class SessionTestCase in SimpleTest 7
@file Provides SimpleTests for core session handling functionality.
Hierarchy
- class \DrupalTestCase
- class \DrupalWebTestCase
- class \SessionTestCase
- class \DrupalWebTestCase
Expanded class hierarchy of SessionTestCase
File
- tests/
session.test, line 8 - Provides SimpleTests for core session handling functionality.
View source
class SessionTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'Session tests',
'description' => 'Drupal session handling tests.',
'group' => 'Session',
);
}
function setUp() {
parent::setUp('session_test');
}
/**
* Tests for drupal_save_session() and drupal_session_regenerate().
*/
function testSessionSaveRegenerate() {
$this
->assertFalse(drupal_save_session(), t('drupal_save_session() correctly returns FALSE (inside of testing framework) when initially called with no arguments.'), t('Session'));
$this
->assertFalse(drupal_save_session(FALSE), t('drupal_save_session() correctly returns FALSE when called with FALSE.'), t('Session'));
$this
->assertFalse(drupal_save_session(), t('drupal_save_session() correctly returns FALSE when saving has been disabled.'), t('Session'));
$this
->assertTrue(drupal_save_session(TRUE), t('drupal_save_session() correctly returns TRUE when called with TRUE.'), t('Session'));
$this
->assertTrue(drupal_save_session(), t('drupal_save_session() correctly returns TRUE when saving has been enabled.'), t('Session'));
// Test session hardening code from SA-2008-044.
$user = $this
->drupalCreateUser(array(
'access content',
));
// Enable sessions.
$this
->sessionReset($user->uid);
// Make sure the session cookie is set as HttpOnly.
$this
->drupalLogin($user);
$this
->assertTrue(preg_match('/HttpOnly/i', $this
->drupalGetHeader('Set-Cookie', TRUE)), t('Session cookie is set as HttpOnly.'));
$this
->drupalLogout();
// Verify that the session is regenerated if a module calls exit
// in hook_user_login().
user_save($user, array(
'name' => 'session_test_user',
));
$user->name = 'session_test_user';
$this
->drupalGet('session-test/id');
$matches = array();
preg_match('/\\s*session_id:(.*)\\n/', $this
->drupalGetContent(), $matches);
$this
->assertTrue(!empty($matches[1]), t('Found session ID before logging in.'));
$original_session = $matches[1];
// We cannot use $this->drupalLogin($user); because we exit in
// session_test_user_login() which breaks a normal assertion.
$edit = array(
'name' => $user->name,
'pass' => $user->pass_raw,
);
$this
->drupalPost('user', $edit, t('Log in'));
$this
->drupalGet('user');
$pass = $this
->assertText($user->name, t('Found name: %name', array(
'%name' => $user->name,
)), t('User login'));
$this->_logged_in = $pass;
$this
->drupalGet('session-test/id');
$matches = array();
preg_match('/\\s*session_id:(.*)\\n/', $this
->drupalGetContent(), $matches);
$this
->assertTrue(!empty($matches[1]), t('Found session ID after logging in.'));
$this
->assertTrue($matches[1] != $original_session, t('Session ID changed after login.'));
}
/**
* Test data persistence via the session_test module callbacks. Also tests
* drupal_session_count() since session data is already generated here.
*/
function testDataPersistence() {
// At the very start, we have no session.
$expected_anonymous = 0;
$expected_authenticated = 0;
$user = $this
->drupalCreateUser(array(
'access content',
));
// Enable sessions.
$this
->sessionReset($user->uid);
$this
->drupalLogin($user);
$expected_authenticated++;
$value_1 = $this
->randomName();
$this
->drupalGet('session-test/set/' . $value_1);
$this
->assertText($value_1, t('The session value was stored.'), t('Session'));
$this
->drupalGet('session-test/get');
$this
->assertText($value_1, t('Session correctly returned the stored data for an authenticated user.'), t('Session'));
// Attempt to write over val_1. If drupal_save_session(FALSE) is working.
