|
Chris@17
|
1 <?php
|
|
Chris@17
|
2
|
|
Chris@17
|
3 namespace Drupal\Tests\user\Functional;
|
|
Chris@17
|
4
|
|
Chris@18
|
5 use Drupal\Core\Url;
|
|
Chris@18
|
6 use Drupal\Core\Database\Database;
|
|
Chris@17
|
7 use Drupal\dynamic_page_cache\EventSubscriber\DynamicPageCacheSubscriber;
|
|
Chris@17
|
8 use Drupal\Tests\BrowserTestBase;
|
|
Chris@17
|
9
|
|
Chris@17
|
10 /**
|
|
Chris@17
|
11 * Tests user blocks.
|
|
Chris@17
|
12 *
|
|
Chris@17
|
13 * @group user
|
|
Chris@17
|
14 */
|
|
Chris@17
|
15 class UserBlocksTest extends BrowserTestBase {
|
|
Chris@17
|
16
|
|
Chris@17
|
17 /**
|
|
Chris@17
|
18 * Modules to enable.
|
|
Chris@17
|
19 *
|
|
Chris@17
|
20 * @var array
|
|
Chris@17
|
21 */
|
|
Chris@17
|
22 public static $modules = ['block', 'views'];
|
|
Chris@17
|
23
|
|
Chris@17
|
24 /**
|
|
Chris@17
|
25 * A user with the 'administer blocks' permission.
|
|
Chris@17
|
26 *
|
|
Chris@17
|
27 * @var \Drupal\user\UserInterface
|
|
Chris@17
|
28 */
|
|
Chris@17
|
29 protected $adminUser;
|
|
Chris@17
|
30
|
|
Chris@17
|
31 protected function setUp() {
|
|
Chris@17
|
32 parent::setUp();
|
|
Chris@17
|
33
|
|
Chris@17
|
34 $this->adminUser = $this->drupalCreateUser(['administer blocks']);
|
|
Chris@17
|
35 $this->drupalLogin($this->adminUser);
|
|
Chris@17
|
36 $this->drupalPlaceBlock('user_login_block');
|
|
Chris@17
|
37 $this->drupalLogout($this->adminUser);
|
|
Chris@17
|
38 }
|
|
Chris@17
|
39
|
|
Chris@17
|
40 /**
|
|
Chris@17
|
41 * Tests that user login block is hidden from user/login.
|
|
Chris@17
|
42 */
|
|
Chris@17
|
43 public function testUserLoginBlockVisibility() {
|
|
Chris@17
|
44 // Array keyed list where key being the URL address and value being expected
|
|
Chris@17
|
45 // visibility as boolean type.
|
|
Chris@17
|
46 $paths = [
|
|
Chris@17
|
47 'node' => TRUE,
|
|
Chris@17
|
48 'user/login' => FALSE,
|
|
Chris@17
|
49 'user/register' => TRUE,
|
|
Chris@17
|
50 'user/password' => TRUE,
|
|
Chris@17
|
51 ];
|
|
Chris@17
|
52 foreach ($paths as $path => $expected_visibility) {
|
|
Chris@17
|
53 $this->drupalGet($path);
|
|
Chris@17
|
54 $elements = $this->xpath('//div[contains(@class,"block-user-login-block") and @role="form"]');
|
|
Chris@17
|
55 if ($expected_visibility) {
|
|
Chris@17
|
56 $this->assertTrue(!empty($elements), 'User login block in path "' . $path . '" should be visible');
|
|
Chris@17
|
57 }
|
|
Chris@17
|
58 else {
|
|
Chris@17
|
59 $this->assertTrue(empty($elements), 'User login block in path "' . $path . '" should not be visible');
|
|
Chris@17
|
60 }
|
|
Chris@17
|
61 }
|
|
Chris@17
|
62 }
|
|
Chris@17
|
63
|
|
Chris@17
|
64 /**
|
|
Chris@17
|
65 * Test the user login block.
|
|
Chris@17
|
66 */
|
|
Chris@17
|
67 public function testUserLoginBlock() {
|
|
Chris@17
|
68 // Create a user with some permission that anonymous users lack.
|
|
Chris@17
|
69 $user = $this->drupalCreateUser(['administer permissions']);
|
|
Chris@17
|
70
|
|
Chris@17
|
71 // Log in using the block.
|
|
Chris@17
|
72 $edit = [];
|
|
Chris@18
|
73 $edit['name'] = $user->getAccountName();
|
|
Chris@17
|
74 $edit['pass'] = $user->passRaw;
|
|
Chris@17
|
75 $this->drupalPostForm('admin/people/permissions', $edit, t('Log in'));
|
|
Chris@17
|
76 $this->assertNoText(t('User login'), 'Logged in.');
|
|
Chris@17
|
77
|
|
Chris@17
|
78 // Check that we are still on the same page.
