summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Pott2015-05-26 09:31:05 (GMT)
committerAlex Pott2015-05-26 09:31:05 (GMT)
commit72fb794d905b7c350dbc3a7610a02100bc82af50 (patch)
tree0f9e3fbdcb44b4f3290f07c519e912cb84a8bcf2
parent847fd6b60926c0f26dae7484429cd36f2e454821 (diff)
Issue #2432911 by pfrenssen, znerol: Provide test coverage to prove that a third party authentication provider does not automatically start a session
-rw-r--r--core/modules/system/src/Tests/Session/SessionAuthenticationTest.php24
1 files changed, 24 insertions, 0 deletions
diff --git a/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php b/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php
index 1a67266..ed3f6e8 100644
--- a/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php
+++ b/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php
@@ -110,4 +110,28 @@ class SessionAuthenticationTest extends WebTestBase {
$this->assertEqual($this->user->id(), $response['user'], 'The correct user is logged in.');
}
+ /**
+ * Tests that a session is not started automatically by basic authentication.
+ */
+ public function testBasicAuthNoSession() {
+ // A route that is authorized through basic_auth only, not cookie.
+ $no_cookie_url = Url::fromRoute('session_test.get_session_basic_auth');
+
+ // A route that is authorized with standard cookie authentication.
+ $cookie_url = '<front>';
+
+ // If we authenticate with a third party authentication system then no
+ // session cookie should be set, the third party system is responsible for
+ // sustaining the session.
+ $this->basicAuthGet($no_cookie_url, $this->user->getUsername(), $this->user->pass_raw);
+ $this->assertResponse(200, 'The user is successfully authenticated using basic authentication.');
+ $this->assertFalse($this->drupalGetHeader('set-cookie', TRUE), 'No cookie is set on a route protected with basic authentication.');
+
+ // On the other hand, authenticating using Cookie sets a cookie.
+ $edit = ['name' => $this->user->getUsername(), 'pass' => $this->user->pass_raw];
+ $this->drupalPostForm($cookie_url, $edit, t('Log in'));
+ $this->assertResponse(200, 'The user is successfully authenticated using cookie authentication.');
+ $this->assertTrue($this->drupalGetHeader('set-cookie', TRUE), 'A cookie is set on a route protected with cookie authentication.');
+ }
+
}