// properly, val_1 will still be set.
$value_2 = $this
->randomName();
$this
->drupalGet('session-test/no-set/' . $value_2);
$this
->assertText($value_2, t('The session value was correctly passed to session-test/no-set.'), t('Session'));
$this
->drupalGet('session-test/get');
$this
->assertText($value_1, t('Session data is not saved for drupal_save_session(FALSE).'), t('Session'));
// Switch browser cookie to anonymous user, then back to user 1.
$this
->sessionReset();
$this
->sessionReset($user->uid);
$this
->assertText($value_1, t('Session data persists through browser close.'), t('Session'));
// Logout the user and make sure the stored value no longer persists.
$this
->drupalLogout();
$expected_authenticated--;
$this
->sessionReset();
$this
->drupalGet('session-test/get');
$this
->assertNoText($value_1, t("After logout, previous user's session data is not available."), t('Session'));
// Now try to store some data as an anonymous user.
$value_3 = $this
->randomName();
$this
->drupalGet('session-test/set/' . $value_3);
$this
->assertText($value_3, t('Session data stored for anonymous user.'), t('Session'));
$this
->drupalGet('session-test/get');
$this
->assertText($value_3, t('Session correctly returned the stored data for an anonymous user.'), t('Session'));
// Session count should go up since we have started an anonymous session now.
$expected_anonymous++;
// Try to store data when drupal_save_session(FALSE).
$value_4 = $this
->randomName();
$this
->drupalGet('session-test/no-set/' . $value_4);
$this
->assertText($value_4, t('The session value was correctly passed to session-test/no-set.'), t('Session'));
$this
->drupalGet('session-test/get');
$this
->assertText($value_3, t('Session data is not saved for drupal_save_session(FALSE).'), t('Session'));
// Login, the data should persist.
$this
->drupalLogin($user);
$expected_anonymous--;
$expected_authenticated++;
$this
->sessionReset($user->uid);
$this
->drupalGet('session-test/get');
$this
->assertNoText($value_1, t('Session has persisted for an authenticated user after logging out and then back in.'), t('Session'));
// Change session and create another user.
$user2 = $this
->drupalCreateUser(array(
'access content',
));
$this
->sessionReset($user2->uid);
$this
->drupalLogin($user2);
$expected_authenticated++;
// Perform drupal_session_count tests here in order to use the session data already generated.
// Test absolute count.
$anonymous = drupal_session_count(0, TRUE);
$authenticated = drupal_session_count(0, FALSE);
$this
->assertEqual($anonymous + $authenticated, $expected_anonymous + $expected_authenticated, t('@count total sessions (expected @expected).', array(
'@count' => $anonymous + $authenticated,
'@expected' => $expected_anonymous + $expected_authenticated,
)), t('Session'));
// Test anonymous count.
$this
->assertEqual($anonymous, $expected_anonymous, t('@count anonymous sessions (expected @expected).', array(
'@count' => $anonymous,
'@expected' => $expected_anonymous,
)), t('Session'));
// Test authenticated count.
$this
->assertEqual($authenticated, $expected_authenticated, t('@count authenticated sessions (expected @expected).', array(
'@count' => $authenticated,
'@expected' => $expected_authenticated,
)), t('Session'));
// Should return 0 sessions from 1 second from now.
$this
->assertEqual(drupal_session_count(time() + 1), 0, t('0 sessions newer than the current time.'), t('Session'));
}
/**
* Test that empty anonymous sessions are destroyed.
*/
function testEmptyAnonymousSession() {
// Verify that no session is automatically created for anonymous user.
$this
->drupalGet('');
$this
->assertSessionCookie(FALSE);
$this
->assertSessionEmpty(TRUE);
// The same behavior is expected when caching is enabled.
variable_set('cache', CACHE_NORMAL);
$this
->drupalGet('');
$this
->assertSessionCookie(FALSE);
$this
->assertSessionEmpty(TRUE);
$this
->assertEqual($this
->drupalGetHeader('X-Drupal-Cache'), 'MISS', t('Page was not cached.'));
// Start a new session by setting a message.
