|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\system\Tests\System;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\Component\Utility\SafeMarkup;
|
|
Chris@0
|
6 use Drupal\simpletest\WebTestBase;
|
|
Chris@0
|
7 use Drupal\user\RoleInterface;
|
|
Chris@0
|
8
|
|
Chris@0
|
9 /**
|
|
Chris@0
|
10 * Tests page access denied functionality, including custom 403 pages.
|
|
Chris@0
|
11 *
|
|
Chris@0
|
12 * @group system
|
|
Chris@0
|
13 */
|
|
Chris@0
|
14 class AccessDeniedTest extends WebTestBase {
|
|
Chris@0
|
15
|
|
Chris@0
|
16 /**
|
|
Chris@0
|
17 * Modules to enable.
|
|
Chris@0
|
18 *
|
|
Chris@0
|
19 * @var array
|
|
Chris@0
|
20 */
|
|
Chris@0
|
21 public static $modules = ['block', 'node', 'system_test'];
|
|
Chris@0
|
22
|
|
Chris@0
|
23 protected $adminUser;
|
|
Chris@0
|
24
|
|
Chris@0
|
25 protected function setUp() {
|
|
Chris@0
|
26 parent::setUp();
|
|
Chris@0
|
27
|
|
Chris@0
|
28 $this->drupalPlaceBlock('page_title_block');
|
|
Chris@0
|
29
|
|
Chris@0
|
30 // Create an administrative user.
|
|
Chris@0
|
31 $this->adminUser = $this->drupalCreateUser(['access administration pages', 'administer site configuration', 'link to any page', 'administer blocks']);
|
|
Chris@0
|
32 $this->adminUser->roles[] = 'administrator';
|
|
Chris@0
|
33 $this->adminUser->save();
|
|
Chris@0
|
34
|
|
Chris@0
|
35 user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access user profiles']);
|
|
Chris@0
|
36 user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, ['access user profiles']);
|
|
Chris@0
|
37 }
|
|
Chris@0
|
38
|
|
Chris@0
|
39 public function testAccessDenied() {
|
|
Chris@0
|
40 $this->drupalGet('admin');
|
|
Chris@0
|
41 $this->assertText(t('Access denied'), 'Found the default 403 page');
|
|
Chris@0
|
42 $this->assertResponse(403);
|
|
Chris@0
|
43
|
|
Chris@0
|
44 // Ensure that users without permission are denied access and have the
|
|
Chris@0
|
45 // correct path information in drupalSettings.
|
|
Chris@0
|
46 $this->drupalLogin($this->createUser([]));
|
|
Chris@0
|
47 $this->drupalGet('admin', ['query' => ['foo' => 'bar']]);
|
|
Chris@0
|
48 $this->assertEqual($this->drupalSettings['path']['currentPath'], 'admin');
|
|
Chris@0
|
49 $this->assertEqual($this->drupalSettings['path']['currentPathIsAdmin'], TRUE);
|
|
Chris@0
|
50 $this->assertEqual($this->drupalSettings['path']['currentQuery'], ['foo' => 'bar']);
|
|
Chris@0
|
51
|
|
Chris@0
|
52 $this->drupalLogin($this->adminUser);
|
|
Chris@0
|
53
|
|
Chris@0
|
54 // Set a custom 404 page without a starting slash.
|
|
Chris@0
|
55 $edit = [
|
|
Chris@0
|
56 'site_403' => 'user/' . $this->adminUser->id(),
|
|
Chris@0
|
57 ];
|
|
Chris@0
|
58 $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
|
|
Chris@0
|
59 $this->assertRaw(SafeMarkup::format("The path '%path' has to start with a slash.", ['%path' => $edit['site_403']]));
|
|
Chris@0
|
60
|
|
Chris@0
|
61 // Use a custom 403 page.
|
|
Chris@0
|
62 $edit = [
|
|
Chris@0
|
63 'site_403' => '/user/' . $this->adminUser->id(),
|
|
Chris@0
|
64 ];
|
|
Chris@0
|
65 $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
|
|
Chris@0
|
66
|
|
Chris@0
|
67 // Enable the user login block.
|
|
Chris@0
|
68 $block = $this->drupalPlaceBlock('user_login_block', ['id' => 'login']);
|
|
Chris@0
|
69
|
|
Chris@0
|
70 // Log out and check that the user login block is shown on custom 403 pages.
