class SecureSiteTest in Secure Site 6
Same name and namespace in other branches
- 5 tests/securesite.test \SecureSiteTest
Unit tests for the Secure Site module
Test coverage holes:
- Bypass when logged in as User #1 (can't access user #1's password to
authenticate)
- Bypass when using CLI (drush doesn't get normal HTTP response codes)
Hierarchy
- class \SecureSiteTest extends \DrupalTestCase
Expanded class hierarchy of SecureSiteTest
File
- tests/
securesite.test, line 16 - Secure Site module unit tests
View source
class SecureSiteTest extends DrupalTestCase {
/**
* Drupal SimpleTest method: return metadata about the test
*/
function get_info() {
return array(
'name' => t('Secure Site (Caching disabled)'),
'desc' => t('Executes the Secure Site module test suite with caching disabled.'),
'group' => t('Secure Site module'),
);
}
function setUp() {
// Disable cache
$this
->drupalVariableSet('cache', CACHE_DISABLED);
// Always call the setUp() function from the parent class
parent::setUp();
}
/**
* Check prerequisites
*/
function testPrerequisites() {
// 'Access secured pages' permission should be disabled for the
// authenticated or anonymous user for the tests to work correctly
$this
->assertFalse(array_key_exists(DRUPAL_ANONYMOUS_RID, user_roles(FALSE, 'access secured pages')), t('Prerequisite Test #1; failure indicates other test results can\'t be trusted') . ': %s');
$this
->assertFalse(array_key_exists(DRUPAL_AUTHENTICATED_RID, user_roles(FALSE, 'access secured pages')), t('Prerequisite Test #2; failure indicates other test results can\'t be trusted') . ': %s');
}
/**
* Check that using the deprecated HTTP Auth alternative method doesn't cause
* sites to be inaccessible (they should be accessible to anonymous users)
*/
function testLoginHTTPDeprecated() {
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH_ALT);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
// Passing NULL to url() returns the base site path
$this
->assertResponse('200', t('Login: Deprecated HTTP Auth Alt') . ': %s');
$this
->assertNoAuthentication();
}
/**
* Check that anonymous users get the correct headers when using HTTP Auth
*/
function testLoginAnonymousHTTP() {
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Login: Anonymous HTTP Auth') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm(variable_get('securesite_realm', variable_get('site_name', 'Drupal')));
}
/**
* Check that anonymous users get the correct headers when using the HTML
* login form
*/
function testLoginAnonymousHTML() {
$this
->drupalVariableSet('securesite_enabled', SECURESITE_FORM);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('200', t('Login: Anonymous HTML form') . ': %s');
$this
->assertNoAuthentication();
$this
->assertWantedRaw('<h1>Login</h1>');
}
/**
* Check that anonymous users get the correct headers when Secure Site is
* disabled
*/
function testLoginAnonymousDisabled() {
$this
->drupalVariableSet('securesite_enabled', SECURESITE_DISABLED);
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('200', t('Login: Disabled') . ': %s');
$this
->assertNoAuthentication();
}
/**
* Check that privileged users can login with HTTP Auth enabled
*/
function testLoginPrivilegedHTTP() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalGet(url("user/{$privileged_user->uid}", array(
'absolute' => TRUE,
)));
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate($privileged_user->name, $privileged_user->pass_raw);
$this
->assertResponse('200', t('Login: Privileged HTTP Auth') . ': %s');
$this
->assertNoAuthentication();
$this
->assertText($privileged_user->name);
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
}
/**
* Check that unprivileged users get HTTP Auth when accessing secure pages
*/
function testLoginUnprivilegedHTTP() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$unprivileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
));
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Login: Unprivileged HTTP Auth') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate($unprivileged_user->name, $unprivileged_user->pass_raw);
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
}
/**
* Check that unprivileged users don't get HTTP Auth when accessing unsecured pages
*/
function testLoginUnprivileged() {
$unprivileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
));
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
$this
->drupalVariableSet('securesite_filter_pages', 'admin');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('200', t('Login: Unprivileged unsecured') . ': %s');
$this
->assertNoAuthentication();
$this
->assertText('User login');
$this
->drupalLoginUser($unprivileged_user);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->assertNoText('User login');
}
/**
* Check that users are able to login and logout from unsecured portions of
* the site after using the normal Drupal login form
*/
function testLogoutUnsecure() {
