the oembed:video media source.
|
|
Chris@17
|
14 *
|
|
Chris@17
|
15 * @group media
|
|
Chris@17
|
16 */
|
|
Chris@17
|
17 class MediaSourceOEmbedVideoTest extends MediaSourceTestBase {
|
|
Chris@17
|
18
|
|
Chris@17
|
19 /**
|
|
Chris@17
|
20 * {@inheritdoc}
|
|
Chris@17
|
21 */
|
|
Chris@17
|
22 public static $modules = ['media_test_oembed'];
|
|
Chris@17
|
23
|
|
Chris@17
|
24 use OEmbedTestTrait;
|
|
Chris@17
|
25
|
|
Chris@17
|
26 /**
|
|
Chris@17
|
27 * {@inheritdoc}
|
|
Chris@17
|
28 */
|
|
Chris@17
|
29 protected function setUp() {
|
|
Chris@17
|
30 parent::setUp();
|
|
Chris@17
|
31 $this->lockHttpClientToFixtures();
|
|
Chris@17
|
32 }
|
|
Chris@17
|
33
|
|
Chris@17
|
34 /**
|
|
Chris@17
|
35 * {@inheritdoc}
|
|
Chris@17
|
36 */
|
|
Chris@17
|
37 protected function initConfig(ContainerInterface $container) {
|
|
Chris@17
|
38 parent::initConfig($container);
|
|
Chris@17
|
39
|
|
Chris@17
|
40 // Enable twig debugging to make testing template usage easy.
|
|
Chris@17
|
41 $parameters = $container->getParameter('twig.config');
|
|
Chris@17
|
42 $parameters['debug'] = TRUE;
|
|
Chris@17
|
43 $this->setContainerParameter('twig.config', $parameters);
|
|
Chris@17
|
44 }
|
|
Chris@17
|
45
|
|
Chris@17
|
46 /**
|
|
Chris@17
|
47 * Tests the oembed media source.
|
|
Chris@17
|
48 */
|
|
Chris@17
|
49 public function testMediaOEmbedVideoSource() {
|
|
Chris@17
|
50 $media_type_id = 'test_media_oembed_type';
|
|
Chris@17
|
51 $provided_fields = [
|
|
Chris@17
|
52 'type',
|
|
Chris@17
|
53 'title',
|
|
Chris@17
|
54 'default_name',
|
|
Chris@17
|
55 'author_name',
|
|
Chris@17
|
56 'author_url',
|
|
Chris@17
|
57 'provider_name',
|
|
Chris@17
|
58 'provider_url',
|
|
Chris@17
|
59 'cache_age',
|
|
Chris@17
|
60 'thumbnail_uri',
|
|
Chris@17
|
61 'thumbnail_width',
|
|
Chris@17
|
62 'thumbnail_height',
|
|
Chris@17
|
63 'url',
|
|
Chris@17
|
64 'width',
|
|
Chris@17
|
65 'height',
|
|
Chris@17
|
66 'html',
|
|
Chris@17
|
67 ];
|
|
Chris@17
|
68
|
|
Chris@17
|
69 $session = $this->getSession();
|
|
Chris@17
|
70 $page = $session->getPage();
|
|
Chris@17
|
71 $assert_session = $this->assertSession();
|
|
Chris@17
|
72
|
|
Chris@17
|
73 $this->doTestCreateMediaType($media_type_id, 'oembed:video', $provided_fields);
|
|
Chris@17
|
74
|
|
Chris@17
|
75 // Create custom fields for the media type to store metadata attributes.
|
|
Chris@17
|
76 $fields = [
|
|
Chris@17
|
77 'field_string_width' => 'string',
|
|
Chris@17
|
78 'field_string_height' => 'string',
|
|
Chris@17
|
79 'field_string_author_name' => 'string',
|
|
Chris@17
|
80 ];
|
|
Chris@17
|
81 $this->createMediaTypeFields($fields, $media_type_id);
|
|
Chris@17
|
82
|
|
Chris@17
|
83 // Hide the name field widget to test default name generation.
|
|
Chris@17
|
84 $this->hideMediaTypeFieldWidget('name', $media_type_id);
|
|
Chris@17
|
85
|
|
Chris@17
|
86 $this->drupalGet("admin/structure/media/manage/$media_type_id");
|
|
Chris@17
|
87 // Only accept Vimeo videos.
