View source
<?php
namespace Drupal\Tests\cas\Unit\Service;
use Drupal\cas\Service\CasHelper;
use Drupal\Component\Render\FormattableMarkup;
use Drupal\Core\Logger\LoggerChannelFactory;
use Drupal\Core\Utility\Token;
use Drupal\Tests\UnitTestCase;
use Psr\Log\LogLevel;
use Symfony\Component\HttpFoundation\Request;
class CasHelperTest extends UnitTestCase {
protected $urlGenerator;
protected $loggerFactory;
protected $loggerChannel;
protected $token;
protected function setUp() : void {
parent::setUp();
$this->loggerFactory = $this
->createMock('\\Drupal\\Core\\Logger\\LoggerChannelFactory');
$this->loggerChannel = $this
->getMockBuilder('\\Drupal\\Core\\Logger\\LoggerChannel')
->disableOriginalConstructor()
->getMock();
$this->loggerFactory
->expects($this
->any())
->method('get')
->with('cas')
->will($this
->returnValue($this->loggerChannel));
$this->token = $this
->prophesize(Token::class);
$this->token
->replace('Use <a href="[cas:login-url]">CAS login</a>')
->willReturn('Use <a href="/caslogin">CAS login</a>');
$this->token
->replace('<script>alert("Hacked!");</script>')
->willReturn('<script>alert("Hacked!");</script>');
}
public function getServerLoginUrlDataProvider() {
return [
[
[],
'https://example.com/client',
],
[
[
'returnto' => 'node/1',
],
'https://example.com/client?returnto=node%2F1',
],
];
}
public function testLogWhenDebugTurnedOn() {
$config_factory = $this
->getConfigFactoryStub([
'cas.settings' => [
'advanced.debug_log' => TRUE,
],
]);
$cas_helper = new CasHelper($config_factory, $this->loggerFactory, $this->token
->reveal());
$this->loggerChannel
->expects($this
->exactly(2))
->method('log');
$cas_helper
->log(LogLevel::DEBUG, 'This is a debug log');
$cas_helper
->log(LogLevel::ERROR, 'This is an error log');
}
public function testLogWhenDebugTurnedOff() {
$config_factory = $this
->getConfigFactoryStub([
'cas.settings' => [
'advanced.debug_log' => FALSE,
],
]);
$cas_helper = new CasHelper($config_factory, $this->loggerFactory, $this->token
->reveal());
$this->loggerChannel
->expects($this
->once())
->method('log');
$cas_helper
->log(LogLevel::DEBUG, 'This is a debug log');
$cas_helper
->log(LogLevel::ERROR, 'This is an error log');
}
public function testHandleReturnToParameter() {
$config_factory = $this
->getConfigFactoryStub([
'cas.settings' => [
'advanced.debug_log' => FALSE,
],
]);
$cas_helper = new CasHelper($config_factory, new LoggerChannelFactory(), $this->token
->reveal());
$request = new Request([
'returnto' => 'node/1',
]);
$this
->assertFalse($request->query
->has('destination'));
$this
->assertSame('node/1', $request->query
->get('returnto'));
$cas_helper
->handleReturnToParameter($request);
$this
->assertSame('node/1', $request->query
->get('destination'));
$this
->assertSame('node/1', $request->query
->get('returnto'));
}
public function testGetMessage() {
$config_factory = $this
->getConfigFactoryStub([
'cas.settings' => [
'arbitrary_message' => 'Use <a href="[cas:login-url]">CAS login</a>',
'messages' => [
'empty_message' => '',
'do_not_trust_user_input' => '<script>alert("Hacked!");</script>',
],
],
]);
$cas_helper = new CasHelper($config_factory, $this->loggerFactory, $this->token
->reveal());
$message = $cas_helper
->getMessage('arbitrary_message');
$this
->assertInstanceOf(FormattableMarkup::class, $message);
$this
->assertEquals('Use <a href="/caslogin">CAS login</a>', $message);
$message = $cas_helper
->getMessage('messages.empty_message');
$this
->assertSame('', $message);
$message = $cas_helper
->getMessage('messages.do_not_trust_user_input');
$this
->assertEquals('alert("Hacked!");', $message);
}
}