View source
<?php
namespace Drupal\Tests\basic_auth\Functional;
use Drupal\Component\Render\FormattableMarkup;
use Drupal\Core\Url;
use Drupal\Tests\basic_auth\Traits\BasicAuthTestTrait;
use Drupal\language\Entity\ConfigurableLanguage;
use Drupal\Tests\BrowserTestBase;
use Drupal\user\Entity\Role;
class BasicAuthTest extends BrowserTestBase {
use BasicAuthTestTrait;
public static $modules = [
'basic_auth',
'router_test',
'locale',
'basic_auth_test',
];
protected $defaultTheme = 'stark';
public function testBasicAuth() {
$config = $this
->config('system.performance');
$config
->set('cache.page.max_age', 300);
$config
->save();
$account = $this
->drupalCreateUser();
$url = Url::fromRoute('router_test.11');
$this
->basicAuthGet($url, $account
->getAccountName(), $account->pass_raw);
$this
->assertText($account
->getAccountName(), 'Account name is displayed.');
$this
->assertSession()
->statusCodeEquals(200);
$this->mink
->resetSessions();
$this
->assertNull($this
->drupalGetHeader('X-Drupal-Cache'));
$this
->assertSession()
->responseHeaderNotContains('Cache-Control', 'public');
$this
->basicAuthGet($url, $account
->getAccountName(), $this
->randomMachineName());
$this
->assertNoText($account
->getAccountName(), 'Bad basic auth credentials do not authenticate the user.');
$this
->assertSession()
->statusCodeEquals(403);
$this->mink
->resetSessions();
$this
->drupalGet($url);
$this
->assertEqual($this
->drupalGetHeader('WWW-Authenticate'), new FormattableMarkup('Basic realm="@realm"', [
'@realm' => \Drupal::config('system.site')
->get('name'),
]));
$this
->assertSession()
->statusCodeEquals(401);
$this
->drupalGet('admin');
$this
->assertSession()
->statusCodeEquals(403);
$account = $this
->drupalCreateUser([
'access administration pages',
]);
$this
->basicAuthGet(Url::fromRoute('system.admin'), $account
->getAccountName(), $account->pass_raw);
$this
->assertSession()
->linkNotExists('Log out', 'User is not logged in');
$this
->assertSession()
->statusCodeEquals(403);
$this->mink
->resetSessions();
$url = Url::fromRoute('router_test.10');
$this
->drupalGet($url);
$this
->assertEqual($this
->drupalGetHeader('X-Drupal-Cache'), 'MISS');
$this
->basicAuthGet($url, $account
->getAccountName(), $account->pass_raw);
$this
->assertNull($this
->drupalGetHeader('X-Drupal-Cache'));
$this
->assertSession()
->responseHeaderNotContains('Cache-Control', 'public');
}
public function testGlobalLoginFloodControl() {
$this
->config('user.flood')
->set('ip_limit', 2)
->set('user_limit', 4000)
->save();
$user = $this
->drupalCreateUser([]);
$incorrect_user = clone $user;
$incorrect_user->pass_raw .= 'incorrect';
$url = Url::fromRoute('router_test.11');
for ($i = 0; $i < 2; $i++) {
$this
->basicAuthGet($url, $incorrect_user
->getAccountName(), $incorrect_user->pass_raw);
}
$this
->basicAuthGet($url, $user
->getAccountName(), $user->pass_raw);
$this
->assertSession()
->statusCodeEquals(403);
}
public function testPerUserLoginFloodControl() {
$this
->config('user.flood')
->set('ip_limit', 4000)
->set('user_limit', 2)
->save();
$user = $this
->drupalCreateUser([]);
$incorrect_user = clone $user;
$incorrect_user->pass_raw .= 'incorrect';
$user2 = $this
->drupalCreateUser([]);
$url = Url::fromRoute('router_test.11');
$this
->basicAuthGet($url, $incorrect_user
->getAccountName(), $incorrect_user->pass_raw);
$this
->basicAuthGet($url, $user
->getAccountName(), $user->pass_raw);
$this
->assertSession()
->statusCodeEquals(200);
for ($i = 0; $i < 2; $i++) {
$this
->basicAuthGet($url, $incorrect_user
