|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\Tests\user\Functional;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\Tests\BrowserTestBase;
|
|
Chris@0
|
6
|
|
Chris@0
|
7 /**
|
|
Chris@0
|
8 * Tests the user search page and verifies that sensitive information is hidden
|
|
Chris@0
|
9 * from unauthorized users.
|
|
Chris@0
|
10 *
|
|
Chris@0
|
11 * @group user
|
|
Chris@0
|
12 */
|
|
Chris@0
|
13 class UserSearchTest extends BrowserTestBase {
|
|
Chris@0
|
14
|
|
Chris@0
|
15 /**
|
|
Chris@0
|
16 * Modules to enable.
|
|
Chris@0
|
17 *
|
|
Chris@0
|
18 * @var array
|
|
Chris@0
|
19 */
|
|
Chris@0
|
20 public static $modules = ['search'];
|
|
Chris@0
|
21
|
|
Chris@0
|
22 public function testUserSearch() {
|
|
Chris@0
|
23 // Verify that a user without 'administer users' permission cannot search
|
|
Chris@0
|
24 // for users by email address. Additionally, ensure that the username has a
|
|
Chris@0
|
25 // plus sign to ensure searching works with that.
|
|
Chris@0
|
26 $user1 = $this->drupalCreateUser(['access user profiles', 'search content'], "foo+bar");
|
|
Chris@0
|
27 $this->drupalLogin($user1);
|
|
Chris@0
|
28 $keys = $user1->getEmail();
|
|
Chris@0
|
29 $edit = ['keys' => $keys];
|
|
Chris@0
|
30 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@0
|
31 $this->assertText(t('Your search yielded no results.'), 'Search by email did not work for non-admin user');
|
|
Chris@0
|
32 $this->assertText('no results', 'Search by email gave no-match message');
|
|
Chris@0
|
33
|
|
Chris@0
|
34 // Verify that a non-matching query gives an appropriate message.
|
|
Chris@0
|
35 $keys = 'nomatch';
|
|
Chris@0
|
36 $edit = ['keys' => $keys];
|
|
Chris@0
|
37 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@0
|
38 $this->assertText('no results', 'Non-matching search gave appropriate message');
|
|
Chris@0
|
39
|
|
Chris@0
|
40 // Verify that a user with search permission can search for users by name.
|
|
Chris@18
|
41 $keys = $user1->getAccountName();
|
|
Chris@0
|
42 $edit = ['keys' => $keys];
|
|
Chris@0
|
43 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@0
|
44 $this->assertLink($keys, 0, 'Search by username worked for non-admin user');
|
|
Chris@0
|
45
|
|
Chris@0
|
46 // Verify that searching by sub-string works too.
|
|
Chris@0
|
47 $subkey = substr($keys, 1, 5);
|
|
Chris@0
|
48 $edit = ['keys' => $subkey];
|
|
Chris@0
|
49 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@0
|
50 $this->assertLink($keys, 0, 'Search by username substring worked for non-admin user');
|
|
Chris@0
|
51
|
|
Chris@0
|
52 // Verify that wildcard search works.
|
|
Chris@0
|
53 $subkey = substr($keys, 0, 2) . '*' . substr($keys, 4, 2);
|
|
Chris@0
|
54 $edit = ['keys' => $subkey];
|
|
Chris@0
|
55 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@0
|
56 $this->assertLink($keys, 0, 'Search with wildcard worked for non-admin user');
|
|
Chris@0
|
57
|
|
Chris@0
|
58 // Verify that a user with 'administer users' permission can search by
|
|
Chris@0
|
59 // email.
|
|
Chris@0
|
60 $user2 = $this->drupalCreateUser(['administer users', 'access user profiles', 'search content']);
|
|
Chris@0
|
61 $this->drupalLogin($user2);
|
|
Chris@0
|
62 $keys = $user2->getEmail();
|
|
Chris@0
|
63 $edit = ['keys' => $keys];
|
|
Chris@0
|
64 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@0
|
65 $this->assertText($keys, 'Search by email works for administrative user');
|
|
Chris@18
|
66 $this->assertText($user2->getAccountName(), 'Search by email resulted in username on page for administrative user');
|
|
Chris@0
|
67
|
|
Chris@0
|
68 // Verify that a substring works too for email.
