You are here

class SecureSiteTest in Secure Site 6

Same name and namespace in other branches
  1. 5 tests/securesite.test \SecureSiteTest

Unit tests for the Secure Site module

Test coverage holes:

  • Bypass when logged in as User #1 (can't access user #1's password to

authenticate)

  • Bypass when using CLI (drush doesn't get normal HTTP response codes)

Hierarchy

Expanded class hierarchy of SecureSiteTest

File

tests/securesite.test, line 16
Secure Site module unit tests

View source
class SecureSiteTest extends DrupalTestCase {

  /**
   * Drupal SimpleTest method: return metadata about the test
   */
  function get_info() {
    return array(
      'name' => t('Secure Site (Caching disabled)'),
      'desc' => t('Executes the Secure Site module test suite with caching disabled.'),
      'group' => t('Secure Site module'),
    );
  }
  function setUp() {

    // Disable cache
    $this
      ->drupalVariableSet('cache', CACHE_DISABLED);

    // Always call the setUp() function from the parent class
    parent::setUp();
  }

  /**
   * Check prerequisites
   */
  function testPrerequisites() {

    // 'Access secured pages' permission should be disabled for the
    // authenticated or anonymous user for the tests to work correctly
    $this
      ->assertFalse(array_key_exists(DRUPAL_ANONYMOUS_RID, user_roles(FALSE, 'access secured pages')), t('Prerequisite Test #1; failure indicates other test results can\'t be trusted') . ': %s');
    $this
      ->assertFalse(array_key_exists(DRUPAL_AUTHENTICATED_RID, user_roles(FALSE, 'access secured pages')), t('Prerequisite Test #2;  failure indicates other test results can\'t be trusted') . ': %s');
  }

  /**
   * Check that using the deprecated HTTP Auth alternative method doesn't cause
   * sites to be inaccessible (they should be accessible to anonymous users)
   */
  function testLoginHTTPDeprecated() {
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH_ALT);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));

    // Passing NULL to url() returns the base site path
    $this
      ->assertResponse('200', t('Login: Deprecated HTTP Auth Alt') . ': %s');
    $this
      ->assertNoAuthentication();
  }

  /**
   * Check that anonymous users get the correct headers when using HTTP Auth
   */
  function testLoginAnonymousHTTP() {
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Login: Anonymous HTTP Auth') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm(variable_get('securesite_realm', variable_get('site_name', 'Drupal')));
  }

  /**
   * Check that anonymous users get the correct headers when using the HTML
   * login form
   */
  function testLoginAnonymousHTML() {
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_FORM);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200', t('Login: Anonymous HTML form') . ': %s');
    $this
      ->assertNoAuthentication();
    $this
      ->assertWantedRaw('<h1>Login</h1>');
  }

  /**
   * Check that anonymous users get the correct headers when Secure Site is
   * disabled
   */
  function testLoginAnonymousDisabled() {
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_DISABLED);
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200', t('Login: Disabled') . ': %s');
    $this
      ->assertNoAuthentication();
  }

  /**
   * Check that privileged users can login with HTTP Auth enabled
   */
  function testLoginPrivilegedHTTP() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalGet(url("user/{$privileged_user->uid}", array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate($privileged_user->name, $privileged_user->pass_raw);
    $this
      ->assertResponse('200', t('Login: Privileged HTTP Auth') . ': %s');
    $this
      ->assertNoAuthentication();
    $this
      ->assertText($privileged_user->name);
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
  }

  /**
   * Check that unprivileged users get HTTP Auth when accessing secure pages
   */
  function testLoginUnprivilegedHTTP() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
    $unprivileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
    ));
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Login: Unprivileged HTTP Auth') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate($unprivileged_user->name, $unprivileged_user->pass_raw);
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
  }