$this
->drupalGet('session-test/set-message');
$this
->assertSessionCookie(TRUE);
$this
->assertTrue($this
->drupalGetHeader('Set-Cookie'), t('New session was started.'));
// Display the message, during the same request the session is destroyed
// and the session cookie is unset.
$this
->drupalGet('');
$this
->assertSessionCookie(FALSE);
$this
->assertSessionEmpty(FALSE);
$this
->assertFalse($this
->drupalGetHeader('X-Drupal-Cache'), t('Caching was bypassed.'));
$this
->assertText(t('This is a dummy message.'), t('Message was displayed.'));
$this
->assertTrue(preg_match('/SESS\\w+=deleted/', $this
->drupalGetHeader('Set-Cookie')), t('Session cookie was deleted.'));
// Verify that session was destroyed.
$this
->drupalGet('');
$this
->assertSessionCookie(FALSE);
$this
->assertSessionEmpty(TRUE);
$this
->assertNoText(t('This is a dummy message.'), t('Message was not cached.'));
$this
->assertEqual($this
->drupalGetHeader('X-Drupal-Cache'), 'HIT', t('Page was cached.'));
$this
->assertFalse($this
->drupalGetHeader('Set-Cookie'), t('New session was not started.'));
// Verify that no session is created if drupal_save_session(FALSE) is called.
$this
->drupalGet('session-test/set-message-but-dont-save');
$this
->assertSessionCookie(FALSE);
$this
->assertSessionEmpty(TRUE);
// Verify that no message is displayed.
$this
->drupalGet('');
$this
->assertSessionCookie(FALSE);
$this
->assertSessionEmpty(TRUE);
$this
->assertNoText(t('This is a dummy message.'), t('The message was not saved.'));
}
/**
* Reset the cookie file so that it refers to the specified user.
*
* @param $uid User id to set as the active session.
*/
function sessionReset($uid = 0) {
// Close the internal browser.
$this
->curlClose();
$this->loggedInUser = FALSE;
// Change cookie file for user.
$this->cookieFile = file_directory_path('temporary') . '/cookie.' . $uid . '.txt';
$this->additionalCurlOptions[CURLOPT_COOKIEFILE] = $this->cookieFile;
$this->additionalCurlOptions[CURLOPT_COOKIESESSION] = TRUE;
$this
->drupalGet('session-test/get');
$this
->assertResponse(200, t('Session test module is correctly enabled.'), t('Session'));
}
/**
* Assert whether the SimpleTest browser sent a session cookie.
*/
function assertSessionCookie($sent) {
if ($sent) {
$this
->assertNotNull($this->session_id, t('Session cookie was sent.'));
}
else {
$this
->assertNull($this->session_id, t('Session cookie was not sent.'));
}
}
/**
* Assert whether $_SESSION is empty at the beginning of the request.
