Mercurial > hg > isophonics-drupal-site

comparison core/modules/user/src/Tests/UserBlocksTest.php @ 0:4c8ae668cc8c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial import (non-working)
author Chris Cannam
date Wed, 29 Nov 2017 16:09:58 +0000
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:4c8ae668cc8c
1 <?php
2
3 namespace Drupal\user\Tests;
4
5 use Drupal\dynamic_page_cache\EventSubscriber\DynamicPageCacheSubscriber;
6 use Drupal\simpletest\WebTestBase;
7
8 /**
9 * Tests user blocks.
10 *
11 * @group user
12 */
13 class UserBlocksTest extends WebTestBase {
14
15 /**
16 * Modules to enable.
17 *
18 * @var array
19 */
20 public static $modules = ['block', 'views'];
21
22 /**
23 * A user with the 'administer blocks' permission.
24 *
25 * @var \Drupal\user\UserInterface
26 */
27 protected $adminUser;
28
29 protected function setUp() {
30 parent::setUp();
31
32 $this->adminUser = $this->drupalCreateUser(['administer blocks']);
33 $this->drupalLogin($this->adminUser);
34 $this->drupalPlaceBlock('user_login_block');
35 $this->drupalLogout($this->adminUser);
36 }
37
38 /**
39 * Tests that user login block is hidden from user/login.
40 */
41 public function testUserLoginBlockVisibility() {
42 // Array keyed list where key being the URL address and value being expected
43 // visibility as boolean type.
44 $paths = [
45 'node' => TRUE,
46 'user/login' => FALSE,
47 'user/register' => TRUE,
48 'user/password' => TRUE,
49 ];
50 foreach ($paths as $path => $expected_visibility) {
51 $this->drupalGet($path);
52 $elements = $this->xpath('//div[contains(@class,"block-user-login-block") and @role="form"]');
53 if ($expected_visibility) {
54 $this->assertTrue(!empty($elements), 'User login block in path "' . $path . '" should be visible');
55 }
56 else {
57 $this->assertTrue(empty($elements), 'User login block in path "' . $path . '" should not be visible');
58 }
59 }
60 }
61
62 /**
63 * Test the user login block.
64 */
65 public function testUserLoginBlock() {
66 // Create a user with some permission that anonymous users lack.
67 $user = $this->drupalCreateUser(['administer permissions']);
68
69 // Log in using the block.
70 $edit = [];
71 $edit['name'] = $user->getUsername();
72 $edit['pass'] = $user->pass_raw;
73 $this->drupalPostForm('admin/people/permissions', $edit, t('Log in'));
74 $this->assertNoText(t('User login'), 'Logged in.');
75
76 // Check that we are still on the same page.
77 $this->assertUrl(\Drupal::url('user.admin_permissions', [], ['absolute' => TRUE]), [], 'Still on the same page after login for access denied page');
78
79 // Now, log out and repeat with a non-403 page.
80 $this->drupalLogout();
81 $this->drupalGet('filter/tips');
82 $this->assertEqual('MISS', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
83 $this->drupalPostForm(NULL, $edit, t('Log in'));
84 $this->assertNoText(t('User login'), 'Logged in.');
85 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
86
87 // Log out again and repeat with a non-403 page including query arguments.
88 $this->drupalLogout();
89 $this->drupalGet('filter/tips', ['query' => ['foo' => 'bar']]);
90 $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
91 $this->drupalPostForm(NULL, $edit, t('Log in'));
92 $this->assertNoText(t('User login'), 'Logged in.');
93 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
94 $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=bar') !== FALSE, 'Correct query arguments are displayed after login');
95
96 // Repeat with different query arguments.
97 $this->drupalLogout();
98 $this->drupalGet('filter/tips', ['query' => ['foo' => 'baz']]);
99 $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
100 $this->drupalPostForm(NULL, $edit, t('Log in'));
101 $this->assertNoText(t('User login'), 'Logged in.');
102 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
103 $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=baz') !== FALSE, 'Correct query arguments are displayed after login');
104
105 // Check that the user login block is not vulnerable to information
106 // disclosure to third party sites.
107 $this->drupalLogout();
108 $this->drupalPostForm('http://example.com/', $edit, t('Log in'), ['external' => FALSE]);
109 // Check that we remain on the site after login.
110 $this->assertUrl($user->url('canonical', ['absolute' => TRUE]), [], 'Redirected to user profile page after login from the frontpage');
111
112 // Verify that form validation errors are displayed immediately for forms
113 // in blocks and not on subsequent page requests.
114 $this->drupalLogout();
115 $edit = [];
116 $edit['name'] = 'foo';
117 $edit['pass'] = 'invalid password';
118 $this->drupalPostForm('filter/tips', $edit, t('Log in'));
119 $this->assertText(t('Unrecognized username or password. Forgot your password?'));
120 $this->drupalGet('filter/tips');
121 $this->assertNoText(t('Unrecognized username or password. Forgot your password?'));
122 }
123
124 /**
125 * Test the Who's Online block.
126 */
127 public function testWhosOnlineBlock() {
128 $block = $this->drupalPlaceBlock('views_block:who_s_online-who_s_online_block');
129
130 // Generate users.
131 $user1 = $this->drupalCreateUser(['access user profiles']);
132 $user2 = $this->drupalCreateUser([]);
133 $user3 = $this->drupalCreateUser([]);
134
135 // Update access of two users to be within the active timespan.
136 $this->updateAccess($user1->id());
137 $this->updateAccess($user2->id(), REQUEST_TIME + 1);
138
139 // Insert an inactive user who should not be seen in the block, and ensure
140 // that the admin user used in setUp() does not appear.
141 $inactive_time = REQUEST_TIME - (15 * 60) - 1;
142 $this->updateAccess($user3->id(), $inactive_time);
143 $this->updateAccess($this->adminUser->id(), $inactive_time);
144
145 // Test block output.
146 \Drupal::currentUser()->setAccount($user1);
147 $content = entity_view($block, 'block');
148 $this->setRawContent(\Drupal::service('renderer')->renderRoot($content));
149 $this->assertRaw(t('2 users'), 'Correct number of online users (2 users).');
150 $this->assertText($user1->getUsername(), 'Active user 1 found in online list.');
151 $this->assertText($user2->getUsername(), 'Active user 2 found in online list.');
152 $this->assertNoText($user3->getUsername(), 'Inactive user not found in online list.');
153 $this->assertTrue(strpos($this->getRawContent(), $user1->getUsername()) > strpos($this->getRawContent(), $user2->getUsername()), 'Online users are ordered correctly.');
154 }
155
156 /**
157 * Updates the access column for a user.
158 */
159 private function updateAccess($uid, $access = REQUEST_TIME) {
160 db_update('users_field_data')
161 ->condition('uid', $uid)
162 ->fields(['access' => $access])
163 ->execute();
164 }
165
166 }