3 namespace Drupal\user\Tests;
5 use Drupal\rest\Tests\RESTTestBase;
6 use Drupal\user\Entity\Role;
7 use Drupal\user\RoleInterface;
10 * Tests user registration via REST resource.
14 class RestRegisterUserTest extends RESTTestBase {
19 public static $modules = ['hal'];
24 public function setUp() {
27 $this->enableService('user_registration', 'POST', 'hal_json');
29 Role::load(RoleInterface::ANONYMOUS_ID)
30 ->grantPermission('restful post user_registration')
33 Role::load(RoleInterface::AUTHENTICATED_ID)
34 ->grantPermission('restful post user_registration')
39 * Tests that only anonymous users can register users.
41 public function testRegisterUser() {
42 // Verify that an authenticated user cannot register a new user, despite
43 // being granted permission to do so because only anonymous users can
44 // register themselves, authenticated users with the necessary permissions
45 // can POST a new user to the "user" REST resource.
46 $user = $this->createUser();
47 $this->drupalLogin($user);
48 $this->registerRequest('palmer.eldritch');
49 $this->assertResponse('403', 'Only anonymous users can register users.');
50 $this->drupalLogout();
52 $user_settings = $this->config('user.settings');
54 // Test out different setting User Registration and Email Verification.
55 // Allow visitors to register with no email verification.
56 $user_settings->set('register', USER_REGISTER_VISITORS);
57 $user_settings->set('verify_mail', 0);
58 $user_settings->save();
59 $user = $this->registerUser('Palmer.Eldritch');
60 $this->assertFalse($user->isBlocked());
61 $this->assertFalse(empty($user->getPassword()));
62 $email_count = count($this->drupalGetMails());
63 $this->assertEqual(0, $email_count);
65 // Attempt to register without sending a password.
66 $this->registerRequest('Rick.Deckard', FALSE);
67 $this->assertResponse('422', 'No password provided');
69 // Allow visitors to register with email verification.
70 $user_settings->set('register', USER_REGISTER_VISITORS);
71 $user_settings->set('verify_mail', 1);
72 $user_settings->save();
73 $user = $this->registerUser('Jason.Taverner', FALSE);
74 $this->assertTrue(empty($user->getPassword()));
75 $this->assertTrue($user->isBlocked());
76 $this->assertMailString('body', 'You may now log in by clicking this link', 1);
78 // Attempt to register with a password when e-mail verification is on.
79 $this->registerRequest('Estraven', TRUE);
80 $this->assertResponse('422', 'A Password cannot be specified. It will be generated on login.');
82 // Allow visitors to register with Admin approval and e-mail verification.
83 $user_settings->set('register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
84 $user_settings->set('verify_mail', 1);
85 $user_settings->save();
86 $user = $this->registerUser('Bob.Arctor', FALSE);
87 $this->assertTrue(empty($user->getPassword()));
88 $this->assertTrue($user->isBlocked());
89 $this->assertMailString('body', 'Your application for an account is', 2);
90 $this->assertMailString('body', 'Bob.Arctor has applied for an account', 2);
92 // Attempt to register with a password when e-mail verification is on.
93 $this->registerRequest('Ursula', TRUE);
94 $this->assertResponse('422', 'A Password cannot be specified. It will be generated on login.');
96 // Allow visitors to register with Admin approval and no email verification.
97 $user_settings->set('register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
98 $user_settings->set('verify_mail', 0);
99 $user_settings->save();
100 $user = $this->registerUser('Argaven');
101 $this->assertFalse(empty($user->getPassword()));
102 $this->assertTrue($user->isBlocked());
103 $this->assertMailString('body', 'Your application for an account is', 2);
104 $this->assertMailString('body', 'Argaven has applied for an account', 2);
106 // Attempt to register without sending a password.
107 $this->registerRequest('Tibe', FALSE);
108 $this->assertResponse('422', 'No password provided');
112 * Creates serialize user values.
114 * @param string $name
115 * The name of the user. Use only valid values for emails.
117 * @param bool $include_password
118 * Whether to include a password in the user values.
120 * @return string Serialized user values.
121 * Serialized user values.
123 protected function createSerializedUser($name, $include_password = TRUE) {
125 // New user info to be serialized.
127 "_links" => ["type" => ["href" => $base_url . "/rest/type/user/user"]],
128 "langcode" => [["value" => "en"]],
129 "name" => [["value" => $name]],
130 "mail" => [["value" => "$name@example.com"]],
132 if ($include_password) {
133 $data['pass']['value'] = 'SuperSecretPassword';
136 // Create a HAL+JSON version for the user entity we want to create.
137 $serialized = $this->container->get('serializer')
138 ->serialize($data, 'hal_json');
143 * Registers a user via REST resource.
148 * @param bool $include_password
150 * @return bool|\Drupal\user\Entity\User
152 protected function registerUser($name, $include_password = TRUE) {
153 // Verify that an anonymous user can register.
154 $this->registerRequest($name, $include_password);
155 $this->assertResponse('200', 'HTTP response code is correct.');
156 $user = user_load_by_name($name);
157 $this->assertFalse(empty($user), 'User was create as expected');
162 * Make a REST user registration request.
165 * @param $include_password
167 protected function registerRequest($name, $include_password = TRUE) {
168 $serialized = $this->createSerializedUser($name, $include_password);
169 $this->httpRequest('/user/register', 'POST', $serialized, 'application/hal+json');