*/
function assertSessionEmpty($empty) {
if ($empty) {
$this
->assertIdentical($this
->drupalGetHeader('X-Session-Empty'), '1', t('Session was empty.'));
}
else {
$this
->assertIdentical($this
->drupalGetHeader('X-Session-Empty'), '0', t('Session was not empty.'));
}
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
DrupalTestCase:: |
protected | property | Assertions thrown in that test case. | |
|
DrupalTestCase:: |
protected | property | The original file directory, before it was changed for testing purposes. | |
|
DrupalTestCase:: |
protected | property | The original database prefix, before it was changed for testing purposes. | |
|
DrupalTestCase:: |
public | property | Current results of this test case. | |
|
DrupalTestCase:: |
protected | property | This class is skipped when looking for the source of an assertion. | |
|
DrupalTestCase:: |
protected | property | The test run ID. | |
|
DrupalTestCase:: |
protected | property | Time limit for the test. | |
|
DrupalTestCase:: |
protected | function | Internal helper: stores the assert. | |
|
DrupalTestCase:: |
protected | function | Check to see if two values are equal. | |
|
DrupalTestCase:: |
protected | function | Check to see if a value is false (an empty string, 0, NULL, or FALSE). | |
|
DrupalTestCase:: |
protected | function | Check to see if two values are identical. | |
|
DrupalTestCase:: |
protected | function | Check to see if two values are not equal. | |
|
DrupalTestCase:: |
protected | function | Check to see if two values are not identical. | |
|
DrupalTestCase:: |
protected | function | Check to see if a value is not NULL. | |
|
DrupalTestCase:: |
protected | function | Check to see if a value is NULL. | |
|
DrupalTestCase:: |
protected | function | Check to see if a value is not false (not an empty string, 0, NULL, or FALSE). | |
|
DrupalTestCase:: |
protected | function | Fire an error assertion. | 1 |
|
DrupalTestCase:: |
public | function | Handle errors. | |
|
DrupalTestCase:: |
protected | function | Handle exceptions. | |
|
DrupalTestCase:: |
protected | function | Fire an assertion that is always negative. | |
|
DrupalTestCase:: |
protected | function | Cycles through backtrace until the first non-assertion method is found. | |
|
DrupalTestCase:: |
public static | function | Store an assertion from outside the testing context. | |
|
DrupalTestCase:: |
protected | function | Fire an assertion that is always positive. | |
|
DrupalTestCase:: |
public static | function | Generates a random string containing letters and numbers. | |
|
DrupalTestCase:: |
public static | function | Generates a random string of ASCII characters of codes 32 to 126. | |
|
DrupalTestCase:: |
public | function | Run all tests in this class. | |
|
DrupalWebTestCase:: |
protected | property | Additional cURL options. | |
|
DrupalWebTestCase:: |
protected | property | The content of the page currently loaded in the internal browser. | |
|
DrupalWebTestCase:: |
protected | property | The current cookie file used by cURL. | |
|
DrupalWebTestCase:: |
protected | property | The handle of the current cURL connection. | |
|
DrupalWebTestCase:: |
protected | property | The parsed version of the page. | |
|
DrupalWebTestCase:: |
protected | property | The headers of the page currently loaded in the internal browser. | |
|
DrupalWebTestCase:: |
protected | property | HTTP authentication credentials (<username>:<password>). | |
|
DrupalWebTestCase:: |
protected | property | The current user logged in using the internal browser. | |
|
DrupalWebTestCase:: |
protected | property | The original user, before it was changed to a clean uid = 1 for testing purposes. | |
|
DrupalWebTestCase:: |
protected | property | The content of the page currently loaded in the internal browser (plain text version). | |
|
DrupalWebTestCase:: |
protected | property | The current session ID, if available. | |
|
DrupalWebTestCase:: |
protected | property | The current session name, if available. | |
|
DrupalWebTestCase:: |
protected | property | The URL currently loaded in the internal browser. | |
|
DrupalWebTestCase:: |
protected | function | Assert that a field exists with the given name or id. | |
|
DrupalWebTestCase:: |
protected | function | Assert that a field exists in the current page with the given id and value. | |
|
DrupalWebTestCase:: |
protected | function | Assert that a field exists in the current page with the given name and value. | |
|
DrupalWebTestCase:: |
protected | function | Assert that a field exists in the current page by the given XPath. | |
|
