You are here

public function EasyEmailSendTest::testSendWithUnsafeTokens in Easy Email 8

Same name and namespace in other branches
  1. 2.0.x tests/src/Functional/EasyEmailSendTest.php \Drupal\Tests\easy_email\Functional\EasyEmailSendTest::testSendWithUnsafeTokens()

Tests email sending with unsafe tokens.

Throws

\Behat\Mink\Exception\ExpectationException

\Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException

\Drupal\Component\Plugin\Exception\PluginNotFoundException

\Drupal\Core\Entity\EntityStorageException

File

tests/src/Functional/EasyEmailSendTest.php, line 1215

Class

EasyEmailSendTest
Class EasyEmailSendTest

Namespace

Drupal\Tests\easy_email\Functional

Code

public function testSendWithUnsafeTokens() {
  $template_id = 'test_unsafe_tokens';
  $template_label = 'Test: Unsafe Tokens';
  $template = $this
    ->createTemplate([
    'id' => $template_id,
    'label' => $template_label,
  ]);
  $this
    ->addUserField($template, 'field_user', 'User');
  $this
    ->addUserField($template, 'field_cc_user', 'CC User');
  $this
    ->addUserField($template, 'field_bcc_user', 'BCC User');
  $this
    ->drupalGet('admin/structure/email-templates/templates');
  $this
    ->assertSession()
    ->pageTextContains($template_id);
  $this
    ->assertSession()
    ->pageTextContains($template_label);
  $template
    ->setRecipient([
    '[easy_email:field_user:0:entity:mail]',
  ])
    ->setCc([
    'cc@example.com',
    '[easy_email:field_cc_user:0:entity:mail]',
  ])
    ->setBcc([
    'bcc@example.com',
    '[easy_email:field_bcc_user:0:entity:mail]',
  ])
    ->setSubject('Test email for [easy_email:field_user:0:entity:display-name]: [easy_email:field_user:0:entity:cancel-url], [easy_email:field_cc_user:0:entity:one-time-login-url]')
    ->setBodyHtml([
    'value' => '<p>This is a test email (HTML) for user account [easy_email:field_user:0:entity:account-name]. [easy_email:field_cc_user:0:entity:cancel-url], [easy_email:field_bcc_user:0:entity:one-time-login-url]</p>',
    'format' => 'html',
  ])
    ->setBodyPlain('This is a test email (Plain Text) for user account [easy_email:field_user:0:entity:account-name]. [easy_email:cc_uid:0:entity:cancel-url], [easy_email:bcc_uid:0:entity:one-time-login-url]')
    ->setInboxPreview('This is the inbox preview for user account [easy_email:field_user:0:entity:account-name]. [easy_email:recipient_uid:1:entity:cancel-url], [easy_email:recipient_uid:1:entity:one-time-login-url]')
    ->save();
  $this
    ->drupalGet('admin/content/email/add/' . $template
    ->id());
  $this
    ->assertSession()
    ->pageTextContains('field_user');
  $this
    ->assertSession()
    ->pageTextContains('field_cc_user');
  $this
    ->assertSession()
    ->pageTextContains('field_bcc_user');
  $user1 = $this
    ->createUser();
  $user2 = $this
    ->createUser();
  $user3 = $this
    ->createUser();
  $user4 = $this
    ->createUser();
  $this
    ->submitForm([
    'field_user[0][target_id]' => $user1
      ->getAccountName() . ' (' . $user1
      ->id() . ')',
    'field_cc_user[0][target_id]' => $user2
      ->getAccountName() . ' (' . $user2
      ->id() . ')',
    'field_bcc_user[0][target_id]' => $user3
      ->getAccountName() . ' (' . $user3
      ->id() . ')',
    'recipient' => '[easy_email:field_user:0:entity:mail], ' . $user4
      ->getEmail(),
  ], 'Save');
  $this
    ->assertSession()
    ->pageTextContains('Created new email.');
  $this
    ->assertSession()
    ->pageTextContains('Email sent.');

