Mercurial > hg > isophonics-drupal-site

annotate core/modules/contact/tests/src/Functional/ContactPersonalTest.php @ 19:fa3358dc1485 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents af1871eacc83
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\Tests\contact\Functional;
Chris@0 4
Chris@17 5 use Drupal\Component\Render\FormattableMarkup;
Chris@0 6 use Drupal\Component\Render\PlainTextOutput;
Chris@0 7 use Drupal\Core\Session\AccountInterface;
Chris@0 8 use Drupal\Core\Test\AssertMailTrait;
Chris@0 9 use Drupal\Tests\BrowserTestBase;
Chris@0 10 use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
Chris@0 11 use Drupal\user\RoleInterface;
Chris@0 12
Chris@0 13 /**
Chris@0 14 * Tests personal contact form functionality.
Chris@0 15 *
Chris@0 16 * @group contact
Chris@0 17 */
Chris@0 18 class ContactPersonalTest extends BrowserTestBase {
Chris@0 19
Chris@0 20 use AssertMailTrait;
Chris@0 21 use AssertPageCacheContextsAndTagsTrait;
Chris@0 22
Chris@0 23 /**
Chris@0 24 * Modules to enable.
Chris@0 25 *
Chris@0 26 * @var array
Chris@0 27 */
Chris@0 28 public static $modules = ['contact', 'dblog'];
Chris@0 29
Chris@0 30 /**
Chris@0 31 * A user with some administrative permissions.
Chris@0 32 *
Chris@0 33 * @var \Drupal\user\UserInterface
Chris@0 34 */
Chris@0 35 private $adminUser;
Chris@0 36
Chris@0 37 /**
Chris@0 38 * A user with permission to view profiles and access user contact forms.
Chris@0 39 *
Chris@0 40 * @var \Drupal\user\UserInterface
Chris@0 41 */
Chris@0 42 private $webUser;
Chris@0 43
Chris@0 44 /**
Chris@0 45 * A user without any permissions.
Chris@0 46 *
Chris@0 47 * @var \Drupal\user\UserInterface
Chris@0 48 */
Chris@0 49 private $contactUser;
Chris@0 50
Chris@0 51 protected function setUp() {
Chris@0 52 parent::setUp();
Chris@0 53
Chris@0 54 // Create an admin user.
Chris@0 55 $this->adminUser = $this->drupalCreateUser(['administer contact forms', 'administer users', 'administer account settings', 'access site reports']);
Chris@0 56
Chris@0 57 // Create some normal users with their contact forms enabled by default.
Chris@0 58 $this->config('contact.settings')->set('user_default_enabled', TRUE)->save();
Chris@0 59 $this->webUser = $this->drupalCreateUser(['access user profiles', 'access user contact forms']);
Chris@0 60 $this->contactUser = $this->drupalCreateUser();
Chris@0 61 }
Chris@0 62
Chris@0 63 /**
Chris@0 64 * Tests that mails for contact messages are correctly sent.
Chris@0 65 */
Chris@0 66 public function testSendPersonalContactMessage() {
Chris@0 67 // Ensure that the web user's email needs escaping.
Chris@18 68 $mail = $this->webUser->getAccountName() . '&escaped@example.com';
Chris@0 69 $this->webUser->setEmail($mail)->save();
Chris@0 70 $this->drupalLogin($this->webUser);
Chris@0 71
Chris@0 72 $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
Chris@0 73 $this->assertEscaped($mail);
Chris@0 74 $message = $this->submitPersonalContact($this->contactUser);
Chris@0 75 $mails = $this->getMails();
Chris@0 76 $this->assertEqual(1, count($mails));
Chris@0 77 $mail = $mails[0];
Chris@0 78 $this->assertEqual($mail['to'], $this->contactUser->getEmail());
Chris@0 79 $this->assertEqual($mail['from'], $this->config('system.site')->get('mail'));
Chris@0 80 $this->assertEqual($mail['reply-to'], $this->webUser->getEmail());
Chris@0 81 $this->assertEqual($mail['key'], 'user_mail');
Chris@0 82 $variables = [
Chris@0 83 '@site-name' => $this->config('system.site')->get('name'),
Chris@0 84 '@subject' => $message['subject[0][value]'],
Chris@0 85 '@recipient-name' => $this->contactUser->getDisplayName(),
Chris@0 86 ];
Chris@0 87 $subject = PlainTextOutput::renderFromHtml(t('[@site-name] @subject', $variables));
Chris@0 88 $this->assertEqual($mail['subject'], $subject, 'Subject is in sent message.');
Chris@0 89 $this->assertTrue(strpos($mail['body'], 'Hello ' . $variables['@recipient-name']) !== FALSE, 'Recipient name is in sent message.');
Chris@0 90 $this->assertTrue(strpos($mail['body'], $this->webUser->getDisplayName()) !== FALSE, 'Sender name is in sent message.');
Chris@0 91 $this->assertTrue(strpos($mail['body'], $message['message[0][value]']) !== FALSE, 'Message body is in sent message.');
Chris@0 92
Chris@0 93 // Check there was no problems raised during sending.
