3 namespace Drupal\Tests\user\Functional;
5 use Drupal\dynamic_page_cache\EventSubscriber\DynamicPageCacheSubscriber;
6 use Drupal\Tests\BrowserTestBase;
13 class UserBlocksTest extends BrowserTestBase {
20 public static $modules = ['block', 'views'];
23 * A user with the 'administer blocks' permission.
25 * @var \Drupal\user\UserInterface
29 protected function setUp() {
32 $this->adminUser = $this->drupalCreateUser(['administer blocks']);
33 $this->drupalLogin($this->adminUser);
34 $this->drupalPlaceBlock('user_login_block');
35 $this->drupalLogout($this->adminUser);
39 * Tests that user login block is hidden from user/login.
41 public function testUserLoginBlockVisibility() {
42 // Array keyed list where key being the URL address and value being expected
43 // visibility as boolean type.
46 'user/login' => FALSE,
47 'user/register' => TRUE,
48 'user/password' => TRUE,
50 foreach ($paths as $path => $expected_visibility) {
51 $this->drupalGet($path);
52 $elements = $this->xpath('//div[contains(@class,"block-user-login-block") and @role="form"]');
53 if ($expected_visibility) {
54 $this->assertTrue(!empty($elements), 'User login block in path "' . $path . '" should be visible');
57 $this->assertTrue(empty($elements), 'User login block in path "' . $path . '" should not be visible');
63 * Test the user login block.
65 public function testUserLoginBlock() {
66 // Create a user with some permission that anonymous users lack.
67 $user = $this->drupalCreateUser(['administer permissions']);
69 // Log in using the block.
71 $edit['name'] = $user->getUsername();
72 $edit['pass'] = $user->passRaw;
73 $this->drupalPostForm('admin/people/permissions', $edit, t('Log in'));
74 $this->assertNoText(t('User login'), 'Logged in.');
76 // Check that we are still on the same page.
77 $this->assertUrl(\Drupal::url('user.admin_permissions', [], ['absolute' => TRUE]), [], 'Still on the same page after login for access denied page');
79 // Now, log out and repeat with a non-403 page.
80 $this->drupalLogout();
81 $this->drupalGet('filter/tips');
82 $this->assertEqual('MISS', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
83 $this->drupalPostForm(NULL, $edit, t('Log in'));
84 $this->assertNoText(t('User login'), 'Logged in.');
85 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
87 // Log out again and repeat with a non-403 page including query arguments.
88 $this->drupalLogout();
89 $this->drupalGet('filter/tips', ['query' => ['foo' => 'bar']]);
90 $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
91 $this->drupalPostForm(NULL, $edit, t('Log in'));
92 $this->assertNoText(t('User login'), 'Logged in.');
93 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
94 $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=bar') !== FALSE, 'Correct query arguments are displayed after login');
96 // Repeat with different query arguments.
97 $this->drupalLogout();
98 $this->drupalGet('filter/tips', ['query' => ['foo' => 'baz']]);
99 $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
100 $this->drupalPostForm(NULL, $edit, t('Log in'));
101 $this->assertNoText(t('User login'), 'Logged in.');
102 $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
103 $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=baz') !== FALSE, 'Correct query arguments are displayed after login');
105 // Check that the user login block is not vulnerable to information
106 // disclosure to third party sites.
107 $this->drupalLogout();
108 $this->drupalPostForm('http://example.com/', $edit, t('Log in'), ['external' => FALSE]);
109 // Check that we remain on the site after login.
110 $this->assertUrl($user->url('canonical', ['absolute' => TRUE]), [], 'Redirected to user profile page after login from the frontpage');
112 // Verify that form validation errors are displayed immediately for forms
113 // in blocks and not on subsequent page requests.
114 $this->drupalLogout();
116 $edit['name'] = 'foo';
117 $edit['pass'] = 'invalid password';
118 $this->drupalPostForm('filter/tips', $edit, t('Log in'));
119 $this->assertText(t('Unrecognized username or password. Forgot your password?'));
120 $this->drupalGet('filter/tips');
121 $this->assertNoText(t('Unrecognized username or password. Forgot your password?'));
125 * Updates the access column for a user.
127 private function updateAccess($uid, $access = REQUEST_TIME) {
128 db_update('users_field_data')
129 ->condition('uid', $uid)
130 ->fields(['access' => $access])