Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\system\Tests\System;
Chris@0: 
Chris@0: use Drupal\Component\Utility\SafeMarkup;
Chris@0: use Drupal\simpletest\WebTestBase;
Chris@0: use Drupal\user\RoleInterface;
Chris@0: 
Chris@0: /**
Chris@0:  * Tests page access denied functionality, including custom 403 pages.
Chris@0:  *
Chris@0:  * @group system
Chris@0:  */
Chris@0: class AccessDeniedTest extends WebTestBase {
Chris@0: 
Chris@0:   /**
Chris@0:    * Modules to enable.
Chris@0:    *
Chris@0:    * @var array
Chris@0:    */
Chris@0:   public static $modules = ['block', 'node', 'system_test'];
Chris@0: 
Chris@0:   protected $adminUser;
Chris@0: 
Chris@0:   protected function setUp() {
Chris@0:     parent::setUp();
Chris@0: 
Chris@0:     $this->drupalPlaceBlock('page_title_block');
Chris@0: 
Chris@0:     // Create an administrative user.
Chris@0:     $this->adminUser = $this->drupalCreateUser(['access administration pages', 'administer site configuration', 'link to any page', 'administer blocks']);
Chris@0:     $this->adminUser->roles[] = 'administrator';
Chris@0:     $this->adminUser->save();
Chris@0: 
Chris@0:     user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access user profiles']);
Chris@0:     user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, ['access user profiles']);
Chris@0:   }
Chris@0: 
Chris@0:   public function testAccessDenied() {
Chris@0:     $this->drupalGet('admin');
Chris@0:     $this->assertText(t('Access denied'), 'Found the default 403 page');
Chris@0:     $this->assertResponse(403);
Chris@0: 
Chris@0:     // Ensure that users without permission are denied access and have the
Chris@0:     // correct path information in drupalSettings.
Chris@0:     $this->drupalLogin($this->createUser([]));
Chris@0:     $this->drupalGet('admin', ['query' => ['foo' => 'bar']]);
Chris@0:     $this->assertEqual($this->drupalSettings['path']['currentPath'], 'admin');
Chris@0:     $this->assertEqual($this->drupalSettings['path']['currentPathIsAdmin'], TRUE);
Chris@0:     $this->assertEqual($this->drupalSettings['path']['currentQuery'], ['foo' => 'bar']);
Chris@0: 
Chris@0:     $this->drupalLogin($this->adminUser);
Chris@0: 
Chris@0:     // Set a custom 404 page without a starting slash.
Chris@0:     $edit = [
Chris@0:       'site_403' => 'user/' . $this->adminUser->id(),
Chris@0:     ];
Chris@0:     $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
Chris@0:     $this->assertRaw(SafeMarkup::format("The path '%path' has to start with a slash.", ['%path' => $edit['site_403']]));
Chris@0: 
Chris@0:     // Use a custom 403 page.
Chris@0:     $edit = [
Chris@0:       'site_403' => '/user/' . $this->adminUser->id(),
Chris@0:     ];
Chris@0:     $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
Chris@0: 
Chris@0:     // Enable the user login block.
Chris@0:     $block = $this->drupalPlaceBlock('user_login_block', ['id' => 'login']);
Chris@0: 
Chris@0:     // Log out and check that the user login block is shown on custom 403 pages.
Chris@0:     $this->drupalLogout();
Chris@0:     $this->drupalGet('admin');
Chris@0:     $this->assertText($this->adminUser->getUsername(), 'Found the custom 403 page');
Chris@0:     $this->assertText(t('Username'), 'Blocks are shown on the custom 403 page');
Chris@0: 
Chris@0:     // Log back in and remove the custom 403 page.
Chris@0:     $this->drupalLogin($this->adminUser);
Chris@0:     $edit = [
Chris@0:       'site_403' => '',
Chris@0:     ];
Chris@0:     $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
Chris@0: 
Chris@0:     // Logout and check that the user login block is shown on default 403 pages.
Chris@0:     $this->drupalLogout();
Chris@0:     $this->drupalGet('admin');
Chris@0:     $this->assertText(t('Access denied'), 'Found the default 403 page');
Chris@0:     $this->assertResponse(403);
Chris@0:     $this->assertText(t('Username'), 'Blocks are shown on the default 403 page');
Chris@0: 
Chris@0:     // Log back in, set the custom 403 page to /user/login and remove the block
Chris@0:     $this->drupalLogin($this->adminUser);
Chris@0:     $this->config('system.site')->set('page.403', '/user/login')->save();
Chris@0:     $block->disable()->save();
Chris@0: 
Chris@0:     // Check that we can log in from the 403 page.
Chris@0:     $this->drupalLogout();
Chris@0:     $edit = [
Chris@0:       'name' => $this->adminUser->getUsername(),
Chris@0:       'pass' => $this->adminUser->pass_raw,
Chris@0:     ];
Chris@0:     $this->drupalPostForm('admin/config/system/site-information', $edit, t('Log in'));
Chris@0: 
Chris@0:     // Check that we're still on the same page.
Chris@0:     $this->assertText(t('Basic site settings'));
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Tests that an inaccessible custom 403 page falls back to the default.
Chris@0:    */
Chris@0:   public function testAccessDeniedCustomPageWithAccessDenied() {
Chris@0:     // Sets up a 403 page not accessible by the anonymous user.
Chris@0:     $this->config('system.site')->set('page.403', '/system-test/custom-4xx')->save();
Chris@0: 
Chris@0:     $this->drupalGet('/system-test/always-denied');
Chris@0:     $this->assertNoText('Admin-only 4xx response');
Chris@0:     $this->assertText('You are not authorized to access this page.');
Chris@0:     $this->assertResponse(403);
Chris@0:     // Verify the access cacheability metadata for custom 403 is bubbled.
Chris@0:     $this->assertCacheContext('user.roles');
Chris@0: 
Chris@0:     $this->drupalLogin($this->adminUser);
Chris@0:     $this->drupalGet('/system-test/always-denied');
Chris@0:     $this->assertText('Admin-only 4xx response');
Chris@0:     $this->assertResponse(403);
Chris@0:     // Verify the access cacheability metadata for custom 403 is bubbled.
Chris@0:     $this->assertCacheContext('user.roles');
Chris@0:   }
Chris@0: 
Chris@0: }