Newer
Older
<?php
namespace Drupal\user\Tests;
use Drupal\simpletest\WebTestBase;
/**
* Tests user blocks.
*
* @group user
class UserBlocksTest extends WebTestBase {
/**
* Modules to enable.
*
* @var array
*/
public static $modules = array('block', 'views');
Dries Buytaert
committed
/**
Alex Pott
committed
* A user with the 'administer blocks' permission.
Dries Buytaert
committed
*
Jennifer Hodgdon
committed
* @var \Drupal\user\UserInterface
Dries Buytaert
committed
*/
protected $adminUser;
Alex Pott
committed
protected function setUp() {
parent::setUp();
Dries Buytaert
committed
$this->adminUser = $this->drupalCreateUser(array('administer blocks'));
$this->drupalLogin($this->adminUser);
Angie Byron
committed
$this->drupalPlaceBlock('user_login_block');
Dries Buytaert
committed
$this->drupalLogout($this->adminUser);
/**
* Tests that user login block is hidden from user/login.
*/
function testUserLoginBlockVisibility() {
// Array keyed list where key being the URL address and value being expected
// visibility as boolean type.
$paths = [
'node' => TRUE,
'user/login' => FALSE,
'user/register' => TRUE,
'user/password' => TRUE,
];
foreach ($paths as $path => $expected_visibility) {
$this->drupalGet($path);
$elements = $this->xpath('//div[contains(@class,"block-user-login-block") and @role="form"]');
if ($expected_visibility) {
$this->assertTrue(!empty($elements), 'User login block in path "' . $path . '" should be visible');
}
else {
$this->assertTrue(empty($elements), 'User login block in path "' . $path . '" should not be visible');
}
}
}
/**
* Test the user login block.
*/
function testUserLoginBlock() {
// Create a user with some permission that anonymous users lack.
$user = $this->drupalCreateUser(array('administer permissions'));
// Log in using the block.
$edit = array();
$edit['name'] = $user->getUsername();
$edit['pass'] = $user->pass_raw;
$this->drupalPostForm('admin/people/permissions', $edit, t('Log in'));
Jennifer Hodgdon
committed
$this->assertNoText(t('User login'), 'Logged in.');
// Check that we are still on the same page.
Angie Byron
committed
$this->assertUrl(\Drupal::url('user.admin_permissions', [], ['absolute' => TRUE]), [], 'Still on the same page after login for access denied page');
// Now, log out and repeat with a non-403 page.
$this->drupalLogout();
$this->drupalPostForm('filter/tips', $edit, t('Log in'));
Jennifer Hodgdon
committed
$this->assertNoText(t('User login'), 'Logged in.');
$this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
// Check that the user login block is not vulnerable to information
// disclosure to third party sites.
$this->drupalLogout();
$this->drupalPostForm('http://example.com/', $edit, t('Log in'), array('external' => FALSE));
// Check that we remain on the site after login.
Angie Byron
committed
$this->assertUrl($user->url('canonical', ['absolute' => TRUE]), [], 'Redirected to user profile page after login from the frontpage');
// Verify that form validation errors are displayed immediately for forms
// in blocks and not on subsequent page requests.
$this->drupalLogout();
$edit = array();
$edit['name'] = 'foo';
$edit['pass'] = 'invalid password';
$this->drupalPostForm('filter/tips', $edit, t('Log in'));
$this->assertText(t('Unrecognized username or password. Forgot your password?'));
$this->drupalGet('filter/tips');
$this->assertNoText(t('Unrecognized username or password. Forgot your password?'));
}
/**
* Test the Who's Online block.
*/
function testWhosOnlineBlock() {
$block = $this->drupalPlaceBlock('views_block:who_s_online-who_s_online_block');
Dries Buytaert
committed
// Generate users.
$user1 = $this->drupalCreateUser(array('access user profiles'));
$user2 = $this->drupalCreateUser(array());
$user3 = $this->drupalCreateUser(array());
// Update access of two users to be within the active timespan.
Dries Buytaert
committed
$this->updateAccess($user1->id());
$this->updateAccess($user2->id(), REQUEST_TIME + 1);
Dries Buytaert
committed
// Insert an inactive user who should not be seen in the block, and ensure
// that the admin user used in setUp() does not appear.
$inactive_time = REQUEST_TIME - (15 * 60) - 1;
Dries Buytaert
committed
$this->updateAccess($user3->id(), $inactive_time);
$this->updateAccess($this->adminUser->id(), $inactive_time);
// Test block output.
\Drupal::currentUser()->setAccount($user1);
Angie Byron
committed
$content = entity_view($block, 'block');
$this->setRawContent(\Drupal::service('renderer')->renderRoot($content));
Jennifer Hodgdon
committed
$this->assertRaw(t('2 users'), 'Correct number of online users (2 users).');
$this->assertText($user1->getUsername(), 'Active user 1 found in online list.');
$this->assertText($user2->getUsername(), 'Active user 2 found in online list.');
$this->assertNoText($user3->getUsername(), 'Inactive user not found in online list.');
$this->assertTrue(strpos($this->getRawContent(), $user1->getUsername()) > strpos($this->getRawContent(), $user2->getUsername()), 'Online users are ordered correctly.');
* Updates the access column for a user.
private function updateAccess($uid, $access = REQUEST_TIME) {
Alex Pott
committed
db_update('users_field_data')
->condition('uid', $uid)
->fields(array('access' => $access))