DrupalWebTestCase:: |
protected | function | Assert that a checkbox field in the current page is checked. | |
|
DrupalWebTestCase:: |
protected | function | Pass if a link with the specified label is found, and optional with the specified index. | |
|
DrupalWebTestCase:: |
protected | function | Assert that the most recently sent e-mail message has a field with the given value. | |
|
DrupalWebTestCase:: |
protected | function | Assert that a field does not exist with the given name or id. | |
|
DrupalWebTestCase:: |
protected | function | Assert that a field does not exist with the given id and value. | |
|
DrupalWebTestCase:: |
protected | function | Assert that a field does not exist with the given name and value. | |
|
DrupalWebTestCase:: |
protected | function | Assert that a field does not exist in the current page by the given XPath. | |
|
DrupalWebTestCase:: |
protected | function | Assert that a checkbox field in the current page is not checked. | |
|
DrupalWebTestCase:: |
protected | function | Pass if a link with the specified label is not found. | |
|
DrupalWebTestCase:: |
protected | function | Will trigger a pass if the perl regex pattern is not present in raw content. | |
|
DrupalWebTestCase:: |
protected | function | Pass if the raw text is NOT found on the loaded page, fail otherwise. Raw text refers to the raw HTML that the page generated. | |
|
DrupalWebTestCase:: |
protected | function | Pass if the text is NOT found on the text version of the page. The text version is the equivalent of what a user would see when viewing through a web browser. In other words the HTML has been filtered out of the contents. | |
|
DrupalWebTestCase:: |
protected | function | Pass if the page title is not the given string. | |
|
DrupalWebTestCase:: |
protected | function | Pass if the text is found MORE THAN ONCE on the text version of the page. | |
|
DrupalWebTestCase:: |
protected | function | Will trigger a pass if the Perl regex pattern is found in the raw content. | |
|
DrupalWebTestCase:: |
protected | function | Pass if the raw text IS found on the loaded page, fail otherwise. Raw text refers to the raw HTML that the page generated. | |
|
DrupalWebTestCase:: |
protected | function | Assert the page responds with the specified response code. | |
|
DrupalWebTestCase:: |
protected | function | Pass if the text IS found on the text version of the page. The text version is the equivalent of what a user would see when viewing through a web browser. In other words the HTML has been filtered out of the contents. | |
|
DrupalWebTestCase:: |
protected | function | Helper for assertText and assertNoText. | |
|
DrupalWebTestCase:: |
protected | function | Pass if the page title is the given string. | |
|
DrupalWebTestCase:: |
protected | function | Pass if the text is found ONLY ONCE on the text version of the page. | |
|
DrupalWebTestCase:: |
protected | function | Helper for assertUniqueText and assertNoUniqueText. | |
|
DrupalWebTestCase:: |
protected | function | Check for meta refresh tag and if found call drupalGet() recursively. This function looks for the http-equiv attribute to be set to "Refresh" and is case-sensitive. | |
|
DrupalWebTestCase:: |
protected | function | Check to make sure that the array of permissions are valid. | |
|
DrupalWebTestCase:: |
protected | function | Follows a link by name. | |
|
DrupalWebTestCase:: |
protected | function | Helper function: construct an XPath for the given set of attributes and value. | |
|
DrupalWebTestCase:: |
protected | function | Runs cron in the Drupal installed by Simpletest. | |
|
DrupalWebTestCase:: |
protected | function | Close the cURL handler and unset the handler. | |
|
DrupalWebTestCase:: |
protected | function | Performs a cURL exec with the specified options after calling curlConnect(). | |
|
DrupalWebTestCase:: |
protected | function | Reads headers and registers errors received from the tested site. | |
|
DrupalWebTestCase:: |
protected | function | Initializes the cURL connection. | |
|
DrupalWebTestCase:: |
protected | function | Compare two files based on size and file name. | |
|
DrupalWebTestCase:: |
protected | function | Creates a custom content type based on default settings. | |
|
DrupalWebTestCase:: |
protected | function | Creates a node based on default settings. | |
|
DrupalWebTestCase:: |
protected | function | Internal helper function; Create a role with specified permissions. | |
|
DrupalWebTestCase:: |
protected | function | Create a user with a given set of permissions. The permissions correspond to the names given on the privileges page. | |
