projects / yaffs-website / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security update for Core, with self-updated composer
[yaffs-website] / web / core / modules / user / src / Tests / UserBlocksTest.php
diff --git a/web/core/modules/user/src/Tests/UserBlocksTest.php b/web/core/modules/user/src/Tests/UserBlocksTest.php
index 1495b20b08b71b4d2a054e4b2afea4c7929deed2..0a4c619da6c838e0bb1b6aa0880750e54db9f1ef 100644 (file)
--- a/web/core/modules/user/src/Tests/UserBlocksTest.php
+++ b/web/core/modules/user/src/Tests/UserBlocksTest.php
@@ -2,6 +2,7 @@
 
 namespace Drupal\user\Tests;
 
+use Drupal\dynamic_page_cache\EventSubscriber\DynamicPageCacheSubscriber;
 use Drupal\simpletest\WebTestBase;
 
 /**
@@ -77,9 +78,29 @@ class UserBlocksTest extends WebTestBase {
 
     // Now, log out and repeat with a non-403 page.
     $this->drupalLogout();
-    $this->drupalPostForm('filter/tips', $edit, t('Log in'));
+    $this->drupalGet('filter/tips');
+    $this->assertEqual('MISS', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
+    $this->drupalPostForm(NULL, $edit, t('Log in'));
+    $this->assertNoText(t('User login'), 'Logged in.');
+    $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
+
+    // Log out again and repeat with a non-403 page including query arguments.
+    $this->drupalLogout();
+    $this->drupalGet('filter/tips', ['query' => ['foo' => 'bar']]);
+    $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
+    $this->drupalPostForm(NULL, $edit, t('Log in'));
+    $this->assertNoText(t('User login'), 'Logged in.');
+    $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
+    $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=bar') !== FALSE, 'Correct query arguments are displayed after login');
+
+    // Repeat with different query arguments.
+    $this->drupalLogout();
+    $this->drupalGet('filter/tips', ['query' => ['foo' => 'baz']]);
+    $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
+    $this->drupalPostForm(NULL, $edit, t('Log in'));
     $this->assertNoText(t('User login'), 'Logged in.');
     $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', 'Still on the same page after login for allowed page');
+    $this->assertTrue(strpos($this->getUrl(), '/filter/tips?foo=baz') !== FALSE, 'Correct query arguments are displayed after login');
 
     // Check that the user login block is not vulnerable to information
     // disclosure to third party sites.
Unnamed repository; edit this file 'description' to name the repository.