annotate core/modules/user/tests/src/Functional/UserBlocksTest.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents af1871eacc83
children
rev   line source
Chris@17 1 <?php
Chris@17 2
Chris@17 3 namespace Drupal\Tests\user\Functional;
Chris@17 4
Chris@18 5 use Drupal\Core\Url;
Chris@18 6 use Drupal\Core\Database\Database;
Chris@17 7 use Drupal\dynamic_page_cache\EventSubscriber\DynamicPageCacheSubscriber;
Chris@17 8 use Drupal\Tests\BrowserTestBase;
Chris@17 9
Chris@17 10 /**
Chris@17 11 * Tests user blocks.
Chris@17 12 *
Chris@17 13 * @group user
Chris@17 14 */
Chris@17 15 class UserBlocksTest extends BrowserTestBase {
Chris@17 16
Chris@17 17 /**
Chris@17 18 * Modules to enable.
Chris@17 19 *
Chris@17 20 * @var array
Chris@17 21 */
Chris@17 22 public static $modules = ['block', 'views'];
Chris@17 23
Chris@17 24 /**
Chris@17 25 * A user with the 'administer blocks' permission.
Chris@17 26 *
Chris@17 27 * @var \Drupal\user\UserInterface
Chris@17 28 */
Chris@17 29 protected $adminUser;
Chris@17 30
Chris@17 31 protected function setUp() {
Chris@17 32 parent::setUp();
Chris@17 33
Chris@17 34 $this->adminUser = $this->drupalCreateUser(['administer blocks']);
Chris@17 35 $this->drupalLogin($this->adminUser);
Chris@17 36 $this->drupalPlaceBlock('user_login_block');
Chris@17 37 $this->drupalLogout($this->adminUser);
Chris@17 38 }
Chris@17 39
Chris@17 40 /**
Chris@17 41 * Tests that user login block is hidden from user/login.
Chris@17 42 */
Chris@17 43 public function testUserLoginBlockVisibility() {
Chris@17 44 // Array keyed list where key being the URL address and value being expected
Chris@17 45 // visibility as boolean type.
Chris@17 46 $paths = [
Chris@17 47 'node' => TRUE,
Chris@17 48 'user/login' => FALSE,
Chris@17 49 'user/register' => TRUE,
Chris@17 50 'user/password' => TRUE,
Chris@17 51 ];
Chris@17 52 foreach ($paths as $path => $expected_visibility) {
Chris@17 53 $this->drupalGet($path);
Chris@17 54 $elements = $this->xpath('//div[contains(@class,"block-user-login-block") and @role="form"]');
Chris@17 55 if ($expected_visibility) {
Chris@17 56 $this->assertTrue(!empty($elements), 'User login block in path "' . $path . '" should be visible');
Chris@17 57 }
Chris@17 58 else {
Chris@17 59 $this->assertTrue(empty($elements), 'User login block in path "' . $path . '" should not be visible');
Chris@17 60 }
Chris@17 61 }
Chris@17 62 }
Chris@17 63
Chris@17 64 /**
Chris@17 65 * Test the user login block.
Chris@17 66 */
Chris@17 67 public function testUserLoginBlock() {
Chris@17 68 // Create a user with some permission that anonymous users lack.
Chris@17 69 $user = $this->drupalCreateUser(['administer permissions']);
Chris@17 70
Chris@17 71 // Log in using the block.
Chris@17 72 $edit = [];
Chris@18 73 $edit['name'] = $user->getAccountName();
Chris@17 74 $edit['pass'] = $user->passRaw;
Chris@17 75 $this->drupalPostForm('admin/people/permissions', $edit, t('Log in'));
Chris@17 76 $this->assertNoText(t('User login'), 'Logged in.');
Chris@17 77
Chris@17 78 // Check that we are still on the same page.
Chris@18 79 $this->assertUrl(Url::fromRoute('user.admin_permissions', [], ['absolute' => TRUE])->toString(), [], 'Still on the same page after login for access denied page');
Chris@17 80
Chris@17 81 // Now, log out and repeat with a non-403 page.
Chris@17 82 $this->drupalLogout();
Chris@17 83 $this->drupalGet('filter/tips');
Chris@17 84 $this->assertEqual('MISS', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
Chris@17 85 $this->drupalPostForm(NULL, $edit, t('Log in'));
Chris@17 86 $this->assertNoText(t('User login'), 'Logged in.');
Chris@17 87 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
Chris@17 88
Chris@17 89 // Log out again and repeat with a non-403 page including query arguments.
Chris@17 90 $this->drupalLogout();
Chris@17 91 $this->drupalGet('filter/tips', ['query' => ['foo' => 'bar']]);
Chris@17 92 $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
Chris@17 93 $this->drupalPostForm(NULL, $edit, t('Log in'));
Chris@17 94 $this->assertNoText(t('User login'), 'Logged in.');
Chris@17 95 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
Chris@17 96 $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=bar') !== FALSE, 'Correct query arguments are displayed after login');
Chris@17 97
Chris@17 98 // Repeat with different query arguments.
Chris@17 99 $this->drupalLogout();
Chris@17 100 $this->drupalGet('filter/tips', ['query' => ['foo' => 'baz']]);
Chris@17 101 $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
Chris@17 102 $this->drupalPostForm(NULL, $edit, t('Log in'));
Chris@17 103 $this->assertNoText(t('User login'), 'Logged in.');
Chris@17 104 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
Chris@17 105 $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=baz') !== FALSE, 'Correct query arguments are displayed after login');
Chris@17 106
Chris@17 107 // Check that the user login block is not vulnerable to information
Chris@17 108 // disclosure to third party sites.
Chris@17 109 $this->drupalLogout();
Chris@17 110 $this->drupalPostForm('http://example.com/', $edit, t('Log in'), ['external' => FALSE]);
Chris@17 111 // Check that we remain on the site after login.
Chris@18 112 $this->assertUrl($user->toUrl('canonical', ['absolute' => TRUE])->toString(), [], 'Redirected to user profile page after login from the frontpage');
Chris@17 113
Chris@17 114 // Verify that form validation errors are displayed immediately for forms
Chris@17 115 // in blocks and not on subsequent page requests.
Chris@17 116 $this->drupalLogout();
Chris@17 117 $edit = [];
Chris@17 118 $edit['name'] = 'foo';
Chris@17 119 $edit['pass'] = 'invalid password';
Chris@17 120 $this->drupalPostForm('filter/tips', $edit, t('Log in'));
Chris@17 121 $this->assertText(t('Unrecognized username or password. Forgot your password?'));
Chris@17 122 $this->drupalGet('filter/tips');
Chris@17 123 $this->assertNoText(t('Unrecognized username or password. Forgot your password?'));
Chris@17 124 }
Chris@17 125
Chris@17 126 /**
Chris@17 127 * Updates the access column for a user.
Chris@17 128 */
Chris@17 129 private function updateAccess($uid, $access = REQUEST_TIME) {
Chris@18 130 Database::getConnection()->update('users_field_data')
Chris@17 131 ->condition('uid', $uid)
Chris@17 132 ->fields(['access' => $access])
Chris@17 133 ->execute();
Chris@17 134 }
Chris@17 135
Chris@17 136 }