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
// '/user' has to be whitelisted because drupalLoginUser() goes there to
// login
$this
->drupalVariableSet('securesite_filter_pages', "<front>\nuser");
$this
->drupalGet(url('<front>', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200', t('Logout: Unsecure') . ': %s');
$this
->assertNoAuthentication();
$this
->drupalLoginUser($privileged_user);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200');
$this
->assertNoAuthentication();
}
/**
* Check that users get an access denied warning when accessing secured
* portions of the site if they've already logged in and don't have access to
* the secure portion
*/
function testAccessDenied() {
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', "<front>\nuser");
$this
->drupalLoginUser($privileged_user);
$this
->drupalGet(url('user/1', array(
'absolute' => TRUE,
)));
$this
->assertResponse('403', t('Access Denied') . ': %s');
$this
->assertWantedRaw('Access denied');
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200');
$this
->assertNoAuthentication();
}
/**
* Check that guests can login when guest mode is enabled (a username and
* password are set)
*/
function testGuestLogin() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalVariableSet('securesite_guest_name', 'foo');
$this
->drupalVariableSet('securesite_guest_pass', 'bar');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Guest Mode: Login') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate('foo', 'bar');
$this
->assertResponse('200');
$this
->assertNoAuthentication();
// Age the session by 30 days to make sure it will be cleaned up and
// restart the test browser
$this
->ageCookies(3600 * 24 * 30);
$this
->restart();
// Now, check that HTTP Auth works normally
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Guest Mode: Logout') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
}
/**
* Check that users get the correct page after previously logging in as a
* guest and not forcing a guest logout
*/
function testGuestFirstUnclean() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
// Login as a guest first
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalVariableSet('securesite_guest_name', 'foo');
$this
->drupalVariableSet('securesite_guest_pass', 'bar');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Guest Mode: Guest First Unclean') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate('foo', 'bar');
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->assertText('User login');
// Now, restart (since logout isn't possible for guests) and login as a
// privileged user
$this
->restart();
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->assertText('User login');
$this
->drupalLoginUser($privileged_user);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->assertNoText('User login');
}
/**
* Check that users get the correct page after previously logging in as a
* guest
*/
function testGuestFirstClean() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
// Login as a guest first
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalVariableSet('securesite_guest_name', 'foo');
$this
->drupalVariableSet('securesite_guest_pass', 'bar');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Guest Mode: Guest First Clean') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate('foo', 'bar');
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->assertText('User login');
// Now, force guest logout, restart, and login as a privileged user
$this
->ageCookies(3600 * 24 * 30);
$this
->restart();
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate($privileged_user->name, $privileged_user->pass_raw);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->assertNoText('User login');
// TODO: Remove the following line once this test passes
cache_clear_all();
}
/**
* Check that guests get the correct page after previously logging in as a
* user
*/
function testGuestSecond() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
// Login as a privileged user first
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalVariableSet('securesite_guest_name', 'foo');
$this
->drupalVariableSet('securesite_guest_pass', 'bar');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Guest Mode: Guest Second') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate($privileged_user->name, $privileged_user->pass_raw);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->assertNoText('User login');
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
// Now, login as a guest
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate('foo', 'bar');
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->assertText('User login');
}
/**
* Check that guests are logged out if user had logged in after being a guest
*/
function testGuestUserLogout() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
// Login as a guest first
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