Chris@0 94 $this->drupalLogout();
Chris@0 95 $this->drupalLogin($this->adminUser);
Chris@0 96 // Verify that the correct watchdog message has been logged.
Chris@0 97 $this->drupalGet('/admin/reports/dblog');
Chris@0 98 $placeholders = [
Chris@0 99 '@sender_name' => $this->webUser->username,
Chris@0 100 '@sender_email' => $this->webUser->getEmail(),
Chris@18 101 '@recipient_name' => $this->contactUser->getAccountName(),
Chris@0 102 ];
Chris@17 103 $this->assertRaw(new FormattableMarkup('@sender_name (@sender_email) sent @recipient_name an email.', $placeholders));
Chris@0 104 // Ensure an unescaped version of the email does not exist anywhere.
Chris@0 105 $this->assertNoRaw($this->webUser->getEmail());
Chris@0 106 }
Chris@0 107
Chris@0 108 /**
Chris@0 109 * Tests access to the personal contact form.
Chris@0 110 */
Chris@0 111 public function testPersonalContactAccess() {
Chris@0 112 // Test allowed access to admin user's contact form.
Chris@0 113 $this->drupalLogin($this->webUser);
Chris@0 114 $this->drupalGet('user/' . $this->adminUser->id() . '/contact');
Chris@0 115 $this->assertResponse(200);
Chris@0 116 // Check the page title is properly displayed.
Chris@0 117 $this->assertRaw(t('Contact @username', ['@username' => $this->adminUser->getDisplayName()]));
Chris@0 118
Chris@0 119 // Test denied access to admin user's own contact form.
Chris@0 120 $this->drupalLogout();
Chris@0 121 $this->drupalLogin($this->adminUser);
Chris@0 122 $this->drupalGet('user/' . $this->adminUser->id() . '/contact');
Chris@0 123 $this->assertResponse(403);
Chris@0 124
Chris@0 125 // Test allowed access to user with contact form enabled.
Chris@0 126 $this->drupalLogin($this->webUser);
Chris@0 127 $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
Chris@0 128 $this->assertResponse(200);
Chris@0 129
Chris@0 130 // Test that there is no access to personal contact forms for users
Chris@0 131 // without an email address configured.
Chris@0 132 $original_email = $this->contactUser->getEmail();
Chris@0 133 $this->contactUser->setEmail(FALSE)->save();
Chris@0 134 $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
Chris@0 135 $this->assertResponse(404, 'Not found (404) returned when visiting a personal contact form for a user with no email address');
Chris@0 136
Chris@0 137 // Test that the 'contact tab' does not appear on the user profiles
Chris@0 138 // for users without an email address configured.
Chris@0 139 $this->drupalGet('user/' . $this->contactUser->id());
Chris@0 140 $contact_link = '/user/' . $this->contactUser->id() . '/contact';
Chris@0 141 $this->assertResponse(200);
Chris@0 142 $this->assertNoLinkByHref($contact_link, 'The "contact" tab is hidden on profiles for users with no email address');
Chris@0 143
Chris@0 144 // Restore original email address.
Chris@0 145 $this->contactUser->setEmail($original_email)->save();
Chris@0 146
Chris@0 147 // Test denied access to the user's own contact form.
Chris@0 148 $this->drupalGet('user/' . $this->webUser->id() . '/contact');
Chris@0 149 $this->assertResponse(403);
Chris@0 150
Chris@0 151 // Test always denied access to the anonymous user contact form.
Chris@0 152 $this->drupalGet('user/0/contact');
Chris@0 153 $this->assertResponse(403);
Chris@0 154
Chris@0 155 // Test that anonymous users can access the contact form.