  /**
   * Check that unprivileged users don't get HTTP Auth when accessing unsecured pages
   */
  function testLoginUnprivileged() {
    $unprivileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
    ));
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', 'admin');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200', t('Login: Unprivileged unsecured') . ': %s');
    $this
      ->assertNoAuthentication();
    $this
      ->assertText('User login');
    $this
      ->drupalLoginUser($unprivileged_user);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->assertNoText('User login');
  }

  /**
   * Check that users are able to login and logout from unsecured portions of
   * the site after using the normal Drupal login form
   */
  function testLogoutUnsecure() {
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);

    // '/user' has to be whitelisted because drupalLoginUser() goes there to
    // login
    $this
      ->drupalVariableSet('securesite_filter_pages', "<front>\nuser");
    $this
      ->drupalGet(url('<front>', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200', t('Logout: Unsecure') . ': %s');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalLoginUser($privileged_user);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
  }

  /**
   * Check that users get an access denied warning when accessing secured
   * portions of the site if they've already logged in and don't have access to
   * the secure portion
   */
  function testAccessDenied() {
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', "<front>\nuser");
    $this
      ->drupalLoginUser($privileged_user);
    $this
      ->drupalGet(url('user/1', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('403', t('Access Denied') . ': %s');
    $this
      ->assertWantedRaw('Access denied');
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
  }

  /**
   * Check that guests can login when guest mode is enabled (a username and
   * password are set)
   */
  function testGuestLogin() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalVariableSet('securesite_guest_name', 'foo');
    $this
      ->drupalVariableSet('securesite_guest_pass', 'bar');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Guest Mode: Login') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate('foo', 'bar');
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();

    // Age the session by 30 days to make sure it will be cleaned up and
    // restart the test browser
    $this
      ->ageCookies(3600 * 24 * 30);
    $this
      ->restart();

    // Now, check that HTTP Auth works normally
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Guest Mode: Logout') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
  }

  /**
   * Check that users get the correct page after previously logging in as a
   * guest and not forcing a guest logout
   */
  function testGuestFirstUnclean() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));

    // Login as a guest first
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalVariableSet('securesite_guest_name', 'foo');
    $this
      ->drupalVariableSet('securesite_guest_pass', 'bar');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Guest Mode: Guest First Unclean') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate('foo', 'bar');
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->assertText('User login');

    // Now, restart (since logout isn't possible for guests) and login as a
    // privileged user
    $this
      ->restart();
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->assertText('User login');
    $this
      ->drupalLoginUser($privileged_user);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->assertNoText('User login');
  }

  /**
   * Check that users get the correct page after previously logging in as a
   * guest
   */
  function testGuestFirstClean() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));

    // Login as a guest first
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalVariableSet('securesite_guest_name', 'foo');
    $this
      ->drupalVariableSet('securesite_guest_pass', 'bar');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Guest Mode: Guest First Clean') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate('foo', 'bar');
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->assertText('User login');

    // Now, force guest logout, restart, and login as a privileged user
    $this
      ->ageCookies(3600 * 24 * 30);
    $this
      ->restart();
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate($privileged_user->name, $privileged_user->pass_raw);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->assertNoText('User login');

    // TODO: Remove the following line once this test passes
    cache_clear_all();
  }

  /**
   * Check that guests get the correct page after previously logging in as a
   * user
   */
  function testGuestSecond() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));

    // Login as a privileged user first
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalVariableSet('securesite_guest_name', 'foo');
    $this
      ->drupalVariableSet('securesite_guest_pass', 'bar');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Guest Mode: Guest Second') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate($privileged_user->name, $privileged_user->pass_raw);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->assertNoText('User login');
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));

    // Now, login as a guest
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate('foo', 'bar');
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->assertText('User login');
  }

  /**
   * Check that guests are logged out if user had logged in after being a guest
   */
  function testGuestUserLogout() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));

    // Login as a guest first
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', 'user*');
    $this
      ->drupalVariableSet('securesite_guest_name', 'foo');
    $this
      ->drupalVariableSet('securesite_guest_pass', 'bar');
    $this
      ->drupalGet(url('user/login', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Guest Mode: Guest and User Logout') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate('foo', 'bar');
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();

