Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\user\Tests;
Chris@0: 
Chris@0: use Drupal\dynamic_page_cache\EventSubscriber\DynamicPageCacheSubscriber;
Chris@0: use Drupal\simpletest\WebTestBase;
Chris@0: 
Chris@0: /**
Chris@0:  * Tests user blocks.
Chris@0:  *
Chris@0:  * @group user
Chris@0:  */
Chris@0: class UserBlocksTest extends WebTestBase {
Chris@0: 
Chris@0:   /**
Chris@0:    * Modules to enable.
Chris@0:    *
Chris@0:    * @var array
Chris@0:    */
Chris@0:   public static $modules = ['block', 'views'];
Chris@0: 
Chris@0:   /**
Chris@0:    * A user with the 'administer blocks' permission.
Chris@0:    *
Chris@0:    * @var \Drupal\user\UserInterface
Chris@0:    */
Chris@0:   protected $adminUser;
Chris@0: 
Chris@0:   protected function setUp() {
Chris@0:     parent::setUp();
Chris@0: 
Chris@0:     $this->adminUser = $this->drupalCreateUser(['administer blocks']);
Chris@0:     $this->drupalLogin($this->adminUser);
Chris@0:     $this->drupalPlaceBlock('user_login_block');
Chris@0:     $this->drupalLogout($this->adminUser);
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Tests that user login block is hidden from user/login.
Chris@0:    */
Chris@0:   public function testUserLoginBlockVisibility() {
Chris@0:     // Array keyed list where key being the URL address and value being expected
Chris@0:     // visibility as boolean type.
Chris@0:     $paths = [
Chris@0:       'node' => TRUE,
Chris@0:       'user/login' => FALSE,
Chris@0:       'user/register' => TRUE,
Chris@0:       'user/password' => TRUE,
Chris@0:     ];
Chris@0:     foreach ($paths as $path => $expected_visibility) {
Chris@0:       $this->drupalGet($path);
Chris@0:       $elements = $this->xpath('//div[contains(@class,"block-user-login-block") and @role="form"]');
Chris@0:       if ($expected_visibility) {
Chris@0:         $this->assertTrue(!empty($elements), 'User login block in path "' . $path . '" should be visible');
Chris@0:       }
Chris@0:       else {
Chris@0:         $this->assertTrue(empty($elements), 'User login block in path "' . $path . '" should not be visible');
Chris@0:       }
Chris@0:     }
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Test the user login block.
Chris@0:    */
Chris@0:   public function testUserLoginBlock() {
Chris@0:     // Create a user with some permission that anonymous users lack.
Chris@0:     $user = $this->drupalCreateUser(['administer permissions']);
Chris@0: 
Chris@0:     // Log in using the block.
Chris@0:     $edit = [];
Chris@0:     $edit['name'] = $user->getUsername();
Chris@0:     $edit['pass'] = $user->pass_raw;
Chris@0:     $this->drupalPostForm('admin/people/permissions', $edit, t('Log in'));
Chris@0:     $this->assertNoText(t('User login'), 'Logged in.');
Chris@0: 
Chris@0:     // Check that we are still on the same page.
Chris@0:     $this->assertUrl(\Drupal::url('user.admin_permissions', [], ['absolute' => TRUE]), [], 'Still on the same page after login for access denied page');
Chris@0: 
Chris@0:     // Now, log out and repeat with a non-403 page.
Chris@0:     $this->drupalLogout();
Chris@0:     $this->drupalGet('filter/tips');
Chris@0:     $this->assertEqual('MISS', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
Chris@0:     $this->drupalPostForm(NULL, $edit, t('Log in'));
Chris@0:     $this->assertNoText(t('User login'), 'Logged in.');
Chris@0:     $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
Chris@0: 
Chris@0:     // Log out again and repeat with a non-403 page including query arguments.
Chris@0:     $this->drupalLogout();
Chris@0:     $this->drupalGet('filter/tips', ['query' => ['foo' => 'bar']]);
Chris@0:     $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
Chris@0:     $this->drupalPostForm(NULL, $edit, t('Log in'));
Chris@0:     $this->assertNoText(t('User login'), 'Logged in.');
Chris@0:     $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
Chris@0:     $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=bar') !== FALSE, 'Correct query arguments are displayed after login');
Chris@0: 
Chris@0:     // Repeat with different query arguments.