|
|
Chris@18
|
79 $this->assertUrl(Url::fromRoute('user.admin_permissions', [], ['absolute' => TRUE])->toString(), [], 'Still on the same page after login for access denied page');
|
|
Chris@17
|
80
|
|
Chris@17
|
81 // Now, log out and repeat with a non-403 page.
|
|
Chris@17
|
82 $this->drupalLogout();
|
|
Chris@17
|
83 $this->drupalGet('filter/tips');
|
|
Chris@17
|
84 $this->assertEqual('MISS', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
|
|
Chris@17
|
85 $this->drupalPostForm(NULL, $edit, t('Log in'));
|
|
Chris@17
|
86 $this->assertNoText(t('User login'), 'Logged in.');
|
|
Chris@17
|
87 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
|
|
Chris@17
|
88
|
|
Chris@17
|
89 // Log out again and repeat with a non-403 page including query arguments.
|
|
Chris@17
|
90 $this->drupalLogout();
|
|
Chris@17
|
91 $this->drupalGet('filter/tips', ['query' => ['foo' => 'bar']]);
|
|
Chris@17
|
92 $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
|
|
Chris@17
|
93 $this->drupalPostForm(NULL, $edit, t('Log in'));
|
|
Chris@17
|
94 $this->assertNoText(t('User login'), 'Logged in.');
|
|
Chris@17
|
95 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
|
|
Chris@17
|
96 $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=bar') !== FALSE, 'Correct query arguments are displayed after login');
|
|
Chris@17
|
97
|
|
Chris@17
|
98 // Repeat with different query arguments.
|
|
Chris@17
|
99 $this->drupalLogout();
|
|
Chris@17
|
100 $this->drupalGet('filter/tips', ['query' => ['foo' => 'baz']]);
|
|
Chris@17
|
101 $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
|
|
Chris@17
|
102 $this->drupalPostForm(NULL, $edit, t('Log in'));
|
|
Chris@17
|
103 $this->assertNoText(t('User login'), 'Logged in.');
|
|
Chris@17
|
104 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
|
|
Chris@17
|
105 $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=baz') !== FALSE, 'Correct query arguments are displayed after login');
|
|
Chris@17
|
106
|
|
Chris@17
|
107 // Check that the user login block is not vulnerable to information
|
|
Chris@17
|
108 // disclosure to third party sites.
|
|
Chris@17
|
109 $this->drupalLogout();
|
|
Chris@17
|
110 $this->drupalPostForm('http://example.com/', $edit, t('Log in'), ['external' => FALSE]);
|
|
Chris@17
|
111 // Check that we remain on the site after login.
|
|
Chris@18
|
112 $this->assertUrl($user->toUrl('canonical', ['absolute' => TRUE])->toString(), [], 'Redirected to user profile page after login from the frontpage');
|
|
Chris@17
|
113
|
|
Chris@17
|
114 // Verify that form validation errors are displayed immediately for forms
|
|
Chris@17
|
115 // in blocks and not on subsequent page requests.
|
|
Chris@17
|
116 $this->drupalLogout();
|
|
Chris@17
|
117 $edit = [];
|
|
Chris@17
|
118 $edit['name'] = 'foo';
|
|
Chris@17
|
119 $edit['pass'] = 'invalid password';
|
|
Chris@17
|
120 $this->drupalPostForm('filter/tips', $edit, t('Log in'));
|
|
Chris@17
|
121 $this->assertText(t('Unrecognized username or password. Forgot your password?'));
|
|
Chris@17
|
122 $this->drupalGet('filter/tips');
|
|
Chris@17
|
123 $this->assertNoText(t('Unrecognized username or password. Forgot your password?'));
|
|
Chris@17
|
124 }
|
|
Chris@17
|
125
|
|
Chris@17
|
126 /**
|
|
Chris@17
|
127 * Updates the access column for a user.
|
|
Chris@17
|
128 */
|
|
Chris@17
|
129 private function updateAccess($uid, $access = REQUEST_TIME) {
|
|
Chris@18
|
130 Database::getConnection()->update('users_field_data')
|
|
Chris@17
|
131 ->condition('uid', $uid)
|
|
Chris@17
|
132 ->fields(['access' => $access])
|
|
Chris@17
|
133 ->execute();
|
|
Chris@17
|
134 }
|
|
Chris@17
|
135
|
|
Chris@17
|
136 }
|