|
|
Chris@17
|
88 $page->checkField("source_configuration[providers][Vimeo]");
|
|
Chris@17
|
89 $assert_session->selectExists('field_map[width]')->setValue('field_string_width');
|
|
Chris@17
|
90 $assert_session->selectExists('field_map[height]')->setValue('field_string_height');
|
|
Chris@17
|
91 $assert_session->selectExists('field_map[author_name]')->setValue('field_string_author_name');
|
|
Chris@17
|
92 $assert_session->buttonExists('Save')->press();
|
|
Chris@17
|
93
|
|
Chris@17
|
94 $this->hijackProviderEndpoints();
|
|
Chris@17
|
95 $video_url = 'https://vimeo.com/7073899';
|
|
Chris@17
|
96 ResourceController::setResourceUrl($video_url, $this->getFixturesDirectory() . '/video_vimeo.json');
|
|
Chris@17
|
97
|
|
Chris@17
|
98 // Create a media item.
|
|
Chris@17
|
99 $this->drupalGet("media/add/$media_type_id");
|
|
Chris@17
|
100 $assert_session->fieldExists('Remote video URL')->setValue($video_url);
|
|
Chris@17
|
101 $assert_session->buttonExists('Save')->press();
|
|
Chris@17
|
102
|
|
Chris@17
|
103 $assert_session->addressEquals('admin/content/media');
|
|
Chris@17
|
104
|
|
Chris@17
|
105 // Get the media entity view URL from the creation message.
|
|
Chris@17
|
106 $this->drupalGet($this->assertLinkToCreatedMedia());
|
|
Chris@17
|
107
|
|
Chris@17
|
108 /** @var \Drupal\media\MediaInterface $media */
|
|
Chris@17
|
109 $media = Media::load(1);
|
|
Chris@17
|
110
|
|
Chris@17
|
111 // The thumbnail should have been downloaded.
|
|
Chris@17
|
112 $thumbnail = $media->getSource()->getMetadata($media, 'thumbnail_uri');
|
|
Chris@17
|
113 $this->assertFileExists($thumbnail);
|
|
Chris@17
|
114
|
|
Chris@17
|
115 // Ensure the iframe exists and that its src attribute contains a coherent
|
|
Chris@17
|
116 // URL with the query parameters we expect.
|
|
Chris@17
|
117 $iframe_url = $assert_session->elementExists('css', 'iframe')->getAttribute('src');
|
|
Chris@17
|
118 $iframe_url = parse_url($iframe_url);
|
|
Chris@17
|
119 $this->assertStringEndsWith('/media/oembed', $iframe_url['path']);
|
|
Chris@17
|
120 $this->assertNotEmpty($iframe_url['query']);
|
|
Chris@17
|
121 $query = [];
|
|
Chris@17
|
122 parse_str($iframe_url['query'], $query);
|
|
Chris@17
|
123 $this->assertSame($video_url, $query['url']);
|
|
Chris@17
|
124 $this->assertNotEmpty($query['hash']);
|
|
Chris@17
|
125
|
|
Chris@17
|
126 // Make sure the thumbnail is displayed from uploaded image.
|
|
Chris@17
|
127 $assert_session->elementAttributeContains('css', '.image-style-thumbnail', 'src', '/oembed_thumbnails/' . basename($thumbnail));
|
|
Chris@17
|
128
|
|
Chris@17
|
129 // Load the media and check that all fields are properly populated.
|
|
Chris@17
|
130 $media = Media::load(1);
|
|
Chris@17
|
131 $this->assertSame('Drupal Rap Video - Schipulcon09', $media->getName());
|
|
Chris@17
|
132 $this->assertSame('480', $media->field_string_width->value);
|
|
Chris@17
|
133 $this->assertSame('360', $media->field_string_height->value);
|
|
Chris@17
|
134
|
|
Chris@17
|
135 // Try to create a media asset from a disallowed provider.
|
|
Chris@17
|
136 $this->drupalGet("media/add/$media_type_id");
|
|
Chris@17
|
137 $assert_session->fieldExists('Remote video URL')->setValue('http://www.collegehumor.com/video/40003213/grant-and-katie-are-starting-their-own-company');
|
|
Chris@17
|
138 $page->pressButton('Save');
|
|
Chris@17
|
139
|
|
Chris@17
|
140 $assert_session->pageTextContains('The CollegeHumor provider is not allowed.');
|
|
Chris@17
|
141
|
|
Chris@17
|
142 // Test anonymous access to media via iframe.
|
|
Chris@17
|
143 $this->drupalLogout();
|
|
Chris@17
|
144
|
|
Chris@17
|
145 // Without a hash should be denied.
|
|
Chris@17
|
146 $no_hash_query = array_diff_key($query, ['hash' => '']);
|
|
Chris@17
|
147 $this->drupalGet('media/oembed', ['query' => $no_hash_query]);
|
|
Chris@17
|
148 $assert_session->pageTextNotContains('By the power of Greyskull, Vimeo works!');
|
|
Chris@17
|
149 $assert_session->pageTextContains('Access denied');
|
|
Chris@17
|
150
|
|
Chris@17
|
151 // A correct query should be allowed because the anonymous role has the
|
|
Chris@17
|
152 // 'view media' permission.