Chris@0:     $this->drupalLogout();
Chris@0:     $this->drupalGet('filter/tips', ['query' => ['foo' => 'baz']]);
Chris@0:     $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
Chris@0:     $this->drupalPostForm(NULL, $edit, t('Log in'));
Chris@0:     $this->assertNoText(t('User login'), 'Logged in.');
Chris@0:     $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
Chris@0:     $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=baz') !== FALSE, 'Correct query arguments are displayed after login');
Chris@0: 
Chris@0:     // Check that the user login block is not vulnerable to information
Chris@0:     // disclosure to third party sites.
Chris@0:     $this->drupalLogout();
Chris@0:     $this->drupalPostForm('http://example.com/', $edit, t('Log in'), ['external' => FALSE]);
Chris@0:     // Check that we remain on the site after login.
Chris@0:     $this->assertUrl($user->url('canonical', ['absolute' => TRUE]), [], 'Redirected to user profile page after login from the frontpage');
Chris@0: 
Chris@0:     // Verify that form validation errors are displayed immediately for forms
Chris@0:     // in blocks and not on subsequent page requests.
Chris@0:     $this->drupalLogout();
Chris@0:     $edit = [];
Chris@0:     $edit['name'] = 'foo';
Chris@0:     $edit['pass'] = 'invalid password';
Chris@0:     $this->drupalPostForm('filter/tips', $edit, t('Log in'));
Chris@0:     $this->assertText(t('Unrecognized username or password. Forgot your password?'));
Chris@0:     $this->drupalGet('filter/tips');
Chris@0:     $this->assertNoText(t('Unrecognized username or password. Forgot your password?'));
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Test the Who's Online block.
Chris@0:    */
Chris@0:   public function testWhosOnlineBlock() {
Chris@0:     $block = $this->drupalPlaceBlock('views_block:who_s_online-who_s_online_block');
Chris@0: 
Chris@0:     // Generate users.
Chris@0:     $user1 = $this->drupalCreateUser(['access user profiles']);
Chris@0:     $user2 = $this->drupalCreateUser([]);
Chris@0:     $user3 = $this->drupalCreateUser([]);
Chris@0: 
Chris@0:     // Update access of two users to be within the active timespan.
Chris@0:     $this->updateAccess($user1->id());
Chris@0:     $this->updateAccess($user2->id(), REQUEST_TIME + 1);
Chris@0: 
Chris@0:     // Insert an inactive user who should not be seen in the block, and ensure
Chris@0:     // that the admin user used in setUp() does not appear.
Chris@0:     $inactive_time = REQUEST_TIME - (15 * 60) - 1;
Chris@0:     $this->updateAccess($user3->id(), $inactive_time);
Chris@0:     $this->updateAccess($this->adminUser->id(), $inactive_time);
Chris@0: 
Chris@0:     // Test block output.
Chris@0:     \Drupal::currentUser()->setAccount($user1);
Chris@0:     $content = entity_view($block, 'block');
Chris@0:     $this->setRawContent(\Drupal::service('renderer')->renderRoot($content));
Chris@0:     $this->assertRaw(t('2 users'), 'Correct number of online users (2 users).');
Chris@0:     $this->assertText($user1->getUsername(), 'Active user 1 found in online list.');
Chris@0:     $this->assertText($user2->getUsername(), 'Active user 2 found in online list.');
Chris@0:     $this->assertNoText($user3->getUsername(), 'Inactive user not found in online list.');
Chris@0:     $this->assertTrue(strpos($this->getRawContent(), $user1->getUsername()) > strpos($this->getRawContent(), $user2->getUsername()), 'Online users are ordered correctly.');
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Updates the access column for a user.
Chris@0:    */
Chris@0:   private function updateAccess($uid, $access = REQUEST_TIME) {
Chris@0:     db_update('users_field_data')
Chris@0:       ->condition('uid', $uid)
Chris@0:       ->fields(['access' => $access])
Chris@0:       ->execute();
Chris@0:   }
Chris@0: 
Chris@0: }