You are here

public function BasicAuthTest::testBasicAuth in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php \Drupal\basic_auth\Tests\Authentication\BasicAuthTest::testBasicAuth()

Test http basic authentication.

File

core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php, line 35
Contains \Drupal\basic_auth\Tests\Authentication\BasicAuthTest.

Class

BasicAuthTest
Tests for BasicAuth authentication provider.

Namespace

Drupal\basic_auth\Tests\Authentication

Code

public function testBasicAuth() {

  // Enable page caching.
  $config = $this
    ->config('system.performance');
  $config
    ->set('cache.page.max_age', 300);
  $config
    ->save();
  $account = $this
    ->drupalCreateUser();
  $url = Url::fromRoute('router_test.11');
  $this
    ->basicAuthGet($url, $account
    ->getUsername(), $account->pass_raw);
  $this
    ->assertText($account
    ->getUsername(), 'Account name is displayed.');
  $this
    ->assertResponse('200', 'HTTP response is OK');
  $this
    ->curlClose();
  $this
    ->assertFalse($this
    ->drupalGetHeader('X-Drupal-Cache'));
  $this
    ->assertIdentical(strpos($this
    ->drupalGetHeader('Cache-Control'), 'public'), FALSE, 'Cache-Control is not set to public');
  $this
    ->basicAuthGet($url, $account
    ->getUsername(), $this
    ->randomMachineName());
  $this
    ->assertNoText($account
    ->getUsername(), 'Bad basic auth credentials do not authenticate the user.');
  $this
    ->assertResponse('403', 'Access is not granted.');
  $this
    ->curlClose();
  $this
    ->drupalGet($url);
  $this
    ->assertEqual($this
    ->drupalGetHeader('WWW-Authenticate'), SafeMarkup::format('Basic realm="@realm"', [
    '@realm' => \Drupal::config('system.site')
      ->get('name'),
  ]));
  $this
    ->assertResponse('401', 'Not authenticated on the route that allows only basic_auth. Prompt to authenticate received.');
  $this
    ->drupalGet('admin');
  $this
    ->assertResponse('403', 'No authentication prompt for routes not explicitly defining authentication providers.');
  $account = $this
    ->drupalCreateUser(array(
    'access administration pages',
  ));
  $this
    ->basicAuthGet(Url::fromRoute('system.admin'), $account
    ->getUsername(), $account->pass_raw);
  $this
    ->assertNoLink('Log out', 'User is not logged in');
  $this
    ->assertResponse('403', 'No basic authentication for routes not explicitly defining authentication providers.');
  $this
    ->curlClose();

  // Ensure that pages already in the page cache aren't returned from page
  // cache if basic auth credentials are provided.
  $url = Url::fromRoute('router_test.10');
  $this
    ->drupalGet($url);
  $this
    ->assertEqual($this
    ->drupalGetHeader('X-Drupal-Cache'), 'MISS');
  $this
    ->basicAuthGet($url, $account
    ->getUsername(), $account->pass_raw);
  $this
    ->assertFalse($this
    ->drupalGetHeader('X-Drupal-Cache'));
  $this
    ->assertIdentical(strpos($this
    ->drupalGetHeader('Cache-Control'), 'public'), FALSE, 'No page cache response when requesting a cached page with basic auth credentials.');
}