|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\user\Tests;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\dynamic_page_cache\EventSubscriber\DynamicPageCacheSubscriber;
|
|
Chris@0
|
6 use Drupal\simpletest\WebTestBase;
|
|
Chris@0
|
7
|
|
Chris@0
|
8 /**
|
|
Chris@0
|
9 * Tests user blocks.
|
|
Chris@0
|
10 *
|
|
Chris@0
|
11 * @group user
|
|
Chris@0
|
12 */
|
|
Chris@0
|
13 class UserBlocksTest extends WebTestBase {
|
|
Chris@0
|
14
|
|
Chris@0
|
15 /**
|
|
Chris@0
|
16 * Modules to enable.
|
|
Chris@0
|
17 *
|
|
Chris@0
|
18 * @var array
|
|
Chris@0
|
19 */
|
|
Chris@0
|
20 public static $modules = ['block', 'views'];
|
|
Chris@0
|
21
|
|
Chris@0
|
22 /**
|
|
Chris@0
|
23 * A user with the 'administer blocks' permission.
|
|
Chris@0
|
24 *
|
|
Chris@0
|
25 * @var \Drupal\user\UserInterface
|
|
Chris@0
|
26 */
|
|
Chris@0
|
27 protected $adminUser;
|
|
Chris@0
|
28
|
|
Chris@0
|
29 protected function setUp() {
|
|
Chris@0
|
30 parent::setUp();
|
|
Chris@0
|
31
|
|
Chris@0
|
32 $this->adminUser = $this->drupalCreateUser(['administer blocks']);
|
|
Chris@0
|
33 $this->drupalLogin($this->adminUser);
|
|
Chris@0
|
34 $this->drupalPlaceBlock('user_login_block');
|
|
Chris@0
|
35 $this->drupalLogout($this->adminUser);
|
|
Chris@0
|
36 }
|
|
Chris@0
|
37
|
|
Chris@0
|
38 /**
|
|
Chris@0
|
39 * Tests that user login block is hidden from user/login.
|
|
Chris@0
|
40 */
|
|
Chris@0
|
41 public function testUserLoginBlockVisibility() {
|
|
Chris@0
|
42 // Array keyed list where key being the URL address and value being expected
|
|
Chris@0
|
43 // visibility as boolean type.
|
|
Chris@0
|
44 $paths = [
|
|
Chris@0
|
45 'node' => TRUE,
|
|
Chris@0
|
46 'user/login' => FALSE,
|
|
Chris@0
|
47 'user/register' => TRUE,
|
|
Chris@0
|
48 'user/password' => TRUE,
|
|
Chris@0
|
49 ];
|
|
Chris@0
|
50 foreach ($paths as $path => $expected_visibility) {
|
|
Chris@0
|
51 $this->drupalGet($path);
|
|
Chris@0
|
52 $elements = $this->xpath('//div[contains(@class,"block-user-login-block") and @role="form"]');
|
|
Chris@0
|
53 if ($expected_visibility) {
|
|
Chris@0
|
54 $this->assertTrue(!empty($elements), 'User login block in path "' . $path . '" should be visible');
|
|
Chris@0
|
55 }
|
|
Chris@0
|
56 else {
|
|
Chris@0
|
57 $this->assertTrue(empty($elements), 'User login block in path "' . $path . '" should not be visible');
|
|
Chris@0
|
58 }
|
|
Chris@0
|
59 }
|
|
Chris@0
|
60 }
|
|
Chris@0
|
61
|
|
Chris@0
|
62 /**
|
|
Chris@0
|
63 * Test the user login block.
|
|
Chris@0
|
64 */
|
|
Chris@0
|
65 public function testUserLoginBlock() {
|
|
Chris@0
|
66 // Create a user with some permission that anonymous users lack.
|
|
Chris@0
|
67 $user = $this->drupalCreateUser(['administer permissions']);
|
|
Chris@0
|
68
|
|
Chris@0
|
69 // Log in using the block.
|
|
Chris@0
|
70 $edit = [];
|
|
Chris@0
|
71 $edit['name'] = $user->getUsername();
|
|
Chris@0
|
72 $edit['pass'] = $user->pass_raw;
|
|
Chris@0
|
73 $this->drupalPostForm('admin/people/permissions', $edit, t('Log in'));
|
|
Chris@0
|
74 $this->assertNoText(t('User login'), 'Logged in.');
|
|
Chris@0
|
75
|
|
Chris@0
|
76 // Check that we are still on the same page.
|
|
Chris@0
|
77 $this->assertUrl(\Drupal::url('user.admin_permissions', [], ['absolute' => TRUE]), [], 'Still on the same page after login for access denied page');
|
|
Chris@0
|
78
|
|
Chris@0
|
79 // Now, log out and repeat with a non-403 page.
|
|
Chris@0
|
80 $this->drupalLogout();
|
|
Chris@0
|
81 $this->drupalGet('filter/tips');
|
|
Chris@0
|
82 $this->assertEqual('MISS', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
|
|
Chris@0
|
83 $this->drupalPostForm(NULL, $edit, t('Log in'));
|
|
Chris@0
|
84 $this->assertNoText(t('User login'), 'Logged in.');
|
|
Chris@0
|
85 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
|
|
Chris@0
|
86
|
|
Chris@0
|
87 // Log out again and repeat with a non-403 page including query arguments.
|
|
Chris@0
|
88 $this->drupalLogout();
|
|
Chris@0
|
89 $this->drupalGet('filter/tips', ['query' => ['foo' => 'bar']]);
|
|
Chris@0
|
90 $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
|
|
Chris@0
|
91 $this->drupalPostForm(NULL, $edit, t('Log in'));
|
|
Chris@0
|
92 $this->assertNoText(t('User login'), 'Logged in.');
|
|
Chris@0
|
93 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
|
|
Chris@0
|
94 $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=bar') !== FALSE, 'Correct query arguments are displayed after login');
|
|
Chris@0
|
95
|
|
Chris@0
|
96 // Repeat with different query arguments.