    // Now, login as a privileged user
    $this
      ->assertText('User account');
    $this
      ->drupalLoginUser($privileged_user);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->assertNoText('User login');

    // Now, logout should trigger an auth dialog
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
  }

  /**
   * Check that guest mode is correctly disabled when no username and password
   * are set
   */
  function testGuestDisabled() {
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalVariableSet('securesite_guest_name', NULL);
    $this
      ->drupalVariableSet('securesite_guest_pass', NULL);
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Guest Mode: Disabled') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm(variable_get('securesite_realm', variable_get('site_name', 'Drupal')));
  }

  /**
   * Test the cron bypass
   */
  function testBypassCron() {
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalGet(url('cron.php', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200', t('Bypass: cron') . ': %s');
    $this
      ->assertNoAuthentication();
  }

  /**
   * Test the user #1 bypass
   *
   * TODO: Test disabled since it's not possible to get user #1's password to
   * test login
   */

  /*
    function testBypassUser1() {
      $user_one = user_load(array('uid' => 1));
      $this->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
      $this->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
      $this->drupalVariableSet('securesite_filter_pages', '');
      $this->drupalGet(url("user/$user_one->uid", array('absolute' => TRUE)));
      $this->authenticate($user_one->name, $user_one->pass);
      $this->assertResponse('200', t('Bypass Test #4') .': %s');
      $this->assertNoAuthentication();
      $this->assertText($user_one->name);
      $this->drupalGet(url('logout', array('absolute' => TRUE)));
    }
  */

  /**
   * Test whitelist
   */
  function testWhitelist() {
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', 'admin/*');
    $this
      ->drupalGet(url('admin/content', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('403', t('Whitelist') . ': %s');
    $this
      ->assertNoAuthentication();
    $this
      ->assertText('Access denied');
  }

  /**
   * Test blacklist
   */
  function testBlacklist() {
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', 'admin/*');
    $this
      ->drupalGet(url('admin/content', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Blacklist') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm(variable_get('securesite_realm', variable_get('site_name', 'Drupal')));
  }

  /**
   * Check that the realm is correct when using the HTTP Auth method with the
   * default SimpleTest User Agent string
   */
  function testUserAgentDefault() {
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('UA Test #1') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm(variable_get('securesite_realm', variable_get('site_name', 'Drupal')));
  }

  /**
   * Check that the realm is correct when using the HTTP Auth method with
   * Opera's User Agent string
   */
  function testUserAgentOpera() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));

    // Send the Opera 9.51 User-Agent header
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->addHeader('User-Agent: Opera/9.51 (Windows NT 5.1; U; en)');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('User Agent: Opera') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm(new PatternExpectation("/{$realm} - \\d\\d\\d*/"));
  }

  /**
   * Check that the realm is correct when using the HTTP Auth method with
   * Safari's User Agent string
   */
  function testUserAgentSafari() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));

    // Send the Safari 3.1 User-Agent header
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->addHeader('User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-us) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('User Agent: Safari') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm(new PatternExpectation("/{$realm} - \\d\\d\\d*/"));
  }

  /**
   * Check that the realm is correct when using the HTTP Auth method with
   * Internet Explorer's User Agent string
   */
  function testUserAgentIE() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));

    // Send the Internet Explorer 8.0 Beta User-Agent header
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->addHeader('User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; .NET CLR 1.1.4322)');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('User Agent: IE') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm(new PatternExpectation("/{$realm} - \\d\\d\\d*/"));
  }

  /**
   * Check that the realm is correct when using the HTTP Auth method with
   * Firefox's User Agent string
   */
  function testUserAgentFirefox() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));

    // Send the Firefox 3.0.1 User-Agent header
    $this
      ->restart();
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->addHeader('User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('User Agent: Firefox') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
  }