|
|
Chris@0
|
71 $this->drupalLogout();
|
|
Chris@0
|
72 $this->drupalGet('admin');
|
|
Chris@0
|
73 $this->assertText($this->adminUser->getUsername(), 'Found the custom 403 page');
|
|
Chris@0
|
74 $this->assertText(t('Username'), 'Blocks are shown on the custom 403 page');
|
|
Chris@0
|
75
|
|
Chris@0
|
76 // Log back in and remove the custom 403 page.
|
|
Chris@0
|
77 $this->drupalLogin($this->adminUser);
|
|
Chris@0
|
78 $edit = [
|
|
Chris@0
|
79 'site_403' => '',
|
|
Chris@0
|
80 ];
|
|
Chris@0
|
81 $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
|
|
Chris@0
|
82
|
|
Chris@0
|
83 // Logout and check that the user login block is shown on default 403 pages.
|
|
Chris@0
|
84 $this->drupalLogout();
|
|
Chris@0
|
85 $this->drupalGet('admin');
|
|
Chris@0
|
86 $this->assertText(t('Access denied'), 'Found the default 403 page');
|
|
Chris@0
|
87 $this->assertResponse(403);
|
|
Chris@0
|
88 $this->assertText(t('Username'), 'Blocks are shown on the default 403 page');
|
|
Chris@0
|
89
|
|
Chris@0
|
90 // Log back in, set the custom 403 page to /user/login and remove the block
|
|
Chris@0
|
91 $this->drupalLogin($this->adminUser);
|
|
Chris@0
|
92 $this->config('system.site')->set('page.403', '/user/login')->save();
|
|
Chris@0
|
93 $block->disable()->save();
|
|
Chris@0
|
94
|
|
Chris@0
|
95 // Check that we can log in from the 403 page.
|
|
Chris@0
|
96 $this->drupalLogout();
|
|
Chris@0
|
97 $edit = [
|
|
Chris@0
|
98 'name' => $this->adminUser->getUsername(),
|
|
Chris@0
|
99 'pass' => $this->adminUser->pass_raw,
|
|
Chris@0
|
100 ];
|
|
Chris@0
|
101 $this->drupalPostForm('admin/config/system/site-information', $edit, t('Log in'));
|
|
Chris@0
|
102
|
|
Chris@0
|
103 // Check that we're still on the same page.
|
|
Chris@0
|
104 $this->assertText(t('Basic site settings'));
|
|
Chris@0
|
105 }
|
|
Chris@0
|
106
|
|
Chris@0
|
107 /**
|
|
Chris@0
|
108 * Tests that an inaccessible custom 403 page falls back to the default.
|
|
Chris@0
|
109 */
|
|
Chris@0
|
110 public function testAccessDeniedCustomPageWithAccessDenied() {
|
|
Chris@0
|
111 // Sets up a 403 page not accessible by the anonymous user.
|
|
Chris@0
|
112 $this->config('system.site')->set('page.403', '/system-test/custom-4xx')->save();
|
|
Chris@0
|
113
|
|
Chris@0
|
114 $this->drupalGet('/system-test/always-denied');
|
|
Chris@0
|
115 $this->assertNoText('Admin-only 4xx response');
|
|
Chris@0
|
116 $this->assertText('You are not authorized to access this page.');
|
|
Chris@0
|
117 $this->assertResponse(403);
|
|
Chris@0
|
118 // Verify the access cacheability metadata for custom 403 is bubbled.
|
|
Chris@0
|
119 $this->assertCacheContext('user.roles');
|
|
Chris@0
|
120
|
|
Chris@0
|
121 $this->drupalLogin($this->adminUser);
|
|
Chris@0
|
122 $this->drupalGet('/system-test/always-denied');
|
|
Chris@0
|
123 $this->assertText('Admin-only 4xx response');
|
|
Chris@0
|
124 $this->assertResponse(403);
|
|
Chris@0
|
125 // Verify the access cacheability metadata for custom 403 is bubbled.
|
|
Chris@0
|
126 $this->assertCacheContext('user.roles');
|
|
Chris@0
|
127 }
|
|
Chris@0
|
128
|
|
Chris@0
|
129 }
|
