You are here

public function ReCaptchaBasicTest::testReCaptchaOnLoginForm in reCAPTCHA 8.3

Same name and namespace in other branches
  1. 8.2 tests/src/Functional/ReCaptchaBasicTest.php \Drupal\Tests\recaptcha\Functional\ReCaptchaBasicTest::testReCaptchaOnLoginForm()

Testing the protection of the user login form.

File

tests/src/Functional/ReCaptchaBasicTest.php, line 115

Class

ReCaptchaBasicTest
Test basic functionality of reCAPTCHA module.

Namespace

Drupal\Tests\recaptcha\Functional

Code

public function testReCaptchaOnLoginForm() {
  $site_key = $this
    ->randomMachineName(40);
  $secret_key = $this
    ->randomMachineName(40);
  $grecaptcha = '<div class="g-recaptcha" data-sitekey="' . $site_key . '" data-theme="light" data-type="image"></div>';

  // Test if login works.
  $this
    ->drupalLogin($this->normalUser);
  $this
    ->drupalLogout();
  $this
    ->drupalGet('user/login');
  $this
    ->assertSession()
    ->responseNotContains($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is not shown on form.');

  // Enable 'captcha/Math' CAPTCHA on login form.
  captcha_set_form_id_setting('user_login_form', 'captcha/Math');
  $this
    ->drupalGet('user/login');
  $this
    ->assertSession()
    ->responseNotContains($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is not shown on form.');

  // Enable 'recaptcha/reCAPTCHA' on login form.
  captcha_set_form_id_setting('user_login_form', 'recaptcha/reCAPTCHA');
  $result = captcha_get_form_id_setting('user_login_form');
  $this
    ->assertNotNull($result, 'A configuration has been found for CAPTCHA point: user_login_form', 'reCAPTCHA');
  $this
    ->assertEquals($result
    ->getCaptchaType(), 'recaptcha/reCAPTCHA', 'reCAPTCHA type has been configured for CAPTCHA point: user_login_form');

  // Check if a Math CAPTCHA is still shown on the login form. The site key
  // and security key have not yet configured for reCAPTCHA. The module need
  // to fall back to math captcha.
  $this
    ->drupalGet('user/login');
  $this
    ->assertSession()
    ->responseContains($this
    ->t('Math question'), '[testReCaptchaOnLoginForm]: Math CAPTCHA is shown on form.');

  // Configure site key and security key to show reCAPTCHA and no fall back.
  $this
    ->config('recaptcha.settings')
    ->set('site_key', $site_key)
    ->save();
  $this
    ->config('recaptcha.settings')
    ->set('secret_key', $secret_key)
    ->save();

  // Check if there is a reCAPTCHA on the login form.
  $this
    ->drupalGet('user/login');
  $this
    ->assertSession()
    ->responseContains($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is shown on form.');
  $this
    ->assertSession()
    ->responseContains('<script src="' . Url::fromUri('https://www.google.com/recaptcha/api.js', [
    'query' => [
      'hl' => \Drupal::service('language_manager')
        ->getCurrentLanguage()
        ->getId(),
    ],
    'absolute' => TRUE,
  ])
    ->toString() . '" async defer></script>', '[testReCaptchaOnLoginForm]: reCAPTCHA is shown on form.');
  $this
    ->assertSession()
    ->responseNotContains($grecaptcha . '<noscript>', '[testReCaptchaOnLoginForm]: NoScript code is not enabled for the reCAPTCHA.');

  // Test if the fall back url is properly build and noscript code added.
  $this
    ->config('recaptcha.settings')
    ->set('widget.noscript', 1)
    ->save();
  $this
    ->drupalGet('user/login');
  $this
    ->assertSession()
    ->responseContains($grecaptcha . "\n" . '<noscript>', '[testReCaptchaOnLoginForm]: NoScript for reCAPTCHA is shown on form.');
  $options = [
    'query' => [
      'k' => $site_key,
      'hl' => \Drupal::service('language_manager')
        ->getCurrentLanguage()
        ->getId(),
    ],
    'absolute' => TRUE,
  ];
  $this
    ->assertSession()
    ->responseContains(Html::escape(Url::fromUri('https://www.google.com/recaptcha/api/fallback', $options)
    ->toString()), '[testReCaptchaOnLoginForm]: Fallback URL with IFRAME has been found.');

