Mercurial > hg > isophonics-drupal-site
diff core/modules/media/tests/src/FunctionalJavascript/MediaSourceOEmbedVideoTest.php @ 17:129ea1e6d783
Update, including to Drupal core 8.6.10
| author | Chris Cannam |
|---|---|
| date | Thu, 28 Feb 2019 13:21:36 +0000 |
| parents | |
| children | af1871eacc83 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/core/modules/media/tests/src/FunctionalJavascript/MediaSourceOEmbedVideoTest.php Thu Feb 28 13:21:36 2019 +0000 @@ -0,0 +1,217 @@ +<?php + +namespace Drupal\Tests\media\FunctionalJavascript; + +use Drupal\Core\Session\AccountInterface; +use Drupal\media\Entity\Media; +use Drupal\media_test_oembed\Controller\ResourceController; +use Drupal\Tests\media\Traits\OEmbedTestTrait; +use Drupal\user\Entity\Role; +use Symfony\Component\DependencyInjection\ContainerInterface; + +/** + * Tests the oembed:video media source. + * + * @group media + */ +class MediaSourceOEmbedVideoTest extends MediaSourceTestBase { + + /** + * {@inheritdoc} + */ + public static $modules = ['media_test_oembed']; + + use OEmbedTestTrait; + + /** + * {@inheritdoc} + */ + protected function setUp() { + parent::setUp(); + $this->lockHttpClientToFixtures(); + } + + /** + * {@inheritdoc} + */ + protected function initConfig(ContainerInterface $container) { + parent::initConfig($container); + + // Enable twig debugging to make testing template usage easy. + $parameters = $container->getParameter('twig.config'); + $parameters['debug'] = TRUE; + $this->setContainerParameter('twig.config', $parameters); + } + + /** + * Tests the oembed media source. + */ + public function testMediaOEmbedVideoSource() { + $media_type_id = 'test_media_oembed_type'; + $provided_fields = [ + 'type', + 'title', + 'default_name', + 'author_name', + 'author_url', + 'provider_name', + 'provider_url', + 'cache_age', + 'thumbnail_uri', + 'thumbnail_width', + 'thumbnail_height', + 'url', + 'width', + 'height', + 'html', + ]; + + $session = $this->getSession(); + $page = $session->getPage(); + $assert_session = $this->assertSession(); + + $this->doTestCreateMediaType($media_type_id, 'oembed:video', $provided_fields); + + // Create custom fields for the media type to store metadata attributes. + $fields = [ + 'field_string_width' => 'string', + 'field_string_height' => 'string', + 'field_string_author_name' => 'string', + ]; + $this->createMediaTypeFields($fields, $media_type_id); + + // Hide the name field widget to test default name generation. + $this->hideMediaTypeFieldWidget('name', $media_type_id); + + $this->drupalGet("admin/structure/media/manage/$media_type_id"); + // Only accept Vimeo videos. + $page->checkField("source_configuration[providers][Vimeo]"); + $assert_session->selectExists('field_map[width]')->setValue('field_string_width'); + $assert_session->selectExists('field_map[height]')->setValue('field_string_height'); + $assert_session->selectExists('field_map[author_name]')->setValue('field_string_author_name'); + $assert_session->buttonExists('Save')->press(); + + $this->hijackProviderEndpoints(); + $video_url = 'https://vimeo.com/7073899'; + ResourceController::setResourceUrl($video_url, $this->getFixturesDirectory() . '/video_vimeo.json'); + + // Create a media item. + $this->drupalGet("media/add/$media_type_id"); + $assert_session->fieldExists('Remote video URL')->setValue($video_url); + $assert_session->buttonExists('Save')->press(); + + $assert_session->addressEquals('admin/content/media'); + + // Get the media entity view URL from the creation message. + $this->drupalGet($this->assertLinkToCreatedMedia()); + + /** @var \Drupal\media\MediaInterface $media */ + $media = Media::load(1); + + // The thumbnail should have been downloaded. + $thumbnail = $media->getSource()->getMetadata($media, 'thumbnail_uri'); + $this->assertFileExists($thumbnail); + + // Ensure the iframe exists and that its src attribute contains a coherent + // URL with the query parameters we expect. + $iframe_url = $assert_session->elementExists('css', 'iframe')->getAttribute('src'); + $iframe_url = parse_url($iframe_url); + $this->assertStringEndsWith('/media/oembed', $iframe_url['path']); + $this->assertNotEmpty($iframe_url['query']); + $query = []; + parse_str($iframe_url['query'], $query); + $this->assertSame($video_url, $query['url']); + $this->assertNotEmpty($query['hash']); + + // Make