You are here

public function SimpleTestBrowserTest::testUserAgentValidation in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/simpletest/src/Tests/SimpleTestBrowserTest.php \Drupal\simpletest\Tests\SimpleTestBrowserTest::testUserAgentValidation()

Test validation of the User-Agent header we use to perform test requests.

File

core/modules/simpletest/src/Tests/SimpleTestBrowserTest.php, line 87
Contains \Drupal\simpletest\Tests\SimpleTestBrowserTest.

Class

SimpleTestBrowserTest
Tests the Simpletest UI internal browser.

Namespace

Drupal\simpletest\Tests

Code

public function testUserAgentValidation() {
  global $base_url;

  // Logout the user which was logged in during test-setup.
  $this
    ->drupalLogout();
  $system_path = $base_url . '/' . drupal_get_path('module', 'system');
  $HTTP_path = $system_path . '/tests/http.php/user/login';
  $https_path = $system_path . '/tests/https.php/user/login';

  // Generate a valid simpletest User-Agent to pass validation.
  $this
    ->assertTrue(preg_match('/simpletest\\d+/', $this->databasePrefix, $matches), 'Database prefix contains simpletest prefix.');
  $test_ua = drupal_generate_test_ua($matches[0]);
  $this->additionalCurlOptions = array(
    CURLOPT_USERAGENT => $test_ua,
  );

  // Test pages only available for testing.
  $this
    ->drupalGet($HTTP_path);
  $this
    ->assertResponse(200, 'Requesting http.php with a legitimate simpletest User-Agent returns OK.');
  $this
    ->drupalGet($https_path);
  $this
    ->assertResponse(200, 'Requesting https.php with a legitimate simpletest User-Agent returns OK.');

  // Now slightly modify the HMAC on the header, which should not validate.
  $this->additionalCurlOptions = array(
    CURLOPT_USERAGENT => $test_ua . 'X',
  );
  $this
    ->drupalGet($HTTP_path);
  $this
    ->assertResponse(403, 'Requesting http.php with a bad simpletest User-Agent fails.');
  $this
    ->drupalGet($https_path);
  $this
    ->assertResponse(403, 'Requesting https.php with a bad simpletest User-Agent fails.');

  // Use a real User-Agent and verify that the special files http.php and
  // https.php can't be accessed.
  $this->additionalCurlOptions = array(
    CURLOPT_USERAGENT => 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12',
  );
  $this
    ->drupalGet($HTTP_path);
  $this
    ->assertResponse(403, 'Requesting http.php with a normal User-Agent fails.');
  $this
    ->drupalGet($https_path);
  $this
    ->assertResponse(403, 'Requesting https.php with a normal User-Agent fails.');
}