Chris@17: lockHttpClientToFixtures(); Chris@17: } Chris@17: Chris@17: /** Chris@17: * {@inheritdoc} Chris@17: */ Chris@17: protected function initConfig(ContainerInterface $container) { Chris@17: parent::initConfig($container); Chris@17: Chris@17: // Enable twig debugging to make testing template usage easy. Chris@17: $parameters = $container->getParameter('twig.config'); Chris@17: $parameters['debug'] = TRUE; Chris@17: $this->setContainerParameter('twig.config', $parameters); Chris@17: } Chris@17: Chris@17: /** Chris@17: * Tests the oembed media source. Chris@17: */ Chris@17: public function testMediaOEmbedVideoSource() { Chris@17: $media_type_id = 'test_media_oembed_type'; Chris@17: $provided_fields = [ Chris@17: 'type', Chris@17: 'title', Chris@17: 'default_name', Chris@17: 'author_name', Chris@17: 'author_url', Chris@17: 'provider_name', Chris@17: 'provider_url', Chris@17: 'cache_age', Chris@17: 'thumbnail_uri', Chris@17: 'thumbnail_width', Chris@17: 'thumbnail_height', Chris@17: 'url', Chris@17: 'width', Chris@17: 'height', Chris@17: 'html', Chris@17: ]; Chris@17: Chris@17: $session = $this->getSession(); Chris@17: $page = $session->getPage(); Chris@17: $assert_session = $this->assertSession(); Chris@17: Chris@17: $this->doTestCreateMediaType($media_type_id, 'oembed:video', $provided_fields); Chris@17: Chris@17: // Create custom fields for the media type to store metadata attributes. Chris@17: $fields = [ Chris@17: 'field_string_width' => 'string', Chris@17: 'field_string_height' => 'string', Chris@17: 'field_string_author_name' => 'string', Chris@17: ]; Chris@17: $this->createMediaTypeFields($fields, $media_type_id); Chris@17: Chris@17: // Hide the name field widget to test default name generation. Chris@17: $this->hideMediaTypeFieldWidget('name', $media_type_id); Chris@17: Chris@17: $this->drupalGet("admin/structure/media/manage/$media_type_id"); Chris@17: // Only accept Vimeo videos. Chris@17: $page->checkField("source_configuration[providers][Vimeo]"); Chris@17: $assert_session->selectExists('field_map[width]')->setValue('field_string_width'); Chris@17: $assert_session->selectExists('field_map[height]')->setValue('field_string_height'); Chris@17: $assert_session->selectExists('field_map[author_name]')->setValue('field_string_author_name'); Chris@17: $assert_session->buttonExists('Save')->press(); Chris@17: Chris@18: // Configure the iframe to be narrower than the actual video, so we can Chris@18: // verify that the video scales correctly. Chris@18: $display = entity_get_display('media', $media_type_id, 'default'); Chris@18: $this->assertFalse($display->isNew()); Chris@18: $component = $display->getComponent('field_media_oembed_video'); Chris@18: $this->assertInternalType('array', $component); Chris@18: $component['settings']['max_width'] = 240; Chris@18: $display->setComponent('field_media_oembed_video', $component); Chris@18: $this->assertSame(SAVED_UPDATED, $display->save()); Chris@18: Chris@17: $this->hijackProviderEndpoints(); Chris@17: $video_url = 'https://vimeo.com/7073899'; Chris@17: ResourceController::setResourceUrl($video_url, $this->getFixturesDirectory() . '/video_vimeo.json'); Chris@17: Chris@17: // Create a media item. Chris@17: $this->drupalGet("media/add/$media_type_id"); Chris@17: $assert_session->fieldExists('Remote video URL')->setValue($video_url); Chris@17: $assert_session->buttonExists('Save')->press(); Chris@17: Chris@17: $assert_session->addressEquals('admin/content/media'); Chris@17: Chris@17: // Get the media entity view URL from the creation message. Chris@17: $this->drupalGet($this->assertLinkToCreatedMedia()); Chris@17: Chris@17: /** @var \Drupal\media\MediaInterface $media */ Chris@17: $media = Media::load(1); Chris@17: Chris@17: // The thumbnail should have been downloaded. Chris@17: $thumbnail = $media->getSource()->getMetadata($media, 'thumbnail_uri'); Chris@17: $this->assertFileExists($thumbnail); Chris@17: Chris@18: // Ensure the iframe exists and has the expected CSS class, and that its src Chris@18: // attribute contains a coherent URL with the query parameters we expect. Chris@18: $iframe = $assert_session->elementExists('css', 'iframe.media-oembed-content'); Chris@18: $iframe_url = parse_url($iframe->getAttribute('src')); Chris@17: $this->assertStringEndsWith('/media/oembed', $iframe_url['path']); Chris@17: $this->assertNotEmpty($iframe_url['query']); Chris@17: $query = []; Chris@17: parse_str($iframe_url['query'], $query); Chris@17: $this->assertSame($video_url, $query['url']); Chris@17: $this->assertNotEmpty($query['hash']); Chris@18: // Ensure that the outer iframe's width respects the formatter settings. Chris@18: $this->assertSame('240', $iframe->getAttribute('width')); Chris@18: // Check the inner iframe to make sure that CSS has been applied to scale it Chris@18: // correctly, regardless of whatever its width attribute may be (the fixture Chris@18: // hard-codes it to 480). Chris@18: $inner_frame = 'frames[0].document.querySelector("iframe")'; Chris@18: $this->assertSame('480', $session->evaluateScript("$inner_frame.getAttribute('width')")); Chris@18: $this->assertLessThanOrEqual(240, $session->evaluateScript("$inner_frame.clientWidth")); Chris@17: Chris@17: // Make sure the thumbnail is displayed from uploaded image. Chris@17: $assert_session->elementAttributeContains('css', '.image-style-thumbnail', 'src', '/oembed_thumbnails/' . basename($thumbnail)); Chris@17: Chris@17: // Load the media and check that all fields are properly populated. Chris@17: $media = Media::load(1); Chris@17: $this->assertSame('Drupal Rap Video - Schipulcon09', $media->getName()); Chris@17: $this->assertSame('480', $media->field_string_width->value); Chris@17: $this->assertSame('360', $media->field_string_height->value); Chris@17: Chris@17: // Try to create a media asset from a disallowed provider. Chris@17: $this->drupalGet("media/add/$media_type_id"); Chris@17: $assert_session->fieldExists('Remote video URL')->setValue('http://www.collegehumor.com/video/40003213/grant-and-katie-are-starting-their-own-company'); Chris@17: $page->pressButton('Save'); Chris@17: Chris@17: $assert_session->pageTextContains('The CollegeHumor provider is not allowed.'); Chris@17: Chris@17: // Test anonymous access to media via iframe. Chris@17: $this->drupalLogout(); Chris@17: Chris@17: // Without a hash should be denied. Chris@17: $no_hash_query = array_diff_key($query, ['hash' => '']); Chris@17: $this->drupalGet('media/oembed', ['query' => $no_hash_query]); Chris@17: $assert_session->pageTextNotContains('By the power of Greyskull, Vimeo works!'); Chris@17: $assert_session->pageTextContains('Access denied'); Chris@17: Chris@17: // A correct query should be allowed because the anonymous role has the Chris@17: // 'view media' permission. Chris@17: $this->drupalGet('media/oembed', ['query' => $query]); Chris@17: $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!'); Chris@17: $this->assertRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig'); Chris@17: $this->assertNoRaw('core/modules/media/templates/media-oembed-iframe.html.twig'); Chris@17: Chris@17: // Test themes not inheriting from stable. Chris@17: \Drupal::service('theme_handler')->install(['stark']); Chris@17: $this->config('system.theme')->set('default', 'stark')->save(); Chris@17: $this->drupalGet('media/oembed', ['query' => $query]); Chris@17: $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!'); Chris@17: $this->assertNoRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig'); Chris@17: $this->assertRaw('core/modules/media/templates/media-oembed-iframe.html.twig'); Chris@17: Chris@17: // Remove the 'view media' permission to test that this restricts access. Chris@17: $role = Role::load(AccountInterface::ANONYMOUS_ROLE); Chris@17: $role->revokePermission('view media'); Chris@17: $role->save(); Chris@17: $this->drupalGet('media/oembed', ['query' => $query]); Chris@17: $assert_session->pageTextNotContains('By the power of Greyskull, Vimeo works!'); Chris@17: $assert_session->pageTextContains('Access denied'); Chris@17: } Chris@17: Chris@17: /** Chris@17: * Test that a security warning appears if iFrame domain is not set. Chris@17: */ Chris@17: public function testOEmbedSecurityWarning() { Chris@17: $media_type_id = 'test_media_oembed_type'; Chris@17: $source_id = 'oembed:video'; Chris@17: Chris@17: $session = $this->getSession(); Chris@17: $page = $session->getPage(); Chris@17: $assert_session = $this->assertSession(); Chris@17: Chris@17: $this->drupalGet('admin/structure/media/add'); Chris@17: $page->fillField('label', $media_type_id); Chris@17: $this->getSession() Chris@17: ->wait(5000, "jQuery('.machine-name-value').text() === '{$media_type_id}'"); Chris@17: Chris@17: // Make sure the source is available. Chris@17: $assert_session->fieldExists('Media source'); Chris@17: $assert_session->optionExists('Media source', $source_id); Chris@17: $page->selectFieldOption('Media source', $source_id); Chris@17: $result = $assert_session->waitForElementVisible('css', 'fieldset[data-drupal-selector="edit-source-configuration"]'); Chris@17: $this->assertNotEmpty($result); Chris@17: Chris@17: $assert_session->pageTextContains('It is potentially insecure to display oEmbed content in a frame'); Chris@17: Chris@17: $this->config('media.settings')->set('iframe_domain', 'http://example.com')->save(); Chris@17: Chris@17: $this->drupalGet('admin/structure/media/add'); Chris@17: $page->fillField('label', $media_type_id); Chris@17: $this->getSession() Chris@17: ->wait(5000, "jQuery('.machine-name-value').text() === '{$media_type_id}'"); Chris@17: Chris@17: // Make sure the source is available. Chris@17: $assert_session->fieldExists('Media source'); Chris@17: $assert_session->optionExists('Media source', $source_id); Chris@17: $page->selectFieldOption('Media source', $source_id); Chris@17: $result = $assert_session->waitForElementVisible('css', 'fieldset[data-drupal-selector="edit-source-configuration"]'); Chris@17: $this->assertNotEmpty($result); Chris@17: Chris@17: $assert_session->pageTextNotContains('It is potentially insecure to display oEmbed content in a frame'); Chris@17: } Chris@17: Chris@17: }