sure the thumbnail is displayed from uploaded image. + $assert_session->elementAttributeContains('css', '.image-style-thumbnail', 'src', '/oembed_thumbnails/' . basename($thumbnail)); + + // Load the media and check that all fields are properly populated. + $media = Media::load(1); + $this->assertSame('Drupal Rap Video - Schipulcon09', $media->getName()); + $this->assertSame('480', $media->field_string_width->value); + $this->assertSame('360', $media->field_string_height->value); + + // Try to create a media asset from a disallowed provider. + $this->drupalGet("media/add/$media_type_id"); + $assert_session->fieldExists('Remote video URL')->setValue('http://www.collegehumor.com/video/40003213/grant-and-katie-are-starting-their-own-company'); + $page->pressButton('Save'); + + $assert_session->pageTextContains('The CollegeHumor provider is not allowed.'); + + // Test anonymous access to media via iframe. + $this->drupalLogout(); + + // Without a hash should be denied. + $no_hash_query = array_diff_key($query, ['hash' => '']); + $this->drupalGet('media/oembed', ['query' => $no_hash_query]); + $assert_session->pageTextNotContains('By the power of Greyskull, Vimeo works!'); + $assert_session->pageTextContains('Access denied'); + + // A correct query should be allowed because the anonymous role has the + // 'view media' permission. + $this->drupalGet('media/oembed', ['query' => $query]); + $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!'); + $this->assertRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig'); + $this->assertNoRaw('core/modules/media/templates/media-oembed-iframe.html.twig'); + + // Test themes not inheriting from stable. + \Drupal::service('theme_handler')->install(['stark']); + $this->config('system.theme')->set('default', 'stark')->save(); + $this->drupalGet('media/oembed', ['query' => $query]); + $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!'); + $this->assertNoRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig'); + $this->assertRaw('core/modules/media/templates/media-oembed-iframe.html.twig'); + + // Remove the 'view media' permission to test that this restricts access. + $role = Role::load(AccountInterface::ANONYMOUS_ROLE); + $role->revokePermission('view media'); + $role->save(); + $this->drupalGet('media/oembed', ['query' => $query]); + $assert_session->pageTextNotContains('By the power of Greyskull, Vimeo works!'); + $assert_session->pageTextContains('Access denied'); + } + + /** + * Test that a security warning appears if iFrame domain is not set. + */ + public function testOEmbedSecurityWarning() { + $media_type_id = 'test_media_oembed_type'; + $source_id = 'oembed:video'; + + $session = $this->getSession(); + $page = $session->getPage(); + $assert_session = $this->assertSession(); + + $this->drupalGet('admin/structure/media/add'); + $page->fillField('label', $media_type_id); + $this->getSession() + ->wait(5000, "jQuery('.machine-name-value').text() === '{$media_type_id}'"); + + // Make sure the source is available. + $assert_session->fieldExists('Media source'); + $assert_session->optionExists('Media source', $source_id); + $page->selectFieldOption('Media source', $source_id); + $result = $assert_session->waitForElementVisible('css', 'fieldset[data-drupal-selector="edit-source-configuration"]'); + $this->assertNotEmpty($result); + + $assert_session->pageTextContains('It is potentially insecure to display oEmbed content in a frame'); + + $this->config('media.settings')->set('iframe_domain', 'http://example.com')->save(); + + $this->drupalGet('admin/structure/media/add'); + $page->fillField('label', $media_type_id); + $this->getSession() + ->wait(5000, "jQuery('.machine-name-value').text() === '{$media_type_id}'"); + + // Make sure the source is available. + $assert_session->fieldExists('Media source'); + $assert_session->optionExists('Media source', $source_id); + $page->selectFieldOption('Media source', $source_id); + $result = $assert_session->waitForElementVisible('css', 'fieldset[data-drupal-selector="edit-source-configuration"]'); + $this->assertNotEmpty($result); + + $assert_session->pageTextNotContains('It is potentially insecure to display oEmbed content in a frame'); + } + +}