|
|
Chris@17
|
153 $this->drupalGet('media/oembed', ['query' => $query]);
|
|
Chris@17
|
154 $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!');
|
|
Chris@17
|
155 $this->assertRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig');
|
|
Chris@17
|
156 $this->assertNoRaw('core/modules/media/templates/media-oembed-iframe.html.twig');
|
|
Chris@17
|
157
|
|
Chris@17
|
158 // Test themes not inheriting from stable.
|
|
Chris@17
|
159 \Drupal::service('theme_handler')->install(['stark']);
|
|
Chris@17
|
160 $this->config('system.theme')->set('default', 'stark')->save();
|
|
Chris@17
|
161 $this->drupalGet('media/oembed', ['query' => $query]);
|
|
Chris@17
|
162 $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!');
|
|
Chris@17
|
163 $this->assertNoRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig');
|
|
Chris@17
|
164 $this->assertRaw('core/modules/media/templates/media-oembed-iframe.html.twig');
|
|
Chris@17
|
165
|
|
Chris@17
|
166 // Remove the 'view media' permission to test that this restricts access.
|
|
Chris@17
|
167 $role = Role::load(AccountInterface::ANONYMOUS_ROLE);
|
|
Chris@17
|
168 $role->revokePermission('view media');
|
|
Chris@17
|
169 $role->save();
|
|
Chris@17
|
170 $this->drupalGet('media/oembed', ['query' => $query]);
|
|
Chris@17
|
171 $assert_session->pageTextNotContains('By the power of Greyskull, Vimeo works!');
|
|
Chris@17
|
172 $assert_session->pageTextContains('Access denied');
|
|
Chris@17
|
173 }
|
|
Chris@17
|
174
|
|
Chris@17
|
175 /**
|
|
Chris@17
|
176 * Test that a security warning appears if iFrame domain is not set.
|
|
Chris@17
|
177 */
|
|
Chris@17
|
178 public function testOEmbedSecurityWarning() {
|
|
Chris@17
|
179 $media_type_id = 'test_media_oembed_type';
|
|
Chris@17
|
180 $source_id = 'oembed:video';
|
|
Chris@17
|
181
|
|
Chris@17
|
182 $session = $this->getSession();
|
|
Chris@17
|
183 $page = $session->getPage();
|
|
Chris@17
|
184 $assert_session = $this->assertSession();
|
|
Chris@17
|
185
|
|
Chris@17
|
186 $this->drupalGet('admin/structure/media/add');
|
|
Chris@17
|
187 $page->fillField('label', $media_type_id);
|
|
Chris@17
|
188 $this->getSession()
|
|
Chris@17
|
189 ->wait(5000, "jQuery('.machine-name-value').text() === '{$media_type_id}'");
|
|
Chris@17
|
190
|
|
Chris@17
|
191 // Make sure the source is available.
|
|
Chris@17
|
192 $assert_session->fieldExists('Media source');
|
|
Chris@17
|
193 $assert_session->optionExists('Media source', $source_id);
|
|
Chris@17
|
194 $page->selectFieldOption('Media source', $source_id);
|
|
Chris@17
|
195 $result = $assert_session->waitForElementVisible('css', 'fieldset[data-drupal-selector="edit-source-configuration"]');
|
|
Chris@17
|
196 $this->assertNotEmpty($result);
|
|
Chris@17
|
197
|
|
Chris@17
|
198 $assert_session->pageTextContains('It is potentially insecure to display oEmbed content in a frame');
|
|
Chris@17
|
199
|
|
Chris@17
|
200 $this->config('media.settings')->set('iframe_domain', 'http://example.com')->save();
|
|
Chris@17
|
201
|
|
Chris@17
|
202 $this->drupalGet('admin/structure/media/add');
|
|
Chris@17
|
203 $page->fillField('label', $media_type_id);
|
|
Chris@17
|
204 $this->getSession()
|
|
Chris@17
|
205 ->wait(5000, "jQuery('.machine-name-value').text() === '{$media_type_id}'");
|
|
Chris@17
|
206
|
|
Chris@17
|
207 // Make sure the source is available.
|
|
Chris@17
|
208 $assert_session->fieldExists('Media source');
|
|
Chris@17
|
209 $assert_session->optionExists('Media source', $source_id);
|
|
Chris@17
|
210 $page->selectFieldOption('Media source', $source_id);
|
|
Chris@17
|
211 $result = $assert_session->waitForElementVisible('css', 'fieldset[data-drupal-selector="edit-source-configuration"]');
|
|
Chris@17
|
212 $this->assertNotEmpty($result);
|
|
Chris@17
|
213
|
|
Chris@17
|
214 $assert_session->pageTextNotContains('It is potentially insecure to display oEmbed content in a frame');
|
|
Chris@17
|
215 }
|
|
Chris@17
|
216
|
|
Chris@17
|
217 }
|
