You are here

public function FormTest::testInputWithInvalidToken in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/system/tests/src/Functional/Form/FormTest.php \Drupal\Tests\system\Functional\Form\FormTest::testInputWithInvalidToken()

Tests that input is retained for safe elements even with an invalid token.

Submits a test form containing several types of form elements.

File

core/modules/system/tests/src/Functional/Form/FormTest.php, line 243

Class

FormTest
Tests various form element validation mechanisms.

Namespace

Drupal\Tests\system\Functional\Form

Code

public function testInputWithInvalidToken() {

  // We need to be logged in to have CSRF tokens.
  $account = $this
    ->createUser();
  $this
    ->drupalLogin($account);

  // Submit again with required fields set but an invalid form token and
  // verify that all the values are retained.
  $this
    ->drupalGet(Url::fromRoute('form_test.validate_required'));
  $this
    ->assertSession()
    ->elementExists('css', 'input[name="form_token"]')
    ->setValue('invalid token');
  $random_string = $this
    ->randomString();
  $edit = [
    'textfield' => $random_string,
    'checkboxes[bar]' => TRUE,
    'select' => 'bar',
    'radios' => 'foo',
  ];
  $this
    ->submitForm($edit, 'Submit');

  // Verify that error message is displayed with invalid token even when
  // required fields are filled.
  $this
    ->assertSession()
    ->elementExists('xpath', '//div[contains(@class, "error")]');
  $assert = $this
    ->assertSession();
  $element = $assert
    ->fieldExists('textfield');
  $this
    ->assertEmpty($element
    ->getValue());
  $assert
    ->responseNotContains($random_string);
  $this
    ->assertSession()
    ->pageTextContains('The form has become outdated.');

  // Ensure that we don't use the posted values.
  $this
    ->assertSession()
    ->fieldValueEquals('textfield', '');
  $this
    ->assertSession()
    ->checkboxNotChecked('edit-checkboxes-foo');
  $this
    ->assertSession()
    ->checkboxNotChecked('edit-checkboxes-bar');
  $this
    ->assertTrue($this
    ->assertSession()
    ->optionExists('edit-select', '')
    ->isSelected());
  $this
    ->assertSession()
    ->checkboxNotChecked('edit-radios-foo');

  // Check another form that has a textarea input.
  $this
    ->drupalGet(Url::fromRoute('form_test.required'));
  $this
    ->assertSession()
    ->elementExists('css', 'input[name="form_token"]')
    ->setValue('invalid token');
  $edit = [
    'textfield' => $this
      ->randomString(),
    'textarea' => $this
      ->randomString() . "\n",
  ];
  $this
    ->submitForm($edit, 'Submit');

  // Verify that the error message is displayed with invalid token even when
  // required fields are filled.
  $this
    ->assertSession()
    ->elementExists('xpath', '//div[contains(@class, "error")]');
  $this
    ->assertSession()
    ->pageTextContains('The form has become outdated.');
  $this
    ->assertSession()
    ->fieldValueEquals('textfield', '');
  $this
    ->assertSession()
    ->fieldValueEquals('textarea', '');

  // Check another form that has a number input.
  $this
    ->drupalGet(Url::fromRoute('form_test.number'));
  $this
    ->assertSession()
    ->elementExists('css', 'input[name="form_token"]')
    ->setValue('invalid token');
  $edit = [
    // We choose a random value which is higher than the default value,
    // so we don't accidentally generate the default value.
    'integer_step' => mt_rand(6, 100),
  ];
  $this
    ->submitForm($edit, 'Submit');

  // Verify that the error message is displayed with invalid token even when
  // required fields are filled.'
  $this
    ->assertSession()
    ->elementExists('xpath', '//div[contains(@class, "error")]');
  $this
    ->assertSession()
    ->pageTextContains('The form has become outdated.');
  $this
    ->assertSession()
    ->fieldValueEquals('integer_step', 5);

  // Check a form with a Url field
  $this
    ->drupalGet(Url::fromRoute('form_test.url'));
  $this
    ->assertSession()
    ->elementExists('css', 'input[name="form_token"]')
    ->setValue('invalid token');
  $edit = [
    'url' => $this
      ->randomString(),
  ];
  $this
    ->submitForm($edit, 'Submit');

  // Verify that the error message is displayed with invalid token even when
  // required fields are filled.
  $this
    ->assertSession()
    ->elementExists('xpath', '//div[contains(@class, "error")]');
  $this
    ->assertSession()
    ->pageTextContains('The form has become outdated.');
  $this
    ->assertSession()
    ->fieldValueEquals('url', '');
}