$this
->drupalVariableSet('securesite_filter_pages', 'user*');
$this
->drupalVariableSet('securesite_guest_name', 'foo');
$this
->drupalVariableSet('securesite_guest_pass', 'bar');
$this
->drupalGet(url('user/login', array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Guest Mode: Guest and User Logout') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate('foo', 'bar');
$this
->assertResponse('200');
$this
->assertNoAuthentication();
// Now, login as a privileged user
$this
->assertText('User account');
$this
->drupalLoginUser($privileged_user);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->assertNoText('User login');
// Now, logout should trigger an auth dialog
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
}
/**
* Check that guest mode is correctly disabled when no username and password
* are set
*/
function testGuestDisabled() {
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalVariableSet('securesite_guest_name', NULL);
$this
->drupalVariableSet('securesite_guest_pass', NULL);
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Guest Mode: Disabled') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm(variable_get('securesite_realm', variable_get('site_name', 'Drupal')));
}
/**
* Test the cron bypass
*/
function testBypassCron() {
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalGet(url('cron.php', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200', t('Bypass: cron') . ': %s');
$this
->assertNoAuthentication();
}
/**
* Test the user #1 bypass
*
* TODO: Test disabled since it's not possible to get user #1's password to
* test login
*/
/*
function testBypassUser1() {
$user_one = user_load(array('uid' => 1));
$this->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this->drupalVariableSet('securesite_filter_pages', '');
$this->drupalGet(url("user/$user_one->uid", array('absolute' => TRUE)));
$this->authenticate($user_one->name, $user_one->pass);
$this->assertResponse('200', t('Bypass Test #4') .': %s');
$this->assertNoAuthentication();
$this->assertText($user_one->name);
$this->drupalGet(url('logout', array('absolute' => TRUE)));
}
*/
/**
* Test whitelist
*/
function testWhitelist() {
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', 'admin/*');
$this
->drupalGet(url('admin/content', array(
'absolute' => TRUE,
)));
$this
->assertResponse('403', t('Whitelist') . ': %s');
$this
->assertNoAuthentication();
$this
->assertText('Access denied');
}
/**
* Test blacklist
*/
function testBlacklist() {
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
$this
->drupalVariableSet('securesite_filter_pages', 'admin/*');
$this
->drupalGet(url('admin/content', array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Blacklist') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm(variable_get('securesite_realm', variable_get('site_name', 'Drupal')));
}
/**
* Check that the realm is correct when using the HTTP Auth method with the
* default SimpleTest User Agent string
*/
function testUserAgentDefault() {
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('UA Test #1') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm(variable_get('securesite_realm', variable_get('site_name', 'Drupal')));
}
/**
* Check that the realm is correct when using the HTTP Auth method with
* Opera's User Agent string
*/
function testUserAgentOpera() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
// Send the Opera 9.51 User-Agent header
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->addHeader('User-Agent: Opera/9.51 (Windows NT 5.1; U; en)');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('User Agent: Opera') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm(new PatternExpectation("/{$realm} - \\d\\d\\d*/"));
}
/**
* Check that the realm is correct when using the HTTP Auth method with
* Safari's User Agent string
*/
function testUserAgentSafari() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
// Send the Safari 3.1 User-Agent header
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->addHeader('User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-us) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('User Agent: Safari') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm(new PatternExpectation("/{$realm} - \\d\\d\\d*/"));
}
/**
* Check that the realm is correct when using the HTTP Auth method with
* Internet Explorer's User Agent string
*/
function testUserAgentIE() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
// Send the Internet Explorer 8.0 Beta User-Agent header
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->addHeader('User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; .NET CLR 1.1.4322)');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('User Agent: IE') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm(new PatternExpectation("/{$realm} - \\d\\d\\d*/"));
}
/**
* Check that the realm is correct when using the HTTP Auth method with