  // Check if there is a reCAPTCHA with global url on the login form.
  $this
    ->config('recaptcha.settings')
    ->set('use_globally', TRUE)
    ->save();
  $this
    ->drupalGet('user/login');
  $this
    ->assertSession()
    ->responseContains('<script src="' . Url::fromUri('https://www.recaptcha.net/recaptcha/api.js', [
    'query' => [
      'hl' => \Drupal::service('language_manager')
        ->getCurrentLanguage()
        ->getId(),
    ],
    'absolute' => TRUE,
  ])
    ->toString() . '" async defer></script>', '[testReCaptchaOnLoginForm]: Global reCAPTCHA is shown on form.');
  $this
    ->assertSession()
    ->responseContains(Html::escape(Url::fromUri('https://www.recaptcha.net/recaptcha/api/fallback', $options)
    ->toString()), '[testReCaptchaOnLoginForm]: Global fallback URL with IFRAME has been found.');

  // Check that data-size attribute does not exists.
  $this
    ->config('recaptcha.settings')
    ->set('widget.size', '')
    ->save();
  $this
    ->drupalGet('user/login');
  $element = $this
    ->xpath('//div[@class=:class and @data-size=:size]', [
    ':class' => 'g-recaptcha',
    ':size' => 'small',
  ]);
  $this
    ->assertEmpty($element, 'Tag contains no data-size attribute.');

  // Check that data-size attribute exists.
  $this
    ->config('recaptcha.settings')
    ->set('widget.size', 'small')
    ->save();
  $this
    ->drupalGet('user/login');
  $element = $this
    ->xpath('//div[@class=:class and @data-size=:size]', [
    ':class' => 'g-recaptcha',
    ':size' => 'small',
  ]);
  $this
    ->assertNotEmpty($element, 'Tag contains data-size attribute and value.');

  // Check that data-tabindex attribute does not exists.
  $this
    ->config('recaptcha.settings')
    ->set('widget.tabindex', 0)
    ->save();
  $this
    ->drupalGet('user/login');
  $element = $this
    ->xpath('//div[@class=:class and @data-tabindex=:index]', [
    ':class' => 'g-recaptcha',
    ':index' => 0,
  ]);
  $this
    ->assertEmpty($element, 'Tag contains no data-tabindex attribute.');

  // Check that data-tabindex attribute exists.
  $this
    ->config('recaptcha.settings')
    ->set('widget.tabindex', 5)
    ->save();
  $this
    ->drupalGet('user/login');
  $element = $this
    ->xpath('//div[@class=:class and @data-tabindex=:index]', [
    ':class' => 'g-recaptcha',
    ':index' => 5,
  ]);
  $this
    ->assertNotEmpty($element, 'Tag contains data-tabindex attribute and value.');

  // Try to log in, which should fail.
  $edit['name'] = $this->normalUser
    ->getAccountName();
  $edit['pass'] = $this->normalUser
    ->getPassword();
  $this
    ->assertSession()
    ->responseContains('captcha_response');
  $this
    ->assertSession()
    ->hiddenFieldExists('captcha_response')
    ->setValue('?');
  $this
    ->drupalPostForm('user/login', $edit, $this
    ->t('Log in'));

  // Check for error message.
  $this
    ->assertSession()
    ->pageTextContains($this
    ->t('The answer you entered for the CAPTCHA was not correct.'), 'CAPTCHA should block user login form', 'reCAPTCHA');

  // And make sure that user is not logged in: check for name and password
  // fields on "?q=user".
  $this
    ->drupalGet('user/login');
  $this
    ->assertSession()
    ->fieldExists('name');
  $this
    ->assertSession()
    ->fieldExists('pass');
}