|
|
Chris@0
|
97 $this->drupalLogout();
|
|
Chris@0
|
98 $this->drupalGet('filter/tips', ['query' => ['foo' => 'baz']]);
|
|
Chris@0
|
99 $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
|
|
Chris@0
|
100 $this->drupalPostForm(NULL, $edit, t('Log in'));
|
|
Chris@0
|
101 $this->assertNoText(t('User login'), 'Logged in.');
|
|
Chris@0
|
102 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
|
|
Chris@0
|
103 $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=baz') !== FALSE, 'Correct query arguments are displayed after login');
|
|
Chris@0
|
104
|
|
Chris@0
|
105 // Check that the user login block is not vulnerable to information
|
|
Chris@0
|
106 // disclosure to third party sites.
|
|
Chris@0
|
107 $this->drupalLogout();
|
|
Chris@0
|
108 $this->drupalPostForm('http://example.com/', $edit, t('Log in'), ['external' => FALSE]);
|
|
Chris@0
|
109 // Check that we remain on the site after login.
|
|
Chris@0
|
110 $this->assertUrl($user->url('canonical', ['absolute' => TRUE]), [], 'Redirected to user profile page after login from the frontpage');
|
|
Chris@0
|
111
|
|
Chris@0
|
112 // Verify that form validation errors are displayed immediately for forms
|
|
Chris@0
|
113 // in blocks and not on subsequent page requests.
|
|
Chris@0
|
114 $this->drupalLogout();
|
|
Chris@0
|
115 $edit = [];
|
|
Chris@0
|
116 $edit['name'] = 'foo';
|
|
Chris@0
|
117 $edit['pass'] = 'invalid password';
|
|
Chris@0
|
118 $this->drupalPostForm('filter/tips', $edit, t('Log in'));
|
|
Chris@0
|
119 $this->assertText(t('Unrecognized username or password. Forgot your password?'));
|
|
Chris@0
|
120 $this->drupalGet('filter/tips');
|
|
Chris@0
|
121 $this->assertNoText(t('Unrecognized username or password. Forgot your password?'));
|
|
Chris@0
|
122 }
|
|
Chris@0
|
123
|
|
Chris@0
|
124 /**
|
|
Chris@0
|
125 * Test the Who's Online block.
|
|
Chris@0
|
126 */
|
|
Chris@0
|
127 public function testWhosOnlineBlock() {
|
|
Chris@0
|
128 $block = $this->drupalPlaceBlock('views_block:who_s_online-who_s_online_block');
|
|
Chris@0
|
129
|
|
Chris@0
|
130 // Generate users.
|
|
Chris@0
|
131 $user1 = $this->drupalCreateUser(['access user profiles']);
|
|
Chris@0
|
132 $user2 = $this->drupalCreateUser([]);
|
|
Chris@0
|
133 $user3 = $this->drupalCreateUser([]);
|
|
Chris@0
|
134
|
|
Chris@0
|
135 // Update access of two users to be within the active timespan.
|
|
Chris@0
|
136 $this->updateAccess($user1->id());
|
|
Chris@0
|
137 $this->updateAccess($user2->id(), REQUEST_TIME + 1);
|
|
Chris@0
|
138
|
|
Chris@0
|
139 // Insert an inactive user who should not be seen in the block, and ensure
|
|
Chris@0
|
140 // that the admin user used in setUp() does not appear.
|
|
Chris@0
|
141 $inactive_time = REQUEST_TIME - (15 * 60) - 1;
|
|
Chris@0
|
142 $this->updateAccess($user3->id(), $inactive_time);
|
|
Chris@0
|
143 $this->updateAccess($this->adminUser->id(), $inactive_time);
|
|
Chris@0
|
144
|
|
Chris@0
|
145 // Test block output.
|
|
Chris@0
|
146 \Drupal::currentUser()->setAccount($user1);
|
|
Chris@0
|
147 $content = entity_view($block, 'block');
|
|
Chris@0
|
148 $this->setRawContent(\Drupal::service('renderer')->renderRoot($content));
|
|
Chris@0
|
149 $this->assertRaw(t('2 users'), 'Correct number of online users (2 users).');
|
|
Chris@0
|
150 $this->assertText($user1->getUsername(), 'Active user 1 found in online list.');
|
|
Chris@0
|
151 $this->assertText($user2->getUsername(), 'Active user 2 found in online list.');
|
|
Chris@0
|
152 $this->assertNoText($user3->getUsername(), 'Inactive user not found in online list.');
|
|
Chris@0
|
153 $this->assertTrue(strpos($this->getRawContent(), $user1->getUsername()) > strpos($this->getRawContent(), $user2->getUsername()), 'Online users are ordered correctly.');
|
|
Chris@0
|
154 }
|
|
Chris@0
|
155
|
|
Chris@0
|
156 /**
|
|
Chris@0
|
157 * Updates the access column for a user.
|
|
Chris@0
|
158 */
|
|
Chris@0
|
159 private function updateAccess($uid, $access = REQUEST_TIME) {
|
|
Chris@0
|
160 db_update('users_field_data')
|
|
Chris@0
|
161 ->condition('uid', $uid)
|
|
Chris@0
|
162 ->fields(['access' => $access])
|
|
Chris@0
|
163 ->execute();
|
|
Chris@0
|
164 }
|
|
Chris@0
|
165
|
|
Chris@0
|
166 }
|