Chris@0 156 $this->drupalLogout();
Chris@0 157 user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access user contact forms']);
Chris@0 158 $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
Chris@0 159 $this->assertResponse(200);
Chris@0 160
Chris@0 161 // Test that anonymous users can access admin user's contact form.
Chris@0 162 $this->drupalGet('user/' . $this->adminUser->id() . '/contact');
Chris@0 163 $this->assertResponse(200);
Chris@0 164 $this->assertCacheContext('user');
Chris@0 165
Chris@0 166 // Revoke the personal contact permission for the anonymous user.
Chris@0 167 user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['access user contact forms']);
Chris@0 168 $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
Chris@0 169 $this->assertResponse(403);
Chris@0 170 $this->assertCacheContext('user');
Chris@0 171 $this->drupalGet('user/' . $this->adminUser->id() . '/contact');
Chris@0 172 $this->assertResponse(403);
Chris@0 173
Chris@0 174 // Disable the personal contact form.
Chris@0 175 $this->drupalLogin($this->adminUser);
Chris@0 176 $edit = ['contact_default_status' => FALSE];
Chris@0 177 $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration'));
Chris@0 178 $this->assertText(t('The configuration options have been saved.'), 'Setting successfully saved.');
Chris@0 179 $this->drupalLogout();
Chris@0 180
Chris@0 181 // Re-create our contacted user with personal contact forms disabled by
Chris@0 182 // default.
Chris@0 183 $this->contactUser = $this->drupalCreateUser();
Chris@0 184
Chris@0 185 // Test denied access to a user with contact form disabled.
Chris@0 186 $this->drupalLogin($this->webUser);
Chris@0 187 $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
Chris@0 188 $this->assertResponse(403);
Chris@0 189
Chris@0 190 // Test allowed access for admin user to a user with contact form disabled.
Chris@0 191 $this->drupalLogin($this->adminUser);
Chris@0 192 $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
Chris@0 193 $this->assertResponse(200);
Chris@0 194
Chris@0 195 // Re-create our contacted user as a blocked user.
Chris@0 196 $this->contactUser = $this->drupalCreateUser();
Chris@0 197 $this->contactUser->block();
Chris@0 198 $this->contactUser->save();
Chris@0 199
Chris@0 200 // Test that blocked users can still be contacted by admin.
Chris@0 201 $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
Chris@0 202 $this->assertResponse(200);
Chris@0 203
Chris@0 204 // Test that blocked users cannot be contacted by non-admins.
Chris@0 205 $this->drupalLogin($this->webUser);
Chris@0 206 $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
Chris@0 207 $this->assertResponse(403);
Chris@0 208
Chris@0 209 // Test enabling and disabling the contact page through the user profile
Chris@0 210 // form.
Chris@0 211 $this->drupalGet('user/' . $this->webUser->id() . '/edit');
Chris@0 212 $this->assertNoFieldChecked('edit-contact--2');
Chris@0 213 $this->assertFalse(\Drupal::service('user.data')->get('contact', $this->webUser->id(), 'enabled'), 'Personal contact form disabled');
Chris@0 214 $this->drupalPostForm(NULL, ['contact' => TRUE], t('Save'));
Chris@0 215 $this->assertFieldChecked('edit-contact--2');
Chris@0 216 $this->assertTrue(\Drupal::service('user.data')->get('contact', $this->webUser->id(), 'enabled'), 'Personal contact form enabled');
Chris@0 217
Chris@0 218 // Test with disabled global default contact form in combination with a user
Chris@0 219 // that has the contact form enabled.
Chris@0 220 $this->config('contact.settings')->set('user_default_enabled', FALSE)->save();
Chris@0 221 $this->contactUser = $this->drupalCreateUser();
Chris@0 222 \Drupal::service('user.data')->set('contact', $this->contactUser->id(), 'enabled', 1);
Chris@0 223
Chris@0 224 $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
Chris@0 225 $this->assertResponse(200);
Chris@0 226 }
Chris@0 227
Chris@0 228 /**
Chris@0 229 * Tests the personal contact form flood protection.
Chris@0 230 */
Chris@0 231 public function testPersonalContactFlood() {
Chris@0 232 $flood_limit = 3;
Chris@0 233 $this->config('contact.settings')->set('flood.limit', $flood_limit)->save();
Chris@0 234
Chris@0 235 $this->drupalLogin($this->webUser);
Chris@0 236
Chris@0 237 // Submit contact form with correct values and check flood interval.