  /** @var \Drupal\Core\Config\ImmutableConfig $site_config */
  $site_config = \Drupal::config('system.site');
  $this
    ->assertSession()
    ->elementTextContains('css', '[data-drupal-selector="header-Return-Path"] span.value', $site_config
    ->get('mail'));
  $this
    ->assertSession()
    ->elementTextContains('css', '[data-drupal-selector="header-Sender"] span.value', $site_config
    ->get('mail'));
  $this
    ->assertSession()
    ->elementTextContains('css', '[data-drupal-selector="header-From"] span.value', $site_config
    ->get('name') . ' <' . $site_config
    ->get('mail') . '>');

  // CC and BCC should be removed.
  $this
    ->assertSession()
    ->elementNotExists('css', '[data-drupal-selector="header-Cc"] span.value');
  $this
    ->assertSession()
    ->elementNotExists('css', '[data-drupal-selector="header-Bcc"] span.value');

  // The message has been split up because of 2 recipients, so let's skip To header for now. Check actual sent messages
  $this
    ->assertSession()
    ->elementTextContains('css', '[data-drupal-selector="header-Subject"] span.value', 'Test email for ' . $user1
    ->getDisplayName() . ': [easy_email:field_user:0:entity:cancel-url], [easy_email:field_cc_user:0:entity:one-time-login-url]');
  $this
    ->assertSession()
    ->elementTextContains('css', '[data-drupal-selector="inbox-preview"] .from-name', $site_config
    ->get('name'));
  $this
    ->assertSession()
    ->elementTextContains('css', '[data-drupal-selector="inbox-preview"] .subject', 'Test email for ' . $user1
    ->getDisplayName() . ': [easy_email:field_user:0:entity:cancel-url], [easy_email:field_cc_user:0:entity:one-time-login-url]');
  $this
    ->assertSession()
    ->elementTextContains('css', '[data-drupal-selector="inbox-preview"] .body-preview', 'This is the inbox preview for user account ' . $user1
    ->getDisplayName() . '. [easy_email:recipient_uid:1:entity:cancel-url], [easy_email:recipient_uid:1:entity:one-time-login-url]');
  $html_body_iframe = $this
    ->assertSession()
    ->elementExists('css', '[data-drupal-selector="html-body"] iframe');
  $html_body_url = $this
    ->getIframeUrlAndQuery($html_body_iframe);
  $plain_body_iframe = $this
    ->assertSession()
    ->elementExists('css', '[data-drupal-selector="plain-body"] iframe');
  $plain_body_url = $this
    ->getIframeUrlAndQuery($plain_body_iframe);
  $this
    ->drupalGet($html_body_url['path'], [
    'query' => $html_body_url['query'],
  ]);
  $this
    ->assertSession()
    ->responseContains('<p>This is a test email (HTML) for user account ' . $user1
    ->getAccountName() . '. [easy_email:field_cc_user:0:entity:cancel-url], [easy_email:field_bcc_user:0:entity:one-time-login-url]</p>');
  $this
    ->drupalGet($plain_body_url['path'], [
    'query' => $plain_body_url['query'],
  ]);
  $this
    ->assertSession()
    ->responseContains('This is a test email (Plain Text) for user account ' . $user1
    ->getAccountName() . '. [easy_email:cc_uid:0:entity:cancel-url], [easy_email:bcc_uid:0:entity:one-time-login-url]');
  $emails = $this
    ->getSentEmails([]);
  $this
    ->assertEquals(2, count($emails));

  // There are 2 emails, one for each recipient.
  $emails = $this
    ->getSentEmails([
    'to' => $user1
      ->getEmail(),
  ]);
  $this
    ->assertEquals(1, count($emails));
  $email = array_shift($emails);
  $this
    ->assertEquals($template
    ->id(), $email['key']);
  $this
    ->assertEquals($user1
    ->getEmail(), $email['to']);

  // CC and BCC have been stripped out.
  $this
    ->assertArrayNotHasKey('Cc', $email['headers']);
  $this
    ->assertArrayNotHasKey('Bcc', $email['headers']);

