You are here

Home » API reference » Drupal 8 » BasicAuthTest.php » BasicAuthTest

public function BasicAuthTest::testBasicAuth in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php \Drupal\Tests\basic_auth\Functional\BasicAuthTest::testBasicAuth()
  2. 10 core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php \Drupal\Tests\basic_auth\Functional\BasicAuthTest::testBasicAuth()

Test http basic authentication.

File

core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php, line 41

Class

BasicAuthTest
Tests for BasicAuth authentication provider.

Namespace

Drupal\Tests\basic_auth\Functional

Code

public function testBasicAuth() {

  // Enable page caching.
  $config = $this
    ->config('system.performance');
  $config
    ->set('cache.page.max_age', 300);
  $config
    ->save();
  $account = $this
    ->drupalCreateUser();
  $url = Url::fromRoute('router_test.11');

  // Ensure we can log in with valid authentication details.
  $this
    ->basicAuthGet($url, $account
    ->getAccountName(), $account->pass_raw);
  $this
    ->assertText($account
    ->getAccountName(), 'Account name is displayed.');
  $this
    ->assertSession()
    ->statusCodeEquals(200);
  $this->mink
    ->resetSessions();
  $this
    ->assertNull($this
    ->drupalGetHeader('X-Drupal-Cache'));

  // Check that Cache-Control is not set to public.
  $this
    ->assertSession()
    ->responseHeaderNotContains('Cache-Control', 'public');

  // Ensure that invalid authentication details give access denied.
  $this
    ->basicAuthGet($url, $account
    ->getAccountName(), $this
    ->randomMachineName());
  $this
    ->assertNoText($account
    ->getAccountName(), 'Bad basic auth credentials do not authenticate the user.');
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this->mink
    ->resetSessions();

  // Ensure that the user is prompted to authenticate if they are not yet
  // authenticated and the route only allows basic auth.
  $this
    ->drupalGet($url);
  $this
    ->assertEqual($this
    ->drupalGetHeader('WWW-Authenticate'), new FormattableMarkup('Basic realm="@realm"', [
    '@realm' => \Drupal::config('system.site')
      ->get('name'),
  ]));
  $this
    ->assertSession()
    ->statusCodeEquals(401);

  // Ensure that a route without basic auth defined doesn't prompt for auth.
  $this
    ->drupalGet('admin');
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $account = $this
    ->drupalCreateUser([
    'access administration pages',
  ]);

  // Ensure that a route without basic auth defined doesn't allow login.
  $this
    ->basicAuthGet(Url::fromRoute('system.admin'), $account
    ->getAccountName(), $account->pass_raw);
  $this
    ->assertSession()
    ->linkNotExists('Log out', 'User is not logged in');
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this->mink
    ->resetSessions();

  // Ensure that pages already in the page cache aren't returned from page
  // cache if basic auth credentials are provided.
  $url = Url::fromRoute('router_test.10');
  $this
    ->drupalGet($url);
  $this
    ->assertEqual($this
    ->drupalGetHeader('X-Drupal-Cache'), 'MISS');
  $this
    ->basicAuthGet($url, $account
    ->getAccountName(), $account->pass_raw);
  $this
    ->assertNull($this
    ->drupalGetHeader('X-Drupal-Cache'));

  // Check that Cache-Control is not set to public.
  $this
    ->assertSession()
    ->responseHeaderNotContains('Cache-Control', 'public');
}