You are here

public function AccessDeniedTest::testAccessDenied in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/system/tests/src/Functional/System/AccessDeniedTest.php \Drupal\Tests\system\Functional\System\AccessDeniedTest::testAccessDenied()
  2. 10 core/modules/system/tests/src/Functional/System/AccessDeniedTest.php \Drupal\Tests\system\Functional\System\AccessDeniedTest::testAccessDenied()

File

core/modules/system/tests/src/Functional/System/AccessDeniedTest.php, line 51

Class

AccessDeniedTest
Tests page access denied functionality, including custom 403 pages.

Namespace

Drupal\Tests\system\Functional\System

Code

public function testAccessDenied() {
  $this
    ->drupalGet('admin');
  $this
    ->assertSession()
    ->pageTextContains('Access denied');
  $this
    ->assertSession()
    ->statusCodeEquals(403);

  // Ensure that users without permission are denied access and have the
  // correct path information in drupalSettings.
  $this
    ->drupalLogin($this
    ->createUser([]));
  $this
    ->drupalGet('admin', [
    'query' => [
      'foo' => 'bar',
    ],
  ]);
  $settings = $this
    ->getDrupalSettings();
  $this
    ->assertEquals('admin', $settings['path']['currentPath']);
  $this
    ->assertTrue($settings['path']['currentPathIsAdmin']);
  $this
    ->assertEquals([
    'foo' => 'bar',
  ], $settings['path']['currentQuery']);
  $this
    ->drupalLogin($this->adminUser);

  // Set a custom 404 page without a starting slash.
  $edit = [
    'site_403' => 'user/' . $this->adminUser
      ->id(),
  ];
  $this
    ->drupalGet('admin/config/system/site-information');
  $this
    ->submitForm($edit, 'Save configuration');
  $this
    ->assertSession()
    ->pageTextContains("The path '{$edit['site_403']}' has to start with a slash.");

  // Use a custom 403 page.
  $edit = [
    'site_403' => '/user/' . $this->adminUser
      ->id(),
  ];
  $this
    ->drupalGet('admin/config/system/site-information');
  $this
    ->submitForm($edit, 'Save configuration');

  // Enable the user login block.
  $block = $this
    ->drupalPlaceBlock('user_login_block', [
    'id' => 'login',
  ]);

  // Log out and check that the user login block is shown on custom 403 pages.
  $this
    ->drupalLogout();
  $this
    ->drupalGet('admin');
  $this
    ->assertSession()
    ->pageTextContains($this->adminUser
    ->getAccountName());
  $this
    ->assertSession()
    ->pageTextContains('Username');

  // Log back in and remove the custom 403 page.
  $this
    ->drupalLogin($this->adminUser);
  $edit = [
    'site_403' => '',
  ];
  $this
    ->drupalGet('admin/config/system/site-information');
  $this
    ->submitForm($edit, 'Save configuration');

  // Logout and check that the user login block is shown on default 403 pages.
  $this
    ->drupalLogout();
  $this
    ->drupalGet('admin');
  $this
    ->assertSession()
    ->pageTextContains('Access denied');
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->assertSession()
    ->pageTextContains('Username');

  // Log back in, set the custom 403 page to /user/login and remove the block
  $this
    ->drupalLogin($this->adminUser);
  $this
    ->config('system.site')
    ->set('page.403', '/user/login')
    ->save();
  $block
    ->disable()
    ->save();

  // Check that we can log in from the 403 page.
  $this
    ->drupalLogout();
  $edit = [
    'name' => $this->adminUser
      ->getAccountName(),
    'pass' => $this->adminUser->pass_raw,
  ];
  $this
    ->drupalGet('admin/config/system/site-information');
  $this
    ->submitForm($edit, 'Log in');

  // Check that we're still on the same page.
  $this
    ->assertSession()
    ->pageTextContains('Basic site settings');
}