3 namespace Drupal\Tests\media\FunctionalJavascript;
5 use Drupal\Core\Session\AccountInterface;
6 use Drupal\media\Entity\Media;
7 use Drupal\media_test_oembed\Controller\ResourceController;
8 use Drupal\Tests\media\Traits\OEmbedTestTrait;
9 use Drupal\user\Entity\Role;
10 use Symfony\Component\DependencyInjection\ContainerInterface;
13 * Tests the oembed:video media source.
17 class MediaSourceOEmbedVideoTest extends MediaSourceTestBase {
22 public static $modules = ['media_test_oembed'];
29 protected function setUp() {
31 $this->lockHttpClientToFixtures();
37 protected function initConfig(ContainerInterface $container) {
38 parent::initConfig($container);
40 // Enable twig debugging to make testing template usage easy.
41 $parameters = $container->getParameter('twig.config');
42 $parameters['debug'] = TRUE;
43 $this->setContainerParameter('twig.config', $parameters);
47 * Tests the oembed media source.
49 public function testMediaOEmbedVideoSource() {
50 $media_type_id = 'test_media_oembed_type';
69 $session = $this->getSession();
70 $page = $session->getPage();
71 $assert_session = $this->assertSession();
73 $this->doTestCreateMediaType($media_type_id, 'oembed:video', $provided_fields);
75 // Create custom fields for the media type to store metadata attributes.
77 'field_string_width' => 'string',
78 'field_string_height' => 'string',
79 'field_string_author_name' => 'string',
81 $this->createMediaTypeFields($fields, $media_type_id);
83 // Hide the name field widget to test default name generation.
84 $this->hideMediaTypeFieldWidget('name', $media_type_id);
86 $this->drupalGet("admin/structure/media/manage/$media_type_id");
87 // Only accept Vimeo videos.
88 $page->checkField("source_configuration[providers][Vimeo]");
89 $assert_session->selectExists('field_map[width]')->setValue('field_string_width');
90 $assert_session->selectExists('field_map[height]')->setValue('field_string_height');
91 $assert_session->selectExists('field_map[author_name]')->setValue('field_string_author_name');
92 $assert_session->buttonExists('Save')->press();
94 $this->hijackProviderEndpoints();
95 $video_url = 'https://vimeo.com/7073899';
96 ResourceController::setResourceUrl($video_url, $this->getFixturesDirectory() . '/video_vimeo.json');
98 // Create a media item.
99 $this->drupalGet("media/add/$media_type_id");
100 $assert_session->fieldExists('Remote video URL')->setValue($video_url);
101 $assert_session->buttonExists('Save')->press();
103 $assert_session->addressEquals('admin/content/media');
105 // Get the media entity view URL from the creation message.
106 $this->drupalGet($this->assertLinkToCreatedMedia());
108 /** @var \Drupal\media\MediaInterface $media */
109 $media = Media::load(1);
111 // The thumbnail should have been downloaded.
112 $thumbnail = $media->getSource()->getMetadata($media, 'thumbnail_uri');
113 $this->assertFileExists($thumbnail);
115 // Ensure the iframe exists and that its src attribute contains a coherent
116 // URL with the query parameters we expect.
117 $iframe_url = $assert_session->elementExists('css', 'iframe')->getAttribute('src');
118 $iframe_url = parse_url($iframe_url);
119 $this->assertStringEndsWith('/media/oembed', $iframe_url['path']);
120 $this->assertNotEmpty($iframe_url['query']);
122 parse_str($iframe_url['query'], $query);
123 $this->assertSame($video_url, $query['url']);
124 $this->assertNotEmpty($query['hash']);
126 // Make sure the thumbnail is displayed from uploaded image.
127 $assert_session->elementAttributeContains('css', '.image-style-thumbnail', 'src', '/oembed_thumbnails/' . basename($thumbnail));
129 // Load the media and check that all fields are properly populated.
130 $media = Media::load(1);
131 $this->assertSame('Drupal Rap Video - Schipulcon09', $media->getName());
132 $this->assertSame('480', $media->field_string_width->value);
133 $this->assertSame('360', $media->field_string_height->value);
135 // Try to create a media asset from a disallowed provider.
136 $this->drupalGet("media/add/$media_type_id");
137 $assert_session->fieldExists('Remote video URL')->setValue('http://www.collegehumor.com/video/40003213/grant-and-katie-are-starting-their-own-company');
138 $page->pressButton('Save');
140 $assert_session->pageTextContains('The CollegeHumor provider is not allowed.');
142 // Test anonymous access to media via iframe.
143 $this->drupalLogout();
145 // Without a hash should be denied.
146 $no_hash_query = array_diff_key($query, ['hash' => '']);
147 $this->drupalGet('media/oembed', ['query' => $no_hash_query]);
148 $assert_session->pageTextNotContains('By the power of Greyskull, Vimeo works!');
149 $assert_session->pageTextContains('Access denied');
151 // A correct query should be allowed because the anonymous role has the
152 // 'view media' permission.
153 $this->drupalGet('media/oembed', ['query' => $query]);
154 $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!');
155 $this->assertRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig');
156 $this->assertNoRaw('core/modules/media/templates/media-oembed-iframe.html.twig');
158 // Test themes not inheriting from stable.
159 \Drupal::service('theme_handler')->install(['stark']);
160 $this->config('system.theme')->set('default', 'stark')->save();
161 $this->drupalGet('media/oembed', ['query' => $query]);
162 $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!');
163 $this->assertNoRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig');
164 $this->assertRaw('core/modules/media/templates/media-oembed-iframe.html.twig');
166 // Remove the 'view media' permission to test that this restricts access.
167 $role = Role::load(AccountInterface::ANONYMOUS_ROLE);
168 $role->revokePermission('view media');
170 $this->drupalGet('media/oembed', ['query' => $query]);
171 $assert_session->pageTextNotContains('By the power of Greyskull, Vimeo works!');
172 $assert_session->pageTextContains('Access denied');
176 * Test that a security warning appears if iFrame domain is not set.
178 public function testOEmbedSecurityWarning() {
179 $media_type_id = 'test_media_oembed_type';
180 $source_id = 'oembed:video';
182 $session = $this->getSession();
183 $page = $session->getPage();
184 $assert_session = $this->assertSession();
186 $this->drupalGet('admin/structure/media/add');
187 $page->fillField('label', $media_type_id);
189 ->wait(5000, "jQuery('.machine-name-value').text() === '{$media_type_id}'");
191 // Make sure the source is available.
192 $assert_session->fieldExists('Media source');
193 $assert_session->optionExists('Media source', $source_id);
194 $page->selectFieldOption('Media source', $source_id);
195 $result = $assert_session->waitForElementVisible('css', 'fieldset[data-drupal-selector="edit-source-configuration"]');
196 $this->assertNotEmpty($result);
198 $assert_session->pageTextContains('It is potentially insecure to display oEmbed content in a frame');
200 $this->config('media.settings')->set('iframe_domain', 'http://example.com')->save();
202 $this->drupalGet('admin/structure/media/add');
203 $page->fillField('label', $media_type_id);
205 ->wait(5000, "jQuery('.machine-name-value').text() === '{$media_type_id}'");
207 // Make sure the source is available.
208 $assert_session->fieldExists('Media source');
209 $assert_session->optionExists('Media source', $source_id);
210 $page->selectFieldOption('Media source', $source_id);
211 $result = $assert_session->waitForElementVisible('css', 'fieldset[data-drupal-selector="edit-source-configuration"]');
212 $this->assertNotEmpty($result);
214 $assert_session->pageTextNotContains('It is potentially insecure to display oEmbed content in a frame');