|
|
Chris@0
|
69 $subkey = substr($keys, 1, 5);
|
|
Chris@0
|
70 $edit = ['keys' => $subkey];
|
|
Chris@0
|
71 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@0
|
72 $this->assertText($keys, 'Search by email substring works for administrative user');
|
|
Chris@18
|
73 $this->assertText($user2->getAccountName(), 'Search by email substring resulted in username on page for administrative user');
|
|
Chris@0
|
74
|
|
Chris@0
|
75 // Verify that wildcard search works for email
|
|
Chris@0
|
76 $subkey = substr($keys, 0, 2) . '*' . substr($keys, 4, 2);
|
|
Chris@0
|
77 $edit = ['keys' => $subkey];
|
|
Chris@0
|
78 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@18
|
79 $this->assertText($user2->getAccountName(), 'Search for email wildcard resulted in username on page for administrative user');
|
|
Chris@0
|
80
|
|
Chris@0
|
81 // Verify that if they search by user name, they see email address too.
|
|
Chris@18
|
82 $keys = $user1->getAccountName();
|
|
Chris@0
|
83 $edit = ['keys' => $keys];
|
|
Chris@0
|
84 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@0
|
85 $this->assertText($keys, 'Search by username works for admin user');
|
|
Chris@0
|
86 $this->assertText($user1->getEmail(), 'Search by username for admin shows email address too');
|
|
Chris@0
|
87
|
|
Chris@0
|
88 // Create a blocked user.
|
|
Chris@0
|
89 $blocked_user = $this->drupalCreateUser();
|
|
Chris@0
|
90 $blocked_user->block();
|
|
Chris@0
|
91 $blocked_user->save();
|
|
Chris@0
|
92
|
|
Chris@0
|
93 // Verify that users with "administer users" permissions can see blocked
|
|
Chris@0
|
94 // accounts in search results.
|
|
Chris@18
|
95 $edit = ['keys' => $blocked_user->getAccountName()];
|
|
Chris@0
|
96 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@18
|
97 $this->assertText($blocked_user->getAccountName(), 'Blocked users are listed on the user search results for users with the "administer users" permission.');
|
|
Chris@0
|
98
|
|
Chris@0
|
99 // Verify that users without "administer users" permissions do not see
|
|
Chris@0
|
100 // blocked accounts in search results.
|
|
Chris@0
|
101 $this->drupalLogin($user1);
|
|
Chris@18
|
102 $edit = ['keys' => $blocked_user->getAccountName()];
|
|
Chris@0
|
103 $this->drupalPostForm('search/user', $edit, t('Search'));
|
|
Chris@0
|
104 $this->assertText(t('Your search yielded no results.'), 'Blocked users are hidden from the user search results.');
|
|
Chris@0
|
105
|
|
Chris@0
|
106 // Create a user without search permission, and one without user page view
|
|
Chris@0
|
107 // permission. Verify that neither one can access the user search page.
|
|
Chris@0
|
108 $user3 = $this->drupalCreateUser(['search content']);
|
|
Chris@0
|
109 $this->drupalLogin($user3);
|
|
Chris@0
|
110 $this->drupalGet('search/user');
|
|
Chris@0
|
111 $this->assertResponse('403', 'User without user profile access cannot search');
|
|
Chris@0
|
112
|
|
Chris@0
|
113 $user4 = $this->drupalCreateUser(['access user profiles']);
|
|
Chris@0
|
114 $this->drupalLogin($user4);
|
|
Chris@0
|
115 $this->drupalGet('search/user');
|
|
Chris@0
|
116 $this->assertResponse('403', 'User without search permission cannot search');
|
|
Chris@0
|
117 $this->drupalLogout();
|
|
Chris@0
|
118 }
|
|
Chris@0
|
119
|
|
Chris@0
|
120 }
|
