class UserPasswordResetTest

Same name in this branch
  1. 8.9.x core/modules/user/tests/src/FunctionalJavascript/UserPasswordResetTest.php \Drupal\Tests\user\FunctionalJavascript\UserPasswordResetTest
Same name in other branches
  1. 9 core/modules/user/tests/src/FunctionalJavascript/UserPasswordResetTest.php \Drupal\Tests\user\FunctionalJavascript\UserPasswordResetTest
  2. 9 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest
  3. 10 core/modules/user/tests/src/FunctionalJavascript/UserPasswordResetTest.php \Drupal\Tests\user\FunctionalJavascript\UserPasswordResetTest
  4. 10 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest
  5. 11.x core/modules/user/tests/src/FunctionalJavascript/UserPasswordResetTest.php \Drupal\Tests\user\FunctionalJavascript\UserPasswordResetTest
  6. 11.x core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest

Ensure that password reset methods work as expected.

@group user

Hierarchy

Expanded class hierarchy of UserPasswordResetTest

File

core/modules/user/tests/src/Functional/UserPasswordResetTest.php, line 17

Namespace

Drupal\Tests\user\Functional
View source 
class UserPasswordResetTest extends BrowserTestBase {
    use AssertMailTrait {
        getMails as drupalGetMails;
    }
    
    /**
     * The user object to test password resetting.
     *
     * @var \Drupal\user\UserInterface
     */
    protected $account;
    
    /**
     * Modules to enable.
     *
     * @var array
     */
    public static $modules = [
        'block',
    ];
    
    /**
     * {@inheritdoc}
     */
    protected $defaultTheme = 'stark';
    
    /**
     * {@inheritdoc}
     */
    protected function setUp() {
        parent::setUp();
        // Enable page caching.
        $config = $this->config('system.performance');
        $config->set('cache.page.max_age', 3600);
        $config->save();
        $this->drupalPlaceBlock('system_menu_block:account');
        // Create a user.
        $account = $this->drupalCreateUser();
        // Activate user by logging in.
        $this->drupalLogin($account);
        $this->account = User::load($account->id());
        $this->account->passRaw = $account->passRaw;
        $this->drupalLogout();
        // Set the last login time that is used to generate the one-time link so
        // that it is definitely over a second ago.
        $account->login = REQUEST_TIME - mt_rand(10, 100000);
        Database::getConnection()->update('users_field_data')
            ->fields([
            'login' => $account->getLastLoginTime(),
        ])
            ->condition('uid', $account->id())
            ->execute();
    }
    