  // Should have standard tokens evaluated, but unsafe tokens always evaluated for the recipient user.
  $this
    ->assertStringContainsString('<p>This is a test email (HTML) for user account ' . $user1
    ->getAccountName() . '.', (string) $email['body']);
  $this
    ->assertStringContainsString('/user/' . $user1
    ->id() . '/cancel/confirm/', (string) $email['body']);
  $this
    ->assertStringContainsString('/user/reset/' . $user1
    ->id() . '/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/' . $user4
    ->id() . '/cancel/confirm/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user4
    ->id() . '/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/' . $user2
    ->id() . '/cancel/confirm/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user2
    ->id() . '/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/' . $user3
    ->id() . '/cancel/confirm/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user3
    ->id() . '/', (string) $email['body']);
  $this
    ->assertStringContainsString('This is the inbox preview for user account ' . $user1
    ->getDisplayName() . '.', (string) $email['body']);
  $this
    ->assertStringContainsString('This is a test email (Plain Text) for user account ' . $user1
    ->getAccountName() . '.', (string) $email['plain']);
  $this
    ->assertStringContainsString('/user/' . $user1
    ->id() . '/cancel/confirm/', (string) $email['body']);
  $this
    ->assertStringContainsString('/user/reset/' . $user1
    ->id() . '/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/' . $user4
    ->id() . '/cancel/confirm/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user4
    ->id() . '/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/' . $user2
    ->id() . '/cancel/confirm/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user2
    ->id() . '/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/' . $user3
    ->id() . '/cancel/confirm/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user3
    ->id() . '/', (string) $email['plain']);

  // Unsafe tokens skipped in subject
  $this
    ->assertEquals('Test email for ' . $user1
    ->getDisplayName() . ': [easy_email:field_user:0:entity:cancel-url], [easy_email:field_cc_user:0:entity:one-time-login-url]', $email['subject']);
  $emails = $this
    ->getSentEmails([
    'to' => $user4
      ->getEmail(),
  ]);
  $this
    ->assertEquals(1, count($emails));
  $email = array_shift($emails);
  $this
    ->assertEquals($template
    ->id(), $email['key']);
  $this
    ->assertEquals($user4
    ->getEmail(), $email['to']);

  // CC and BCC have been stripped out.
  $this
    ->assertArrayNotHasKey('Cc', $email['headers']);
  $this
    ->assertArrayNotHasKey('Bcc', $email['headers']);

  // Should have standard tokens evaluated, but unsafe tokens always evaluated for the recipient user.
  $this
    ->assertStringContainsString('<p>This is a test email (HTML) for user account ' . $user1
    ->getAccountName() . '.', (string) $email['body']);
  $this
    ->assertStringContainsString('/user/' . $user4
    ->id() . '/cancel/confirm/', (string) $email['body']);
  $this
    ->assertStringContainsString('/user/reset/' . $user4
    ->id() . '/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/' . $user1
    ->id() . '/cancel/confirm/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user1
    ->id() . '/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/' . $user2
    ->id() . '/cancel/confirm/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user2
    ->id() . '/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/' . $user3
    ->id() . '/cancel/confirm/', (string) $email['body']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user3
    ->id() . '/', (string) $email['body']);
  $this
    ->assertStringContainsString('This is the inbox preview for user account ' . $user1
    ->getDisplayName() . '.', (string) $email['body']);
  $this
    ->assertStringContainsString('This is a test email (Plain Text) for user account ' . $user1
    ->getAccountName() . '.', (string) $email['plain']);
  $this
    ->assertStringContainsString('/user/' . $user4
    ->id() . '/cancel/confirm/', (string) $email['body']);
  $this
    ->assertStringContainsString('/user/reset/' . $user4
    ->id() . '/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/' . $user1
    ->id() . '/cancel/confirm/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user1
    ->id() . '/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/' . $user2
    ->id() . '/cancel/confirm/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user2
    ->id() . '/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/' . $user3
    ->id() . '/cancel/confirm/', (string) $email['plain']);
  $this
    ->assertStringNotContainsString('/user/reset/' . $user3
    ->id() . '/', (string) $email['plain']);

  // Unsafe tokens skipped in subject
  $this
    ->assertEquals('Test email for ' . $user1
    ->getDisplayName() . ': [easy_email:field_user:0:entity:cancel-url], [easy_email:field_cc_user:0:entity:one-time-login-url]', $email['subject']);
}