You are here

protected function UserLoginHttpTest::doTestLogin in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/user/tests/src/Functional/UserLoginHttpTest.php \Drupal\Tests\user\Functional\UserLoginHttpTest::doTestLogin()

Do login testing for a given serialization format.

Parameters

string $format: Serialization format.

1 call to UserLoginHttpTest::doTestLogin()
UserLoginHttpTest::testLogin in core/modules/user/tests/src/Functional/UserLoginHttpTest.php
Tests user session life cycle.

File

core/modules/user/tests/src/Functional/UserLoginHttpTest.php, line 121

Class

UserLoginHttpTest
Tests login and password reset via direct HTTP.

Namespace

Drupal\Tests\user\Functional

Code

protected function doTestLogin($format) {
  $client = \Drupal::httpClient();

  // Create new user for each iteration to reset flood.
  // Grant the user administer users permissions to they can see the
  // 'roles' field.
  $account = $this
    ->drupalCreateUser([
    'administer users',
  ]);
  $name = $account
    ->getAccountName();
  $pass = $account->passRaw;
  $login_status_url = $this
    ->getLoginStatusUrlString($format);
  $response = $client
    ->get($login_status_url);
  $this
    ->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_OUT);

  // Flooded.
  $this
    ->config('user.flood')
    ->set('user_limit', 3)
    ->save();
  $response = $this
    ->loginRequest($name, 'wrong-pass', $format);
  $this
    ->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
  $response = $this
    ->loginRequest($name, 'wrong-pass', $format);
  $this
    ->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
  $response = $this
    ->loginRequest($name, 'wrong-pass', $format);
  $this
    ->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
  $response = $this
    ->loginRequest($name, 'wrong-pass', $format);
  $this
    ->assertHttpResponseWithMessage($response, 403, 'Too many failed login attempts from your IP address. This IP address is temporarily blocked.', $format);

  // After testing the flood control we can increase the limit.
  $this
    ->config('user.flood')
    ->set('user_limit', 100)
    ->save();
  $response = $this
    ->loginRequest(NULL, NULL, $format);
  $this
    ->assertHttpResponseWithMessage($response, 400, 'Missing credentials.', $format);
  $response = $this
    ->loginRequest(NULL, $pass, $format);
  $this
    ->assertHttpResponseWithMessage($response, 400, 'Missing credentials.name.', $format);
  $response = $this
    ->loginRequest($name, NULL, $format);
  $this
    ->assertHttpResponseWithMessage($response, 400, 'Missing credentials.pass.', $format);

  // Blocked.
  $account
    ->block()
    ->save();
  $response = $this
    ->loginRequest($name, $pass, $format);
  $this
    ->assertHttpResponseWithMessage($response, 400, 'The user has not been activated or is blocked.', $format);
  $account
    ->activate()
    ->save();
  $response = $this
    ->loginRequest($name, 'garbage', $format);
  $this
    ->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
  $response = $this
    ->loginRequest('garbage', $pass, $format);
  $this
    ->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
  $response = $this
    ->loginRequest($name, $pass, $format);
  $this
    ->assertEquals(200, $response
    ->getStatusCode());
  $result_data = $this->serializer
    ->decode($response
    ->getBody(), $format);
  $this
    ->assertEquals($name, $result_data['current_user']['name']);
  $this
    ->assertEquals($account
    ->id(), $result_data['current_user']['uid']);
  $this
    ->assertEquals($account
    ->getRoles(), $result_data['current_user']['roles']);
  $logout_token = $result_data['logout_token'];

  // Logging in while already logged in results in a 403 with helpful message.
  $response = $this
    ->loginRequest($name, $pass, $format);
  $this
    ->assertSame(403, $response
    ->getStatusCode());
  $this
    ->assertSame([
    'message' => 'This route can only be accessed by anonymous users.',
  ], $this->serializer
    ->decode($response
    ->getBody(), $format));
  $response = $client
    ->get($login_status_url, [
    'cookies' => $this->cookies,
  ]);
  $this
    ->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_IN);
  $response = $this
    ->logoutRequest($format, $logout_token);
  $this
    ->assertEquals(204, $response
    ->getStatusCode());
  $response = $client
    ->get($login_status_url, [
    'cookies' => $this->cookies,
  ]);
  $this
    ->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_OUT);
  $this
    ->resetFlood();
}