* Firefox's User Agent string
*/
function testUserAgentFirefox() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
// Send the Firefox 3.0.1 User-Agent header
$this
->restart();
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->addHeader('User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('User Agent: Firefox') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
}
/**
* Tests for _securesite_filter_check()
*
* TODO: Add result explanations
* TODO: Verify correctness of test #11
*/
function testFilterCheck() {
$home = variable_get('site_frontpage', 'node');
// Disable Secure Site, as the init() stuff can get in the way
$this
->drupalVariableSet('securesite_enabled', SECURESITE_DISABLED);
// Test #1: Basic Whitelist
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', 'node');
$this
->assertTrue(_securesite_filter_check('node'), t('Filter Check Test #1') . ': %s');
// Test #2: Basic Blacklist
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
$this
->assertFalse(_securesite_filter_check('node'), t('Filter Check Test #2') . ': %s');
// Test #3: Empty Whitelist
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->assertFalse(_securesite_filter_check($home), t('Filter Check Test #3') . ': %s');
// Test #4: Empty Blacklist
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
$this
->assertTrue(_securesite_filter_check($home), t('Filter Check Test #4') . ': %s');
// Test #5: NULL Whitelist
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', NULL);
$this
->assertFalse(_securesite_filter_check($home), t('Filter Check Test #5') . ': %s');
// Test #6: NULL Blacklist
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
$this
->assertTrue(_securesite_filter_check($home), t('Filter Check Test #6') . ': %s');
// Test #7: <front> Whitelist
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '<front>');
$this
->assertTrue(_securesite_filter_check($home), t('Filter Check Test #7') . ': %s');
// Test #8: <front> Blacklist
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
$this
->assertFalse(_securesite_filter_check($home), t('Filter Check Test #8') . ': %s');
// Test #9: Empty Path
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->assertFalse(_securesite_filter_check(''), t('Filter Check Test #9') . ': %s');
// Test #10: NULL Path
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->assertFalse(_securesite_filter_check(NULL), t('Filter Check Test #10') . ': %s');
// Test #11: <front> is the same as no path
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_BLACKLIST);
$this
->drupalVariableSet('securesite_filter_pages', '<front>');
$this
->assertFalse(_securesite_filter_check(''), t('Filter Check Test #11') . ': %s');
}
/**
* Check that login works normally after previous login and logout using the
* normal HTML login form
*/
function testRepeatLoginUnsecure() {
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
// Login, logout, then login and logout again
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', "<front>\nuser");
$this
->drupalGet(url('<front>', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200', t('Repeat Login: Unsecure') . ': %s');
$this
->assertNoAuthentication();
$this
->drupalLoginUser($privileged_user);
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->drupalGet(url('<front>', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->drupalLoginUser($privileged_user);
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200');
$this
->assertNoAuthentication();
}
/**
* Check that login works normally after previous login and logout when first
* not securing <front>, then securing it
*/
function testRepeatLoginUnsecureFirst() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
// Login, logout, then login and logout again
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', "<front>\nuser");
$this
->drupalGet(url('<front>', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200', t('Repeat Login: Unsecure First') . ': %s');
$this
->assertNoAuthentication();
$this
->drupalLoginUser($privileged_user);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalGet(url('<front>', array(
'absolute' => TRUE,
)));
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate($privileged_user->name, $privileged_user->pass_raw);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
}
/**
* Check that login works normally after previous login and logout when first
* securing <front>, then not
*/
function testRepeatLoginSecureFirst() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
// Login, logout, then login and logout again
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalGet(url('<front>', array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Repeat Login: Secure First') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate($privileged_user->name, $privileged_user->pass_raw);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->drupalVariableSet('securesite_filter_pages', "<front>\nuser");