->getAccountName(), $incorrect_user->pass_raw);
}
$this
->basicAuthGet($url, $user
->getAccountName(), $user->pass_raw);
$this
->assertSession()
->statusCodeEquals(403);
$this
->basicAuthGet($url, $user2
->getAccountName(), $user2->pass_raw);
$this
->assertSession()
->statusCodeEquals(200);
}
public function testLocale() {
ConfigurableLanguage::createFromLangcode('de')
->save();
$this
->config('system.site')
->set('default_langcode', 'de')
->save();
$account = $this
->drupalCreateUser();
$url = Url::fromRoute('router_test.11');
$this
->basicAuthGet($url, $account
->getAccountName(), $account->pass_raw);
$this
->assertText($account
->getAccountName(), 'Account name is displayed.');
$this
->assertSession()
->statusCodeEquals(200);
}
public function testUnauthorizedErrorMessage() {
$account = $this
->drupalCreateUser();
$url = Url::fromRoute('router_test.11');
$this
->drupalGet($url);
$this
->assertSession()
->statusCodeEquals(401);
$this
->assertNoText('Exception', "No raw exception is displayed on the page.");
$this
->assertText('Please log in to access this page.', "A user friendly access unauthorized message is displayed.");
$this
->basicAuthGet($url, NULL, NULL);
$this
->assertSession()
->statusCodeEquals(403);
$this
->assertText('Access denied', "A user friendly access denied message is displayed");
$this
->basicAuthGet($url, $account
->getAccountName(), $this
->randomMachineName());
$this
->assertSession()
->statusCodeEquals(403);
$this
->assertText('Access denied', "A user friendly access denied message is displayed");
$url = Url::fromRoute('router_test.15');
$this
->basicAuthGet($url, $account
->getAccountName(), $account->pass_raw);
$this
->assertSession()
->statusCodeEquals(403);
$this
->assertText('Access denied', "A user friendly access denied message is displayed");
}
public function testCacheabilityOf401Response() {
$session = $this
->getSession();
$url = Url::fromRoute('router_test.11');
$assert_response_cacheability = function ($expected_page_cache_header_value, $expected_dynamic_page_cache_header_value) use ($session, $url) {
$this
->drupalGet($url);
$this
->assertSession()
->statusCodeEquals(401);
$this
->assertSame($expected_page_cache_header_value, $session
->getResponseHeader('X-Drupal-Cache'));
$this
->assertSame($expected_dynamic_page_cache_header_value, $session
->getResponseHeader('X-Drupal-Dynamic-Cache'));
};
$assert_response_cacheability('MISS', 'MISS');
$assert_response_cacheability('HIT', 'MISS');
$this->container
->get('cache.page')
->deleteAll();
$assert_response_cacheability('MISS', 'HIT');
$assert_response_cacheability('HIT', 'HIT');
$this
->grantPermissions(Role::load(Role::ANONYMOUS_ID), [
$this
->randomMachineName(),
]);
$assert_response_cacheability('MISS', 'MISS');
$assert_response_cacheability('HIT', 'MISS');
$this
->config('system.site')
->save();
$assert_response_cacheability('MISS', 'MISS');
$assert_response_cacheability('HIT', 'MISS');
}
public function testControllerNotCalledBeforeAuth() {
$this
->drupalGet('/basic_auth_test/state/modify');
$this
->assertSession()
->statusCodeEquals(401);
$this
->drupalGet('/basic_auth_test/state/read');
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertRaw('nope');
$account = $this
->drupalCreateUser();
$this
->basicAuthGet('/basic_auth_test/state/modify', $account
->getAccountName(), $account->pass_raw);
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertRaw('Done');
$this->mink
->resetSessions();
$this
->drupalGet('/basic_auth_test/state/read');
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertRaw('yep');
}
}