function UserBlocksTest::testUserLoginBlock
Same name in other branches
- 9 core/modules/user/tests/src/Functional/UserBlocksTest.php \Drupal\Tests\user\Functional\UserBlocksTest::testUserLoginBlock()
- 10 core/modules/user/tests/src/Functional/UserBlocksTest.php \Drupal\Tests\user\Functional\UserBlocksTest::testUserLoginBlock()
- 11.x core/modules/user/tests/src/Functional/UserBlocksTest.php \Drupal\Tests\user\Functional\UserBlocksTest::testUserLoginBlock()
Test the user login block.
File
-
core/
modules/ user/ tests/ src/ Functional/ UserBlocksTest.php, line 71
Class
- UserBlocksTest
- Tests user blocks.
Namespace
Drupal\Tests\user\FunctionalCode
public function testUserLoginBlock() {
// Create a user with some permission that anonymous users lack.
$user = $this->drupalCreateUser([
'administer permissions',
]);
// Log in using the block.
$edit = [];
$edit['name'] = $user->getAccountName();
$edit['pass'] = $user->passRaw;
$this->drupalPostForm('admin/people/permissions', $edit, t('Log in'));
$this->assertNoText(t('User login'), 'Logged in.');
// Check that we are still on the same page.
$this->assertUrl(Url::fromRoute('user.admin_permissions', [], [
'absolute' => TRUE,
])->toString(), [], 'Still on the same page after login for access denied page');
// Now, log out and repeat with a non-403 page.
$this->drupalLogout();
$this->drupalGet('filter/tips');
$this->assertEqual('MISS', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
$this->drupalPostForm(NULL, $edit, t('Log in'));
$this->assertNoText(t('User login'), 'Logged in.');
// Verify that we are still on the same page after login for allowed page.
$this->assertPattern('!<title.*?Compose tips.*?</title>!');
// Log out again and repeat with a non-403 page including query arguments.
$this->drupalLogout();
$this->drupalGet('filter/tips', [
'query' => [
'foo' => 'bar',
],
]);
$this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
$this->drupalPostForm(NULL, $edit, t('Log in'));
$this->assertNoText(t('User login'), 'Logged in.');
// Verify that we are still on the same page after login for allowed page.
$this->assertPattern('!<title.*?Compose tips.*?</title>!');
$this->assertStringContainsString('/filter/tips?foo=bar', $this->getUrl(), 'Correct query arguments are displayed after login');
// Repeat with different query arguments.
$this->drupalLogout();
$this->drupalGet('filter/tips', [
'query' => [
'foo' => 'baz',
],
]);
$this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
$this->drupalPostForm(NULL, $edit, t('Log in'));
$this->assertNoText(t('User login'), 'Logged in.');
// Verify that we are still on the same page after login for allowed page.
$this->assertPattern('!<title.*?Compose tips.*?</title>!');
$this->assertStringContainsString('/filter/tips?foo=baz', $this->getUrl(), 'Correct query arguments are displayed after login');
// Check that the user login block is not vulnerable to information
// disclosure to third party sites.
$this->drupalLogout();
$this->drupalPostForm('http://example.com/', $edit, t('Log in'), [
'external' => FALSE,
]);
// Check that we remain on the site after login.
$this->assertUrl($user->toUrl('canonical', [
'absolute' => TRUE,
])
->toString(), [], 'Redirected to user profile page after login from the frontpage');
// Verify that form validation errors are displayed immediately for forms
// in blocks and not on subsequent page requests.
$this->drupalLogout();
$edit = [];
$edit['name'] = 'foo';
$edit['pass'] = 'invalid password';
$this->drupalPostForm('filter/tips', $edit, t('Log in'));
$this->assertText(t('Unrecognized username or password. Forgot your password?'));
$this->drupalGet('filter/tips');
$this->assertNoText(t('Unrecognized username or password. Forgot your password?'));
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.