View source
<?php
namespace Drupal\Tests\system\Functional\SecurityAdvisories;
use Drupal\Core\Url;
use Drupal\Tests\BrowserTestBase;
use Drupal\Tests\Traits\Core\CronRunTrait;
use Drupal\advisory_feed_test\AdvisoriesTestHttpClient;
class SecurityAdvisoryTest extends BrowserTestBase {
use CronRunTrait;
protected $defaultTheme = 'stark';
protected static $modules = [
'system',
'generic_module1_test',
'advisory_feed_test',
];
protected $user;
protected $workingEndpointMixed;
protected $workingEndpointPsaOnly;
protected $workingEndpointNonPsaOnly;
protected $nonWorkingEndpoint;
protected $invalidJsonEndpoint;
protected $tempStore;
protected function setUp() : void {
parent::setUp();
$this->user = $this
->drupalCreateUser([
'access administration pages',
'administer site configuration',
'administer software updates',
]);
$this
->drupalLogin($this->user);
$fixtures_path = $this->baseUrl . '/core/modules/system/tests/fixtures/psa_feed';
$this->workingEndpointMixed = $this
->buildUrl('/advisory-feed-json/valid-mixed');
$this->workingEndpointPsaOnly = $this
->buildUrl('/advisory-feed-json/valid-psa-only');
$this->workingEndpointNonPsaOnly = $this
->buildUrl('/advisory-feed-json/valid-non-psa-only');
$this->nonWorkingEndpoint = $this
->buildUrl('/advisory-feed-json/missing');
$this->invalidJsonEndpoint = "{$fixtures_path}/invalid.json";
$this->tempStore = $this->container
->get('keyvalue.expirable')
->get('system');
}
protected function writeSettings(array $settings) : void {
unset($settings['config']['system.advisories']);
parent::writeSettings($settings);
}
public function testPsa() : void {
$assert = $this
->assertSession();
AdvisoriesTestHttpClient::setTestEndpoint($this->workingEndpointMixed);
$mixed_advisory_links = [
'Critical Release - SA-2019-02-19',
'Critical Release - PSA-Really Old',
'Generic Module1 Project - Moderately critical - Access bypass - SA-CONTRIB-2019-02-02',
'Generic Module2 project - Moderately critical - Access bypass - SA-CONTRIB-2019-02-02',
];
$this
->config('system.advisories')
->set('enabled', FALSE)
->save();
$this
->assertAdvisoriesNotDisplayed($mixed_advisory_links);
$this
->config('system.advisories')
->set('enabled', TRUE)
->save();
$this
->assertAdvisoriesNotDisplayed($mixed_advisory_links, [
'system.admin',
]);
$this
->assertStatusReportLinks($mixed_advisory_links, REQUIREMENT_ERROR);
$this
->assertAdminPageLinks($mixed_advisory_links, REQUIREMENT_ERROR);
$this
->drupalLogin($this
->drupalCreateUser([
'access administration pages',
]));
$this
->assertAdvisoriesNotDisplayed($mixed_advisory_links, [
'system.admin',
]);
$this
->drupalLogin($this->user);
AdvisoriesTestHttpClient::setTestEndpoint($this->nonWorkingEndpoint);
$this
->assertAdminPageLinks($mixed_advisory_links, REQUIREMENT_ERROR);
$this
->assertStatusReportLinks($mixed_advisory_links, REQUIREMENT_ERROR);
$this->tempStore
->delete('advisories_response');
$this
->assertAdvisoriesNotDisplayed($mixed_advisory_links);
$this
->drupalGet(Url::fromRoute('system.status'));
$assert
->pageTextContains('Failed to fetch security advisory data:');
AdvisoriesTestHttpClient::setTestEndpoint($this->invalidJsonEndpoint, TRUE);
$this
->assertServiceAdvisoryLoggedErrors([]);
$this
->assertAdvisoriesNotDisplayed($mixed_advisory_links);
$this
->assertServiceAdvisoryLoggedErrors([
'The security advisory JSON feed from Drupal.org could not be decoded.',
]);
$this
->drupalGet(Url::fromRoute('system.status'));
$assert
->pageTextNotContains('Failed to fetch security advisory data:');
$this
->assertServiceAdvisoryLoggedErrors([
'The security advisory JSON feed from Drupal.org could not be decoded.',
]);
AdvisoriesTestHttpClient::setTestEndpoint($this->workingEndpointPsaOnly, TRUE);
$psa_advisory_links = [
'Critical Release - PSA-Really Old',
'Generic Module2 project - Moderately critical - Access bypass - SA-CONTRIB-2019-02-02',
];
$this
->assertAdvisoriesNotDisplayed($psa_advisory_links, [
'system.admin',
]);
$this
->assertStatusReportLinks($psa_advisory_links, REQUIREMENT_WARNING);
$this
->assertAdminPageLinks($psa_advisory_links, REQUIREMENT_WARNING);
AdvisoriesTestHttpClient::setTestEndpoint($this->workingEndpointNonPsaOnly, TRUE);
$non_psa_advisory_links = [
'Critical Release - SA-2019-02-19',
'Generic Module1 Project - Moderately critical - Access bypass - SA-CONTRIB-2019-02-02',
];
$this
->assertStatusReportLinks($non_psa_advisory_links, REQUIREMENT_ERROR);
$this
->assertAdminPageLinks($non_psa_advisory_links, REQUIREMENT_ERROR);
$this
->config('system.advisories')
->set('enabled', FALSE)
->save();
$this
->assertAdvisoriesNotDisplayed($non_psa_advisory_links);
$this
->assertServiceAdvisoryLoggedErrors([]);
}
private function assertAdminPageLinks(array $expected_link_texts, int $error_or_warning) : void {
$assert = $this
->assertSession();
$this
->drupalGet(Url::fromRoute('system.admin'));
if ($error_or_warning === REQUIREMENT_ERROR) {
$assert
->pageTextContainsOnce('Error message');
$assert
->pageTextNotContains('Warning message');
}
else {
$assert
->pageTextNotContains('Error message');
$assert
->pageTextContainsOnce('Warning message');
}
foreach ($expected_link_texts as $expected_link_text) {
$assert
->linkExists($expected_link_text);
}
}
private function assertStatusReportLinks(array $expected_link_texts, int $error_or_warning) : void {
$this
->drupalGet(Url::fromRoute('system.status'));
$assert = $this
->assertSession();
$selector = 'h3#' . ($error_or_warning === REQUIREMENT_ERROR ? 'error' : 'warning') . ' ~ details.system-status-report__entry:contains("Critical security announcements")';
$assert
->elementExists('css', $selector);
foreach ($expected_link_texts as $expected_link_text) {
$assert
->linkExists($expected_link_text);
}
}
private function assertAdvisoriesNotDisplayed(array $links, array $routes = [
'system.status',
'system.admin',
]) : void {
foreach ($routes as $route) {
$this
->drupalGet(Url::fromRoute($route));
$this
->assertSession()
->statusCodeEquals(200);
foreach ($links as $link) {
$this
->assertSession()
->linkNotExists($link, "'{$link}' not displayed on route '{$route}'.");
}
}
}
protected function assertServiceAdvisoryLoggedErrors(array $expected_messages) : void {
$state = $this->container
->get('state');
$messages = $state
->get('advisory_feed_test.error_messages', []);
$this
->assertSame($expected_messages, $messages);
$state
->set('advisory_feed_test.error_messages', []);
}
}