Chris@17: <?php
Chris@17: 
Chris@17: namespace Drupal\Tests\user\Functional;
Chris@17: 
Chris@18: use Drupal\Core\Url;
Chris@18: use Drupal\Core\Database\Database;
Chris@17: use Drupal\dynamic_page_cache\EventSubscriber\DynamicPageCacheSubscriber;
Chris@17: use Drupal\Tests\BrowserTestBase;
Chris@17: 
Chris@17: /**
Chris@17:  * Tests user blocks.
Chris@17:  *
Chris@17:  * @group user
Chris@17:  */
Chris@17: class UserBlocksTest extends BrowserTestBase {
Chris@17: 
Chris@17:   /**
Chris@17:    * Modules to enable.
Chris@17:    *
Chris@17:    * @var array
Chris@17:    */
Chris@17:   public static $modules = ['block', 'views'];
Chris@17: 
Chris@17:   /**
Chris@17:    * A user with the 'administer blocks' permission.
Chris@17:    *
Chris@17:    * @var \Drupal\user\UserInterface
Chris@17:    */
Chris@17:   protected $adminUser;
Chris@17: 
Chris@17:   protected function setUp() {
Chris@17:     parent::setUp();
Chris@17: 
Chris@17:     $this->adminUser = $this->drupalCreateUser(['administer blocks']);
Chris@17:     $this->drupalLogin($this->adminUser);
Chris@17:     $this->drupalPlaceBlock('user_login_block');
Chris@17:     $this->drupalLogout($this->adminUser);
Chris@17:   }
Chris@17: 
Chris@17:   /**
Chris@17:    * Tests that user login block is hidden from user/login.
Chris@17:    */
Chris@17:   public function testUserLoginBlockVisibility() {
Chris@17:     // Array keyed list where key being the URL address and value being expected
Chris@17:     // visibility as boolean type.
Chris@17:     $paths = [
Chris@17:       'node' => TRUE,
Chris@17:       'user/login' => FALSE,
Chris@17:       'user/register' => TRUE,
Chris@17:       'user/password' => TRUE,
Chris@17:     ];
Chris@17:     foreach ($paths as $path => $expected_visibility) {
Chris@17:       $this->drupalGet($path);
Chris@17:       $elements = $this->xpath('//div[contains(@class,"block-user-login-block") and @role="form"]');
Chris@17:       if ($expected_visibility) {
Chris@17:         $this->assertTrue(!empty($elements), 'User login block in path "' . $path . '" should be visible');
Chris@17:       }
Chris@17:       else {
Chris@17:         $this->assertTrue(empty($elements), 'User login block in path "' . $path . '" should not be visible');
Chris@17:       }
Chris@17:     }
Chris@17:   }
Chris@17: 
Chris@17:   /**
Chris@17:    * Test the user login block.
Chris@17:    */
Chris@17:   public function testUserLoginBlock() {
Chris@17:     // Create a user with some permission that anonymous users lack.
Chris@17:     $user = $this->drupalCreateUser(['administer permissions']);
Chris@17: 
Chris@17:     // Log in using the block.
Chris@17:     $edit = [];
Chris@18:     $edit['name'] = $user->getAccountName();
Chris@17:     $edit['pass'] = $user->passRaw;
Chris@17:     $this->drupalPostForm('admin/people/permissions', $edit, t('Log in'));
Chris@17:     $this->assertNoText(t('User login'), 'Logged in.');
Chris@17: 
Chris@17:     // Check that we are still on the same page.
Chris@18:     $this->assertUrl(Url::fromRoute('user.admin_permissions', [], ['absolute' => TRUE])->toString(), [], 'Still on the same page after login for access denied page');
Chris@17: 
Chris@17:     // Now, log out and repeat with a non-403 page.
Chris@17:     $this->drupalLogout();
Chris@17:     $this->drupalGet('filter/tips');
Chris@17:     $this->assertEqual('MISS', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
Chris@17:     $this->drupalPostForm(NULL, $edit, t('Log in'));
Chris@17:     $this->assertNoText(t('User login'), 'Logged in.');
Chris@17:     $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
Chris@17: 
Chris@17:     // Log out again and repeat with a non-403 page including query arguments.
Chris@17:     $this->drupalLogout();
Chris@17:     $this->drupalGet('filter/tips', ['query' => ['foo' => 'bar']]);
Chris@17:     $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
Chris@17:     $this->drupalPostForm(NULL, $edit, t('Log in'));
Chris@17:     $this->assertNoText(t('User login'), 'Logged in.');
Chris@17:     $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
Chris@17:     $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=bar') !== FALSE, 'Correct query arguments are displayed after login');
Chris@17: 
Chris@17:     // Repeat with different query arguments.
Chris@17:     $this->drupalLogout();
Chris@17:     $this->drupalGet('filter/tips', ['query' => ['foo' => 'baz']]);
Chris@17:     $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
Chris@17:     $this->drupalPostForm(NULL, $edit, t('Log in'));
Chris@17:     $this->assertNoText(t('User login'), 'Logged in.');
Chris@17:     $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
Chris@17:     $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=baz') !== FALSE, 'Correct query arguments are displayed after login');
Chris@17: 
Chris@17:     // Check that the user login block is not vulnerable to information
Chris@17:     // disclosure to third party sites.
Chris@17:     $this->drupalLogout();
Chris@17:     $this->drupalPostForm('http://example.com/', $edit, t('Log in'), ['external' => FALSE]);
Chris@17:     // Check that we remain on the site after login.
Chris@18:     $this->assertUrl($user->toUrl('canonical', ['absolute' => TRUE])->toString(), [], 'Redirected to user profile page after login from the frontpage');
Chris@17: 
Chris@17:     // Verify that form validation errors are displayed immediately for forms
Chris@17:     // in blocks and not on subsequent page requests.
Chris@17:     $this->drupalLogout();
Chris@17:     $edit = [];
Chris@17:     $edit['name'] = 'foo';
Chris@17:     $edit['pass'] = 'invalid password';
Chris@17:     $this->drupalPostForm('filter/tips', $edit, t('Log in'));
Chris@17:     $this->assertText(t('Unrecognized username or password. Forgot your password?'));
Chris@17:     $this->drupalGet('filter/tips');
Chris@17:     $this->assertNoText(t('Unrecognized username or password. Forgot your password?'));
Chris@17:   }
Chris@17: 
Chris@17:   /**
Chris@17:    * Updates the access column for a user.
Chris@17:    */
Chris@17:   private function updateAccess($uid, $access = REQUEST_TIME) {
Chris@18:     Database::getConnection()->update('users_field_data')
Chris@17:       ->condition('uid', $uid)
Chris@17:       ->fields(['access' => $access])
Chris@17:       ->execute();
Chris@17:   }
Chris@17: 
Chris@17: }