You are here

HoneypotFormTest.php in Honeypot 8

Same filename and directory in other branches
  1. 2.0.x tests/src/Functional/HoneypotFormTest.php


View source

namespace Drupal\Tests\honeypot\Functional;

use Drupal\comment\Tests\CommentTestTrait;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\contact\Entity\ContactForm;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use Drupal\Tests\BrowserTestBase;
use Drupal\user\UserInterface;

 * Test Honeypot spam protection functionality.
 * @group honeypot
class HoneypotFormTest extends BrowserTestBase {
  use CommentTestTrait;
  use StringTranslationTrait;

   * Admin user.
   * @var \Drupal\user\UserInterface
  protected $adminUser;

   * Site visitor.
   * @var \Drupal\user\UserInterface
  protected $webUser;

   * Node object.
   * @var \Drupal\node\NodeInterface
  protected $node;

   * Default theme.
   * @var string
  protected $defaultTheme = 'stark';

   * Modules to enable.
   * @var array
  public static $modules = [

   * {@inheritdoc}
  public function setUp() {

    // Enable modules required for this test.

    // Set up required Honeypot configuration.
    $honeypot_config = \Drupal::configFactory()
      ->set('element_name', 'url');

    // Disable time_limit protection.
      ->set('time_limit', 0);

    // Test protecting all forms.
      ->set('protect_all_forms', TRUE);
      ->set('log', FALSE);

    // Set up other required configuration.
    $user_config = \Drupal::configFactory()
      ->set('verify_mail', TRUE);
      ->set('register', UserInterface::REGISTER_VISITORS);

    // Create an Article node type.
    if ($this->profile != 'standard') {
        'type' => 'article',
        'name' => 'Article',

      // Create comment field on article.
        ->addDefaultCommentField('node', 'article');

    // Set up admin user.
    $this->adminUser = $this
      'administer honeypot',
      'bypass honeypot protection',
      'administer content types',
      'administer users',
      'access comments',
      'post comments',
      'skip comment approval',
      'administer comments',

    // Set up web user.
    $this->webUser = $this
      'access comments',
      'post comments',
      'create article content',
      'access site-wide contact form',

    // Set up example node.
    $this->node = $this
      'type' => 'article',
      'comment' => CommentItemInterface::OPEN,

   * Make sure user login form is not protected.
  public function testUserLoginNotProtected() {
      ->responseNotContains('id="edit-url" name="url"');

   * Test user registration (anonymous users).
  public function testProtectRegisterUserNormal() {

    // Set up form and submit it.
    $edit['name'] = $this
    $edit['mail'] = $edit['name'] . '';
      ->drupalPostForm('user/register', $edit, $this
      ->t('Create new account'));

    // Form should have been submitted successfully.
      ->pageTextContains('A welcome message with further instructions has been sent to your email address.');

   * Test for user register honeypot filled.
  public function testProtectUserRegisterHoneypotFilled() {

    // Set up form and submit it.
    $edit['name'] = $this
    $edit['mail'] = $edit['name'] . '';
    $edit['url'] = '';
      ->drupalPostForm('user/register', $edit, $this
      ->t('Create new account'));

    // Form should have error message.
      ->pageTextContains('There was a problem with your form submission. Please refresh the page and try again.');

   * Test for user register too fast.
  public function testProtectRegisterUserTooFast() {
      ->set('time_limit', 1)

    // First attempt a submission that does not trigger honeypot.
    $edit['name'] = $this
    $edit['mail'] = $edit['name'] . '';
      ->drupalPostForm(NULL, $edit, $this
      ->t('Create new account'));
      ->t('There was a problem with your form submission.'));

    // Set the time limit a bit higher so we can trigger honeypot.
      ->set('time_limit', 5)

    // Set up form and submit it.
    $edit['name'] = $this
    $edit['mail'] = $edit['name'] . '';
      ->drupalPostForm('user/register', $edit, $this
      ->t('Create new account'));

    // Form should have error message.
      ->pageTextContains('There was a problem with your form submission. Please wait 6 seconds and try again.');

   * Test that any (not-strict-empty) value triggers protection.
  public function testStrictEmptinessOnHoneypotField() {

    // Initialise the form values.
    $edit['name'] = $this
    $edit['mail'] = $edit['name'] . '';

    // Any value that is not strictly empty should trigger Honeypot.
    foreach ([
      ' ',
    ] as $value) {
      $edit['url'] = $value;
        ->drupalPostForm('user/register', $edit, $this
        ->t('Create new account'));
        ->t('There was a problem with your form submission. Please refresh the page and try again.'), "Honeypot protection is triggered when the honeypot field contains '{$value}'.");

   * Test comment form protection.
  public function testProtectCommentFormNormal() {
    $comment = 'Test comment.';

    // Disable time limit for honeypot.
      ->set('time_limit', 0)

    // Log in the web user.

    // Set up form and submit it.
    $edit["comment_body[0][value]"] = $comment;
      ->drupalPostForm('comment/reply/node/' . $this->node
      ->id() . '/comment', $edit, $this
      ->pageTextContains('Your comment has been queued for review');

   * Test for comment form honeypot filled.
  public function testProtectCommentFormHoneypotFilled() {
    $comment = 'Test comment.';

    // Log in the web user.

    // Set up form and submit it.
    $edit["comment_body[0][value]"] = $comment;
    $edit['url'] = '';
      ->drupalPostForm('comment/reply/node/' . $this->node
      ->id() . '/comment', $edit, $this
      ->pageTextContains('There was a problem with your form submission. Please refresh the page and try again.');

   * Test for comment form honeypot bypass.
  public function testProtectCommentFormHoneypotBypass() {

    // Log in the admin user.

    // Get the comment reply form and ensure there's no 'url' field.
      ->drupalGet('comment/reply/node/' . $this->node
      ->id() . '/comment');
      ->responseNotContains('id="edit-url" name="url"');

   * Test node form protection.
  public function testProtectNodeFormTooFast() {

    // Log in the admin user.

    // Reset the time limit to 5 seconds.
      ->set('time_limit', 5)

    // Set up the form and submit it.
    $edit["title[0][value]"] = 'Test Page';
      ->drupalPostForm('node/add/article', $edit, $this
      ->pageTextContains('There was a problem with your form submission.');

   * Test node form protection.
  public function testProtectNodeFormPreviewPassthru() {

    // Log in the admin user.

    // Post a node form using the 'Preview' button and make sure it's allowed.
    $edit["title[0][value]"] = 'Test Page';
      ->drupalPostForm('node/add/article', $edit, $this
      ->pageTextNotContains('There was a problem with your form submission.');

   * Test protection on the Contact form.
  public function testProtectContactForm() {

    // Disable 'protect_all_forms'.
      ->set('protect_all_forms', FALSE)

    // Create a Website feedback contact form.
    $feedback_form = ContactForm::create([
      'id' => 'feedback',
      'label' => 'Website feedback',
      'recipients' => [],
      'reply' => '',
      'weight' => 0,
    $contact_settings = \Drupal::configFactory()
      ->set('default_form', 'feedback')

    // Submit the admin form so we can verify the right forms are displayed.
      ->drupalPostForm('admin/config/content/honeypot', [
      'form_settings[contact_message_feedback_form]' => TRUE,
    ], $this
      ->t('Save configuration'));



Namesort descending Description
HoneypotFormTest Test Honeypot spam protection functionality.