  /**
   * Tests for _securesite_filter_check()
   *
   * TODO: Add result explanations
   * TODO: Verify correctness of test #11
   */
  function testFilterCheck() {
    $home = variable_get('site_frontpage', 'node');

    // Disable Secure Site, as the init() stuff can get in the way
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_DISABLED);

    // Test #1: Basic Whitelist
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', 'node');
    $this
      ->assertTrue(_securesite_filter_check('node'), t('Filter Check Test #1') . ': %s');

    // Test #2: Basic Blacklist
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
    $this
      ->assertFalse(_securesite_filter_check('node'), t('Filter Check Test #2') . ': %s');

    // Test #3: Empty Whitelist
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->assertFalse(_securesite_filter_check($home), t('Filter Check Test #3') . ': %s');

    // Test #4: Empty Blacklist
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
    $this
      ->assertTrue(_securesite_filter_check($home), t('Filter Check Test #4') . ': %s');

    // Test #5: NULL Whitelist
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', NULL);
    $this
      ->assertFalse(_securesite_filter_check($home), t('Filter Check Test #5') . ': %s');

    // Test #6: NULL Blacklist
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
    $this
      ->assertTrue(_securesite_filter_check($home), t('Filter Check Test #6') . ': %s');

    // Test #7: <front> Whitelist
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '<front>');
    $this
      ->assertTrue(_securesite_filter_check($home), t('Filter Check Test #7') . ': %s');

    // Test #8: <front> Blacklist
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
    $this
      ->assertFalse(_securesite_filter_check($home), t('Filter Check Test #8') . ': %s');

    // Test #9: Empty Path
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->assertFalse(_securesite_filter_check(''), t('Filter Check Test #9') . ': %s');

    // Test #10: NULL Path
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->assertFalse(_securesite_filter_check(NULL), t('Filter Check Test #10') . ': %s');

    // Test #11: <front> is the same as no path
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '<front>');
    $this
      ->assertFalse(_securesite_filter_check(''), t('Filter Check Test #11') . ': %s');
  }

  /**
   * Check that login works normally after previous login and logout using the
   * normal HTML login form
   */
  function testRepeatLoginUnsecure() {
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));

    // Login, logout, then login and logout again
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', "<front>\nuser");
    $this
      ->drupalGet(url('<front>', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200', t('Repeat Login: Unsecure') . ': %s');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalLoginUser($privileged_user);
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalGet(url('<front>', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalLoginUser($privileged_user);
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
  }

  /**
   * Check that login works normally after previous login and logout when first
   * not securing <front>, then securing it
   */
  function testRepeatLoginUnsecureFirst() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));

    // Login, logout, then login and logout again
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', "<front>\nuser");
    $this
      ->drupalGet(url('<front>', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200', t('Repeat Login: Unsecure First') . ': %s');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalLoginUser($privileged_user);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalGet(url('<front>', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate($privileged_user->name, $privileged_user->pass_raw);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
  }

  /**
   * Check that login works normally after previous login and logout when first
   * securing <front>, then not
   */
  function testRepeatLoginSecureFirst() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));

    // Login, logout, then login and logout again
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalGet(url('<front>', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Repeat Login: Secure First') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate($privileged_user->name, $privileged_user->pass_raw);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->drupalVariableSet('securesite_filter_pages', "<front>\nuser");
    $this
      ->drupalGet(url('<front>', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalLoginUser($privileged_user);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
  }

  /**
   * Check that the user doesn't get stuck on the logout page
   */
  function testLogoutRedirect() {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
    $privileged_user = $this
      ->drupalCreateUserRolePerm(array(
      'access content',
      'access secured pages',
    ));
    $this
      ->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
    $this
      ->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
    $this
      ->drupalVariableSet('securesite_filter_pages', '');
    $this
      ->drupalGet(url(NULL, array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401', t('Logout Redirect') . ': %s');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate($privileged_user->name, $privileged_user->pass_raw);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
    $this
      ->drupalGet(url('logout', array(
      'absolute' => TRUE,
    )));
    $this
      ->assertResponse('401');
    $this
      ->assertAuthentication('Basic');
    $this
      ->assertRealm($realm);
    $this
      ->authenticate($privileged_user->name, $privileged_user->pass_raw);
    $this
      ->assertResponse('200');
    $this
      ->assertNoAuthentication();
  }

