View source
<?php
namespace Drupal\Tests\honeypot\Functional;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\contact\Entity\ContactForm;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use Drupal\Tests\BrowserTestBase;
use Drupal\user\UserInterface;
class HoneypotFormTest extends BrowserTestBase {
use CommentTestTrait;
use StringTranslationTrait;
protected $adminUser;
protected $webUser;
protected $node;
protected $defaultTheme = 'stark';
public static $modules = [
'honeypot',
'node',
'comment',
'contact',
];
public function setUp() {
parent::setUp();
$honeypot_config = \Drupal::configFactory()
->getEditable('honeypot.settings');
$honeypot_config
->set('element_name', 'url');
$honeypot_config
->set('time_limit', 0);
$honeypot_config
->set('protect_all_forms', TRUE);
$honeypot_config
->set('log', FALSE);
$honeypot_config
->save();
$user_config = \Drupal::configFactory()
->getEditable('user.settings');
$user_config
->set('verify_mail', TRUE);
$user_config
->set('register', UserInterface::REGISTER_VISITORS);
$user_config
->save();
if ($this->profile != 'standard') {
$this
->drupalCreateContentType([
'type' => 'article',
'name' => 'Article',
]);
$this
->addDefaultCommentField('node', 'article');
}
$this->adminUser = $this
->drupalCreateUser([
'administer honeypot',
'bypass honeypot protection',
'administer content types',
'administer users',
'access comments',
'post comments',
'skip comment approval',
'administer comments',
]);
$this->webUser = $this
->drupalCreateUser([
'access comments',
'post comments',
'create article content',
'access site-wide contact form',
]);
$this->node = $this
->drupalCreateNode([
'type' => 'article',
'comment' => CommentItemInterface::OPEN,
]);
}
public function testUserLoginNotProtected() {
$this
->drupalGet('user');
$this
->assertSession()
->responseNotContains('id="edit-url" name="url"');
}
public function testProtectRegisterUserNormal() {
$edit['name'] = $this
->randomMachineName();
$edit['mail'] = $edit['name'] . '@example.com';
$this
->drupalPostForm('user/register', $edit, $this
->t('Create new account'));
$this
->assertSession()
->pageTextContains('A welcome message with further instructions has been sent to your email address.');
}
public function testProtectUserRegisterHoneypotFilled() {
$edit['name'] = $this
->randomMachineName();
$edit['mail'] = $edit['name'] . '@example.com';
$edit['url'] = 'http://www.example.com/';
$this
->drupalPostForm('user/register', $edit, $this
->t('Create new account'));
$this
->assertSession()
->pageTextContains('There was a problem with your form submission. Please refresh the page and try again.');
}
public function testProtectRegisterUserTooFast() {
\Drupal::configFactory()
->getEditable('honeypot.settings')
->set('time_limit', 1)
->save();
$edit['name'] = $this
->randomMachineName();
$edit['mail'] = $edit['name'] . '@example.com';
$this
->drupalGet('user/register');
sleep(2);
$this
->drupalPostForm(NULL, $edit, $this
->t('Create new account'));
$this
->assertNoText($this
->t('There was a problem with your form submission.'));
\Drupal::configFactory()
->getEditable('honeypot.settings')
->set('time_limit', 5)
->save();
$edit['name'] = $this
->randomMachineName();
$edit['mail'] = $edit['name'] . '@example.com';
$this
->drupalPostForm('user/register', $edit, $this
->t('Create new account'));
$this
->assertSession()
->pageTextContains('There was a problem with your form submission. Please wait 6 seconds and try again.');
}
public function testStrictEmptinessOnHoneypotField() {
$edit['name'] = $this
->randomMachineName();
$edit['mail'] = $edit['name'] . '@example.com';
foreach ([
'0',
' ',
] as $value) {
$edit['url'] = $value;
$this
->drupalPostForm('user/register', $edit, $this
->t('Create new account'));
$this
->assertText($this
->t('There was a problem with your form submission. Please refresh the page and try again.'), "Honeypot protection is triggered when the honeypot field contains '{$value}'.");
}
}
public function testProtectCommentFormNormal() {
$comment = 'Test comment.';
\Drupal::configFactory()
->getEditable('honeypot.settings')
->set('time_limit', 0)
->save();
$this
->drupalLogin($this->webUser);
$edit["comment_body[0][value]"] = $comment;
$this
->drupalPostForm('comment/reply/node/' . $this->node
->id() . '/comment', $edit, $this
->t('Save'));
$this
->assertSession()
->pageTextContains('Your comment has been queued for review');
}
public function testProtectCommentFormHoneypotFilled() {
$comment = 'Test comment.';
$this
->drupalLogin($this->webUser);
$edit["comment_body[0][value]"] = $comment;
$edit['url'] = 'http://www.example.com/';
$this
->drupalPostForm('comment/reply/node/' . $this->node
->id() . '/comment', $edit, $this
->t('Save'));
$this
->assertSession()
->pageTextContains('There was a problem with your form submission. Please refresh the page and try again.');
}
public function testProtectCommentFormHoneypotBypass() {
$this
->drupalLogin($this->adminUser);
$this
->drupalGet('comment/reply/node/' . $this->node
->id() . '/comment');
$this
->assertSession()
->responseNotContains('id="edit-url" name="url"');
}
public function testProtectNodeFormTooFast() {
$this
->drupalLogin($this->webUser);
\Drupal::configFactory()
->getEditable('honeypot.settings')
->set('time_limit', 5)
->save();
$edit["title[0][value]"] = 'Test Page';
$this
->drupalPostForm('node/add/article', $edit, $this
->t('Save'));
$this
->assertSession()
->pageTextContains('There was a problem with your form submission.');
}
public function testProtectNodeFormPreviewPassthru() {
$this
->drupalLogin($this->webUser);
$edit["title[0][value]"] = 'Test Page';
$this
->drupalPostForm('node/add/article', $edit, $this
->t('Preview'));
$this
->assertSession()
->pageTextNotContains('There was a problem with your form submission.');
}
public function testProtectContactForm() {
$this
->drupalLogin($this->adminUser);
\Drupal::configFactory()
->getEditable('honeypot.settings')
->set('protect_all_forms', FALSE)
->save();
$feedback_form = ContactForm::create([
'id' => 'feedback',
'label' => 'Website feedback',
'recipients' => [],
'reply' => '',
'weight' => 0,
]);
$feedback_form
->save();
$contact_settings = \Drupal::configFactory()
->getEditable('contact.settings');
$contact_settings
->set('default_form', 'feedback')
->save();
$this
->drupalPostForm('admin/config/content/honeypot', [
'form_settings[contact_message_feedback_form]' => TRUE,
], $this
->t('Save configuration'));
$this
->drupalLogin($this->webUser);
$this
->drupalGet('contact/feedback');
$this
->assertSession()
->fieldExists('url');
}
}