Chris@0 238 for ($i = 0; $i < $flood_limit; $i++) {
Chris@0 239 $this->submitPersonalContact($this->contactUser);
Chris@0 240 $this->assertText(t('Your message has been sent.'), 'Message sent.');
Chris@0 241 }
Chris@0 242
Chris@0 243 // Submit contact form one over limit.
Chris@0 244 $this->submitPersonalContact($this->contactUser);
Chris@0 245 $this->assertRaw(t('You cannot send more than %number messages in @interval. Try again later.', ['%number' => $flood_limit, '@interval' => \Drupal::service('date.formatter')->formatInterval($this->config('contact.settings')->get('flood.interval'))]), 'Normal user denied access to flooded contact form.');
Chris@0 246
Chris@0 247 // Test that the admin user can still access the contact form even though
Chris@0 248 // the flood limit was reached.
Chris@0 249 $this->drupalLogin($this->adminUser);
Chris@0 250 $this->assertNoText('Try again later.', 'Admin user not denied access to flooded contact form.');
Chris@0 251 }
Chris@0 252
Chris@0 253 /**
Chris@0 254 * Tests the personal contact form based access when an admin adds users.
Chris@0 255 */
Chris@0 256 public function testAdminContact() {
Chris@0 257 user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access user contact forms']);
Chris@0 258 $this->checkContactAccess(200);
Chris@0 259 $this->checkContactAccess(403, FALSE);
Chris@0 260 $config = $this->config('contact.settings');
Chris@0 261 $config->set('user_default_enabled', FALSE);
Chris@0 262 $config->save();
Chris@0 263 $this->checkContactAccess(403);
Chris@0 264 }
Chris@0 265
Chris@0 266 /**
Chris@0 267 * Creates a user and then checks contact form access.
Chris@0 268 *
Chris@0 269 * @param int $response
Chris@0 270 * The expected response code.
Chris@0 271 * @param bool $contact_value
Chris@0 272 * (optional) The value the contact field should be set too.
Chris@0 273 */
Chris@0 274 protected function checkContactAccess($response, $contact_value = NULL) {
Chris@0 275 $this->drupalLogin($this->adminUser);
Chris@0 276 $this->drupalGet('admin/people/create');
Chris@0 277 if ($this->config('contact.settings')->get('user_default_enabled', TRUE)) {
Chris@0 278 $this->assertFieldChecked('edit-contact--2');
Chris@0 279 }
Chris@0 280 else {
Chris@0 281 $this->assertNoFieldChecked('edit-contact--2');
Chris@0 282 }
Chris@0 283 $name = $this->randomMachineName();
Chris@0 284 $edit = [
Chris@0 285 'name' => $name,
Chris@0 286 'mail' => $this->randomMachineName() . '@example.com',
Chris@0 287 'pass[pass1]' => $pass = $this->randomString(),
Chris@0 288 'pass[pass2]' => $pass,
Chris@0 289 'notify' => FALSE,
Chris@0 290 ];
Chris@0 291 if (isset($contact_value)) {
Chris@0 292 $edit['contact'] = $contact_value;
Chris@0 293 }
Chris@0 294 $this->drupalPostForm('admin/people/create', $edit, t('Create new account'));
Chris@0 295 $user = user_load_by_name($name);
Chris@0 296 $this->drupalLogout();
Chris@0 297
Chris@0 298 $this->drupalGet('user/' . $user->id() . '/contact');
Chris@0 299 $this->assertResponse($response);
Chris@0 300 }
Chris@0 301
Chris@0 302 /**
Chris@0 303 * Fills out a user's personal contact form and submits it.
Chris@0 304 *
Chris@0 305 * @param \Drupal\Core\Session\AccountInterface $account
Chris@0 306 * A user object of the user being contacted.
Chris@0 307 * @param array $message
Chris@0 308 * (optional) An array with the form fields being used. Defaults to an empty
Chris@0 309 * array.
Chris@0 310 *
Chris@0 311 * @return array
Chris@0 312 * An array with the form fields being used.
Chris@0 313 */
Chris@0 314 protected function submitPersonalContact(AccountInterface $account, array $message = []) {
Chris@0 315 $message += [
Chris@0 316 'subject[0][value]' => $this->randomMachineName(16),
Chris@0 317 'message[0][value]' => $this->randomMachineName(64),
Chris@0 318 ];
Chris@0 319 $this->drupalPostForm('user/' . $account->id() . '/contact', $message, t('Send message'));
Chris@0 320 return $message;
Chris@0 321 }
Chris@0 322
Chris@0 323 }