|
DrupalWebTestCase:: |
protected | function | Retrieves a Drupal path or an absolute path. | |
|
DrupalWebTestCase:: |
protected | function | Gets the current raw HTML of requested page. | |
|
DrupalWebTestCase:: |
protected | function | Gets the value of an HTTP response header. If multiple requests were required to retrieve the page, only the headers from the last request will be checked by default. However, if TRUE is passed as the second argument, all requests will be processed… | |
|
DrupalWebTestCase:: |
protected | function | Gets the HTTP response headers of the requested page. Normally we are only interested in the headers returned by the last request. However, if a page is redirected or HTTP authentication is in use, multiple requests will be required to retrieve the… | |
|
DrupalWebTestCase:: |
protected | function | Gets an array containing all e-mails sent during this test case. | |
|
DrupalWebTestCase:: |
function | Get a node from the database based on its title. | ||
|
DrupalWebTestCase:: |
protected | function | Get a list files that can be used in tests. | |
|
DrupalWebTestCase:: |
protected | function | Generate a token for the currently logged in user. | |
|
DrupalWebTestCase:: |
protected | function | Retrieves only the headers for a Drupal path or an absolute path. | |
|
DrupalWebTestCase:: |
protected | function | Log in a user with the internal browser. | |
|
DrupalWebTestCase:: |
protected | function | ||
|
DrupalWebTestCase:: |
protected | function | Execute a POST request on a Drupal page. It will be done as usual POST request with SimpleBrowser. | |
|
DrupalWebTestCase:: |
protected | function | Sets the raw HTML content. This can be useful when a page has been fetched outside of the internal browser and assertions need to be made on the returned page. | |
|
DrupalWebTestCase:: |
protected | function | Takes a path and returns an absolute path. | |
|
DrupalWebTestCase:: |
protected | function | Get all option elements, including nested options, in a select. | |
|
DrupalWebTestCase:: |
protected | function | Get the selected value from a select field. | |
|
DrupalWebTestCase:: |
protected | function | Get the current url from the cURL handler. | |
|
DrupalWebTestCase:: |
protected | function | Handle form input related to drupalPost(). Ensure that the specified fields exist and attempt to create POST data in the correct manner for the particular field type. | |
|
DrupalWebTestCase:: |
protected | function | Parse content returned from curlExec using DOM and SimpleXML. | |
|
DrupalWebTestCase:: |
protected | function | This method is called by DrupalWebTestCase::setUp, and preloads the registry from the testing site to cut down on the time it takes to setup a clean environment for the current test run. | |
|
DrupalWebTestCase:: |
protected | function | Refresh the in-memory set of variables. Useful after a page request is made that changes a variable in a different thread. | |
|
DrupalWebTestCase:: |
protected | function | Delete created files and temporary files directory, delete the tables created by setUp(), and reset the database prefix. | 3 |
|
DrupalWebTestCase:: |
protected | function | Log verbose message in a text file. | |
|
DrupalWebTestCase:: |
protected | function | Perform an xpath search on the contents of the internal browser. The search is relative to the root element (HTML tag normally) of the page. | |
|
DrupalWebTestCase:: |
function |
Constructor for DrupalWebTestCase. Overrides DrupalTestCase:: |
||
|
SessionTestCase:: |
function | Assert whether the SimpleTest browser sent a session cookie. | ||
|
SessionTestCase:: |
function | Assert whether $_SESSION is empty at the beginning of the request. | ||
|
SessionTestCase:: |
public static | function | ||
|
SessionTestCase:: |
function | Reset the cookie file so that it refers to the specified user. | ||
|
SessionTestCase:: |
function |
Generates a random database prefix, runs the install scripts on the
prefixed database and enable the specified modules. After installation
many caches are flushed and the internal browser is setup so that the
page requests will run on the new prefix.… Overrides DrupalWebTestCase:: |
||
|
SessionTestCase:: |
function | Test data persistence via the session_test module callbacks. Also tests drupal_session_count() since session data is already generated here. | ||
|
SessionTestCase:: |
function | Test that empty anonymous sessions are destroyed. | ||
|
SessionTestCase:: |
function | Tests for drupal_save_session() and drupal_session_regenerate(). |