You are here

protected function SessionHttpsTest::loginHttp in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/system/tests/src/Functional/Session/SessionHttpsTest.php \Drupal\Tests\system\Functional\Session\SessionHttpsTest::loginHttp()
  2. 9 core/modules/system/tests/src/Functional/Session/SessionHttpsTest.php \Drupal\Tests\system\Functional\Session\SessionHttpsTest::loginHttp()

Log in a user via HTTP.

Note that the parents $session_id and $loggedInUser is not updated.

1 call to SessionHttpsTest::loginHttp()
SessionHttpsTest::testHttpsSession in core/modules/system/tests/src/Functional/Session/SessionHttpsTest.php
Tests HTTPS sessions.

File

core/modules/system/tests/src/Functional/Session/SessionHttpsTest.php, line 125

Class

SessionHttpsTest
Ensure that when running under HTTPS two session cookies are generated.

Namespace

Drupal\Tests\system\Functional\Session

Code

protected function loginHttp(AccountInterface $account) {
  $guzzle_cookie_jar = $this
    ->getGuzzleCookieJar();
  $post = [
    'form_id' => 'user_login_form',
    'form_build_id' => $this
      ->getUserLoginFormBuildId(),
    'name' => $account
      ->getAccountName(),
    'pass' => $account->passRaw,
    'op' => 'Log in',
  ];
  $url = $this
    ->buildUrl($this
    ->httpUrl('user/login'));

  // When posting directly to the HTTP or HTTPS mock front controller, the
  // location header on the returned response is an absolute URL. That URL
  // needs to be converted into a request to the respective mock front
  // controller in order to retrieve the target page. Because the URL in the
  // location header needs to be modified, it is necessary to disable the
  // automatic redirects normally performed by the Guzzle CurlHandler.

  /** @var \Psr\Http\Message\ResponseInterface $response */
  $response = $this
    ->getHttpClient()
    ->post($url, [
    'form_params' => $post,
    'http_errors' => FALSE,
    'cookies' => $guzzle_cookie_jar,
    'allow_redirects' => FALSE,
  ]);

  // When logging in via the HTTP mock, the child site will issue a session
  // cookie without the secure attribute set. While this cookie will be stored
  // in the Guzzle CookieJar, it will not be used on subsequent requests.
  // Update the BrowserKit CookieJar so that subsequent requests have the
  // correct cookie.
  $cookie = $guzzle_cookie_jar
    ->getCookieByName($this->insecureSessionName);
  $this
    ->assertFalse($cookie
    ->getSecure(), 'The insecure cookie does not have the secure attribute');

  /** @var \Symfony\Component\BrowserKit\CookieJar $browser_kit_cookie_jar */
  $browser_kit_cookie_jar = $this
    ->getSession()
    ->getDriver()
    ->getClient()
    ->getCookieJar();
  $browser_kit_cookie_jar
    ->updateFromSetCookie($response
    ->getHeader('Set-Cookie'), $this->baseUrl);

  // Follow the location header.
  $path = $this
    ->getPathFromLocationHeader($response, FALSE);
  $parsed_path = parse_url($path);
  $query = [];
  if (isset($parsed_path['query'])) {
    parse_str($parsed_path['query'], $query);
  }
  $this
    ->drupalGet($this
    ->httpUrl($parsed_path['path']), [
    'query' => $query,
  ]);
  $this
    ->assertSession()
    ->statusCodeEquals(200);
}