$this
->drupalGet(url('<front>', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->drupalLoginUser($privileged_user);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('200');
$this
->assertNoAuthentication();
}
/**
* Check that the user doesn't get stuck on the logout page
*/
function testLogoutRedirect() {
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$privileged_user = $this
->drupalCreateUserRolePerm(array(
'access content',
'access secured pages',
));
$this
->drupalVariableSet('securesite_enabled', SECURESITE_AUTH);
$this
->drupalVariableSet('securesite_filter_pages_type', SECURESITE_WHITELIST);
$this
->drupalVariableSet('securesite_filter_pages', '');
$this
->drupalGet(url(NULL, array(
'absolute' => TRUE,
)));
$this
->assertResponse('401', t('Logout Redirect') . ': %s');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate($privileged_user->name, $privileged_user->pass_raw);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
$this
->drupalGet(url('logout', array(
'absolute' => TRUE,
)));
$this
->assertResponse('401');
$this
->assertAuthentication('Basic');
$this
->assertRealm($realm);
$this
->authenticate($privileged_user->name, $privileged_user->pass_raw);
$this
->assertResponse('200');
$this
->assertNoAuthentication();
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
SecureSiteTest:: |
function | Drupal SimpleTest method: return metadata about the test | 1 | |
|
SecureSiteTest:: |
function | 1 | ||
|
SecureSiteTest:: |
function | Check that users get an access denied warning when accessing secured portions of the site if they've already logged in and don't have access to the secure portion | ||
|
SecureSiteTest:: |
function | Test blacklist | ||
|
SecureSiteTest:: |
function | Test the cron bypass | ||
|
SecureSiteTest:: |
function | Tests for _securesite_filter_check() | ||
|
SecureSiteTest:: |
function | Check that guest mode is correctly disabled when no username and password are set | ||
|
SecureSiteTest:: |
function | Check that users get the correct page after previously logging in as a guest | ||
|
SecureSiteTest:: |
function | Check that users get the correct page after previously logging in as a guest and not forcing a guest logout | ||
|
SecureSiteTest:: |
function | Check that guests can login when guest mode is enabled (a username and password are set) | ||
|
SecureSiteTest:: |
function | Check that guests get the correct page after previously logging in as a user | ||
|
SecureSiteTest:: |
function | Check that guests are logged out if user had logged in after being a guest | ||
|
SecureSiteTest:: |
function | Check that anonymous users get the correct headers when Secure Site is disabled | ||
|
SecureSiteTest:: |
function | Check that anonymous users get the correct headers when using the HTML login form | ||
|
SecureSiteTest:: |
function | Check that anonymous users get the correct headers when using HTTP Auth | ||
|
SecureSiteTest:: |
function | Check that using the deprecated HTTP Auth alternative method doesn't cause sites to be inaccessible (they should be accessible to anonymous users) | ||
|
SecureSiteTest:: |
function | Check that privileged users can login with HTTP Auth enabled | ||
|
SecureSiteTest:: |
function | Check that unprivileged users don't get HTTP Auth when accessing unsecured pages | ||
|
SecureSiteTest:: |
function | Check that unprivileged users get HTTP Auth when accessing secure pages | ||
|
SecureSiteTest:: |
function | Check that the user doesn't get stuck on the logout page | ||
|
SecureSiteTest:: |
function | Check that users are able to login and logout from unsecured portions of the site after using the normal Drupal login form | ||
|
SecureSiteTest:: |
function | Check prerequisites | ||
|
SecureSiteTest:: |
function | Check that login works normally after previous login and logout when first securing <front>, then not | ||
|
SecureSiteTest:: |
function | Check that login works normally after previous login and logout using the normal HTML login form | ||
|
SecureSiteTest:: |
function | Check that login works normally after previous login and logout when first not securing <front>, then securing it | ||
|
SecureSiteTest:: |
function | Check that the realm is correct when using the HTTP Auth method with the default SimpleTest User Agent string | ||
|
SecureSiteTest:: |
function | Check that the realm is correct when using the HTTP Auth method with Firefox's User Agent string | ||
|
SecureSiteTest:: |
function | Check that the realm is correct when using the HTTP Auth method with Internet Explorer's User Agent string | ||
|
SecureSiteTest:: |
function | Check that the realm is correct when using the HTTP Auth method with Opera's User Agent string | ||
|
SecureSiteTest:: |
function | Check that the realm is correct when using the HTTP Auth method with Safari's User Agent string | ||
|
SecureSiteTest:: |
function | Test whitelist |