Chris@0: drupalLogin($this->drupalCreateUser(['administer unit tests'])); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Test the internal browsers functionality. Chris@0: */ Chris@0: public function testInternalBrowser() { Chris@0: // Retrieve the test page and check its title and headers. Chris@0: $this->drupalGet('test-page'); Chris@0: $this->assertTrue($this->drupalGetHeader('Date'), 'An HTTP header was received.'); Chris@0: $this->assertTitle(t('Test page | @site-name', [ Chris@0: '@site-name' => $this->config('system.site')->get('name'), Chris@0: ])); Chris@0: $this->assertNoTitle('Foo'); Chris@0: Chris@0: $old_user_id = $this->container->get('current_user')->id(); Chris@0: $user = $this->drupalCreateUser(); Chris@0: $this->drupalLogin($user); Chris@0: // Check that current user service updated. Chris@0: $this->assertNotEqual($old_user_id, $this->container->get('current_user')->id(), 'Current user service updated.'); Chris@0: $headers = $this->drupalGetHeaders(TRUE); Chris@0: $this->assertEqual(count($headers), 2, 'There was one intermediate request.'); Chris@0: $this->assertTrue(strpos($headers[0][':status'], '303') !== FALSE, 'Intermediate response code was 303.'); Chris@0: $this->assertFalse(empty($headers[0]['location']), 'Intermediate request contained a Location header.'); Chris@0: $this->assertEqual($this->getUrl(), $headers[0]['location'], 'HTTP redirect was followed'); Chris@0: $this->assertFalse($this->drupalGetHeader('Location'), 'Headers from intermediate request were reset.'); Chris@0: $this->assertResponse(200, 'Response code from intermediate request was reset.'); Chris@0: Chris@0: $this->drupalLogout(); Chris@0: // Check that current user service updated to anonymous user. Chris@0: $this->assertEqual(0, $this->container->get('current_user')->id(), 'Current user service updated.'); Chris@0: Chris@0: // Test the maximum redirection option. Chris@0: $this->maximumRedirects = 1; Chris@0: $edit = [ Chris@18: 'name' => $user->getAccountName(), Chris@17: 'pass' => $user->pass_raw, Chris@0: ]; Chris@0: $this->drupalPostForm('user/login', $edit, t('Log in'), [ Chris@0: 'query' => ['destination' => 'user/logout'], Chris@0: ]); Chris@0: $headers = $this->drupalGetHeaders(TRUE); Chris@0: $this->assertEqual(count($headers), 2, 'Simpletest stopped following redirects after the first one.'); Chris@0: Chris@0: // Remove the Simpletest private key file so we can test the protection Chris@0: // against requests that forge a valid testing user agent to gain access Chris@0: // to the installer. Chris@0: // @see drupal_valid_test_ua() Chris@0: // Not using File API; a potential error must trigger a PHP warning. Chris@0: unlink($this->siteDirectory . '/.htkey'); Chris@0: $this->drupalGet(Url::fromUri('base:core/install.php', ['external' => TRUE, 'absolute' => TRUE])->toString()); Chris@0: $this->assertResponse(403, 'Cannot access install.php.'); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Test validation of the User-Agent header we use to perform test requests. Chris@0: */ Chris@0: public function testUserAgentValidation() { Chris@0: global $base_url; Chris@0: Chris@0: // Logout the user which was logged in during test-setup. Chris@0: $this->drupalLogout(); Chris@0: Chris@0: $system_path = $base_url . '/' . drupal_get_path('module', 'system'); Chris@0: $http_path = $system_path . '/tests/http.php/user/login'; Chris@0: $https_path = $system_path . '/tests/https.php/user/login'; Chris@0: // Generate a valid simpletest User-Agent to pass validation. Chris@0: $this->assertTrue(preg_match('/test\d+/', $this->databasePrefix, $matches), 'Database prefix contains test prefix.'); Chris@0: $test_ua = drupal_generate_test_ua($matches[0]); Chris@0: $this->additionalCurlOptions = [CURLOPT_USERAGENT => $test_ua]; Chris@0: Chris@0: // Test pages only available for testing. Chris@0: $this->drupalGet($http_path); Chris@0: $this->assertResponse(200, 'Requesting http.php with a legitimate simpletest User-Agent returns OK.'); Chris@0: $this->drupalGet($https_path); Chris@0: $this->assertResponse(200, 'Requesting https.php with a legitimate simpletest User-Agent returns OK.'); Chris@0: Chris@0: // Now slightly modify the HMAC on the header, which should not validate. Chris@0: $this->additionalCurlOptions = [CURLOPT_USERAGENT => $test_ua . 'X']; Chris@0: $this->drupalGet($http_path); Chris@0: $this->assertResponse(403, 'Requesting http.php with a bad simpletest User-Agent fails.'); Chris@0: $this->drupalGet($https_path); Chris@0: $this->assertResponse(403, 'Requesting https.php with a bad simpletest User-Agent fails.'); Chris@0: Chris@0: // Use a real User-Agent and verify that the special files http.php and Chris@0: // https.php can't be accessed. Chris@0: $this->additionalCurlOptions = [CURLOPT_USERAGENT => 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12']; Chris@0: $this->drupalGet($http_path); Chris@0: $this->assertResponse(403, 'Requesting http.php with a normal User-Agent fails.'); Chris@0: $this->drupalGet($https_path); Chris@0: $this->assertResponse(403, 'Requesting https.php with a normal User-Agent fails.'); Chris@0: } Chris@0: Chris@0: }