function FormTest::testInputWithInvalidToken
Same name in other branches
- 9 core/modules/system/tests/src/Functional/Form/FormTest.php \Drupal\Tests\system\Functional\Form\FormTest::testInputWithInvalidToken()
- 8.9.x core/modules/system/tests/src/Functional/Form/FormTest.php \Drupal\Tests\system\Functional\Form\FormTest::testInputWithInvalidToken()
- 11.x core/modules/system/tests/src/Functional/Form/FormTest.php \Drupal\Tests\system\Functional\Form\FormTest::testInputWithInvalidToken()
Tests that input is retained for safe elements even with an invalid token.
Submits a test form containing several types of form elements.
File
-
core/
modules/ system/ tests/ src/ Functional/ Form/ FormTest.php, line 247
Class
- FormTest
- Tests various form element validation mechanisms.
Namespace
Drupal\Tests\system\Functional\FormCode
public function testInputWithInvalidToken() : void {
// We need to be logged in to have CSRF tokens.
$account = $this->createUser();
$this->drupalLogin($account);
// Submit again with required fields set but an invalid form token and
// verify that all the values are retained.
$this->drupalGet(Url::fromRoute('form_test.validate_required'));
$this->assertSession()
->elementExists('css', 'input[name="form_token"]')
->setValue('invalid token');
$random_string = $this->randomString();
$edit = [
'textfield' => $random_string,
'checkboxes[bar]' => TRUE,
'select' => 'bar',
'radios' => 'foo',
];
$this->submitForm($edit, 'Submit');
// Verify that error message is displayed with invalid token even when
// required fields are filled.
$this->assertSession()
->elementExists('xpath', '//div[contains(@class, "error")]');
$assert = $this->assertSession();
$element = $assert->fieldExists('textfield');
$this->assertEmpty($element->getValue());
$assert->responseNotContains($random_string);
$this->assertSession()
->pageTextContains('The form has become outdated.');
// Ensure that we don't use the posted values.
$this->assertSession()
->fieldValueEquals('textfield', '');
$this->assertSession()
->checkboxNotChecked('edit-checkboxes-foo');
$this->assertSession()
->checkboxNotChecked('edit-checkboxes-bar');
$this->assertTrue($this->assertSession()
->optionExists('edit-select', '')
->isSelected());
$this->assertSession()
->checkboxNotChecked('edit-radios-foo');
// Check another form that has a textarea input.
$this->drupalGet(Url::fromRoute('form_test.required'));
$this->assertSession()
->elementExists('css', 'input[name="form_token"]')
->setValue('invalid token');
$edit = [
'textfield' => $this->randomString(),
'textarea' => $this->randomString() . "\n",
];
$this->submitForm($edit, 'Submit');
// Verify that the error message is displayed with invalid token even when
// required fields are filled.
$this->assertSession()
->elementExists('xpath', '//div[contains(@class, "error")]');
$this->assertSession()
->pageTextContains('The form has become outdated.');
$this->assertSession()
->fieldValueEquals('textfield', '');
$this->assertSession()
->fieldValueEquals('textarea', '');
// Check another form that has a number input.
$this->drupalGet(Url::fromRoute('form_test.number'));
$this->assertSession()
->elementExists('css', 'input[name="form_token"]')
->setValue('invalid token');
$edit = [
// We choose a random value which is higher than the default value,
// so we don't accidentally generate the default value.
'integer_step' => mt_rand(6, 100),
];
$this->submitForm($edit, 'Submit');
// Verify that the error message is displayed with invalid token even when
// required fields are filled.'
$this->assertSession()
->elementExists('xpath', '//div[contains(@class, "error")]');
$this->assertSession()
->pageTextContains('The form has become outdated.');
$this->assertSession()
->fieldValueEquals('integer_step', 5);
// Check a form with a URL field
$this->drupalGet(Url::fromRoute('form_test.url'));
$this->assertSession()
->elementExists('css', 'input[name="form_token"]')
->setValue('invalid token');
$edit = [
'url' => $this->randomString(),
];
$this->submitForm($edit, 'Submit');
// Verify that the error message is displayed with invalid token even when
// required fields are filled.
$this->assertSession()
->elementExists('xpath', '//div[contains(@class, "error")]');
$this->assertSession()
->pageTextContains('The form has become outdated.');
$this->assertSession()
->fieldValueEquals('url', '');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.