}

Members

Namesort descending Modifiers Type Description Overrides
SecureSiteTest::get_info function Drupal SimpleTest method: return metadata about the test 1
SecureSiteTest::setUp function 1
SecureSiteTest::testAccessDenied function Check that users get an access denied warning when accessing secured portions of the site if they've already logged in and don't have access to the secure portion
SecureSiteTest::testBlacklist function Test blacklist
SecureSiteTest::testBypassCron function Test the cron bypass
SecureSiteTest::testFilterCheck function Tests for _securesite_filter_check()
SecureSiteTest::testGuestDisabled function Check that guest mode is correctly disabled when no username and password are set
SecureSiteTest::testGuestFirstClean function Check that users get the correct page after previously logging in as a guest
SecureSiteTest::testGuestFirstUnclean function Check that users get the correct page after previously logging in as a guest and not forcing a guest logout
SecureSiteTest::testGuestLogin function Check that guests can login when guest mode is enabled (a username and password are set)
SecureSiteTest::testGuestSecond function Check that guests get the correct page after previously logging in as a user
SecureSiteTest::testGuestUserLogout function Check that guests are logged out if user had logged in after being a guest
SecureSiteTest::testLoginAnonymousDisabled function Check that anonymous users get the correct headers when Secure Site is disabled
SecureSiteTest::testLoginAnonymousHTML function Check that anonymous users get the correct headers when using the HTML login form
SecureSiteTest::testLoginAnonymousHTTP function Check that anonymous users get the correct headers when using HTTP Auth
SecureSiteTest::testLoginHTTPDeprecated function Check that using the deprecated HTTP Auth alternative method doesn't cause sites to be inaccessible (they should be accessible to anonymous users)
SecureSiteTest::testLoginPrivilegedHTTP function Check that privileged users can login with HTTP Auth enabled
SecureSiteTest::testLoginUnprivileged function Check that unprivileged users don't get HTTP Auth when accessing unsecured pages
SecureSiteTest::testLoginUnprivilegedHTTP function Check that unprivileged users get HTTP Auth when accessing secure pages
SecureSiteTest::testLogoutRedirect function Check that the user doesn't get stuck on the logout page
SecureSiteTest::testLogoutUnsecure function Check that users are able to login and logout from unsecured portions of the site after using the normal Drupal login form
SecureSiteTest::testPrerequisites function Check prerequisites
SecureSiteTest::testRepeatLoginSecureFirst function Check that login works normally after previous login and logout when first securing <front>, then not
SecureSiteTest::testRepeatLoginUnsecure function Check that login works normally after previous login and logout using the normal HTML login form
SecureSiteTest::testRepeatLoginUnsecureFirst function Check that login works normally after previous login and logout when first not securing <front>, then securing it
SecureSiteTest::testUserAgentDefault function Check that the realm is correct when using the HTTP Auth method with the default SimpleTest User Agent string
SecureSiteTest::testUserAgentFirefox function Check that the realm is correct when using the HTTP Auth method with Firefox's User Agent string
SecureSiteTest::testUserAgentIE function Check that the realm is correct when using the HTTP Auth method with Internet Explorer's User Agent string
SecureSiteTest::testUserAgentOpera function Check that the realm is correct when using the HTTP Auth method with Opera's User Agent string
SecureSiteTest::testUserAgentSafari function Check that the realm is correct when using the HTTP Auth method with Safari's User Agent string
SecureSiteTest::testWhitelist function Test whitelist