    /**
     * Tests password reset functionality.
     */
    public function testUserPasswordReset() {
        // Verify that accessing the password reset form without having the session
        // variables set results in an access denied message.
        $this->drupalGet(Url::fromRoute('user.reset.form', [
            'uid' => $this->account
                ->id(),
        ]));
        $this->assertSession()
            ->statusCodeEquals(403);
        // Try to reset the password for an invalid account.
        $this->drupalGet('user/password');
        $edit = [
            'name' => $this->randomMachineName(),
        ];
        $this->drupalPostForm(NULL, $edit, t('Submit'));
        $this->assertNoValidPasswordReset($edit['name']);
        // Reset the password by username via the password reset page.
        $this->drupalGet('user/password');
        $edit = [
            'name' => $this->account
                ->getAccountName(),
        ];
        $this->drupalPostForm(NULL, $edit, t('Submit'));
        $this->assertValidPasswordReset($edit['name']);
        $resetURL = $this->getResetURL();
        $this->drupalGet($resetURL);
        // Ensure that the current url does not contain the hash and timestamp.
        $this->assertUrl(Url::fromRoute('user.reset.form', [
            'uid' => $this->account
                ->id(),
        ]));
        $this->assertNull($this->drupalGetHeader('X-Drupal-Cache'));
        // Ensure the password reset URL is not cached.
        $this->drupalGet($resetURL);
        $this->assertNull($this->drupalGetHeader('X-Drupal-Cache'));
        // Check the one-time login page.
        $this->assertText($this->account
            ->getAccountName(), 'One-time login page contains the correct username.');
        $this->assertText(t('This login can be used only once.'), 'Found warning about one-time login.');
        $this->assertTitle('Reset password | Drupal');
        // Check successful login.
        $this->drupalPostForm(NULL, NULL, t('Log in'));
        $this->assertSession()
            ->linkExists(t('Log out'));
        $this->assertTitle($this->account
            ->getAccountName() . ' | Drupal');
        // Change the forgotten password.
        $password = user_password();
        $edit = [
            'pass[pass1]' => $password,
            'pass[pass2]' => $password,
        ];
        $this->drupalPostForm(NULL, $edit, t('Save'));
        $this->assertText(t('The changes have been saved.'), 'Forgotten password changed.');
        // Verify that the password reset session has been destroyed.
        $this->drupalPostForm(NULL, $edit, t('Save'));
        $this->assertText(t("Your current password is missing or incorrect; it's required to change the Password."), 'Password needed to make profile changes.');
        // Log out, and try to log in again using the same one-time link.
        $this->drupalLogout();
        $this->drupalGet($resetURL);
        $this->drupalPostForm(NULL, NULL, t('Log in'));
        $this->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.');
        // Request a new password again, this time using the email address.
        // Count email messages before to compare with after.
        $before = count($this->drupalGetMails([
            'id' => 'user_password_reset',
        ]));
        $this->drupalGet('user/password');
        $edit = [
            'name' => $this->account
                ->getEmail(),
        ];
        $this->drupalPostForm(NULL, $edit, t('Submit'));
        $this->assertValidPasswordReset($edit['name']);
        $this->assertCount($before + 1, $this->drupalGetMails([
            'id' => 'user_password_reset',
        ]), 'Email sent when requesting password reset using email address.');
        // Visit the user edit page without pass-reset-token and make sure it does
        // not cause an error.
        $resetURL = $this->getResetURL();
        $this->drupalGet($resetURL);
        $this->drupalPostForm(NULL, NULL, t('Log in'));
        $this->drupalGet('user/' . $this->account
            ->id() . '/edit');
        $this->assertNoText('Expected user_string to be a string, NULL given');
        $this->drupalLogout();
        // Create a password reset link as if the request time was 60 seconds older than the allowed limit.
        $timeout = $this->config('user.settings')
            ->get('password_reset_timeout');
        $bogus_timestamp = REQUEST_TIME - $timeout - 60;
        $_uid = $this->account
            ->id();
        $this->drupalGet("user/reset/{$_uid}/{$bogus_timestamp}/" . user_pass_rehash($this->account, $bogus_timestamp));
        $this->drupalPostForm(NULL, NULL, t('Log in'));
        $this->assertText(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.');
        // Create a user, block the account, and verify that a login link is denied.
        $timestamp = REQUEST_TIME - 1;
        $blocked_account = $this->drupalCreateUser()
            ->block();
        $blocked_account->save();
        $this->drupalGet("user/reset/" . $blocked_account->id() . "/{$timestamp}/" . user_pass_rehash($blocked_account, $timestamp));
        $this->assertSession()
            ->statusCodeEquals(403);
        // Verify a blocked user can not request a new password.
        $this->drupalGet('user/password');
        // Count email messages before to compare with after.
        $before = count($this->drupalGetMails([
            'id' => 'user_password_reset',
        ]));
        $edit = [
            'name' => $blocked_account->getAccountName(),
        ];
        $this->drupalPostForm(NULL, $edit, t('Submit'));
        $this->assertRaw(t('%name is blocked or has not been activated yet.', [
            '%name' => $blocked_account->getAccountName(),
        ]), 'Notified user blocked accounts can not request a new password');
        $this->assertCount($before, $this->drupalGetMails([
            'id' => 'user_password_reset',
        ]), 'No email was sent when requesting password reset for a blocked account');
        // Verify a password reset link is invalidated when the user's email address changes.
        $this->drupalGet('user/password');
        $edit = [
            'name' => $this->account
                ->getAccountName(),
        ];
        $this->drupalPostForm(NULL, $edit, t('Submit'));
        $old_email_reset_link = $this->getResetURL();
        $this->account
            ->setEmail("1" . $this->account
            ->getEmail());
        $this->account
            ->save();
        $this->drupalGet($old_email_reset_link);
        $this->drupalPostForm(NULL, NULL, t('Log in'));
        $this->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.');
        // Verify a password reset link will automatically log a user when /login is
        // appended.
        $this->drupalGet('user/password');
        $edit = [
            'name' => $this->account
                ->getAccountName(),
        ];
        $this->drupalPostForm(NULL, $edit, t('Submit'));
        $reset_url = $this->getResetURL();
        $this->drupalGet($reset_url . '/login');
        $this->assertSession()
            ->linkExists(t('Log out'));
        $this->assertTitle($this->account
            ->getAccountName() . ' | Drupal');
        // Ensure blocked and deleted accounts can't access the user.reset.login
        // route.
        $this->drupalLogout();
        $timestamp = REQUEST_TIME - 1;
        $blocked_account = $this->drupalCreateUser()
            ->block();
        $blocked_account->save();
        $this->drupalGet("user/reset/" . $blocked_account->id() . "/{$timestamp}/" . user_pass_rehash($blocked_account, $timestamp) . '/login');
        $this->assertSession()
            ->statusCodeEquals(403);
        $blocked_account->delete();
        $this->drupalGet("user/reset/" . $blocked_account->id() . "/{$timestamp}/" . user_pass_rehash($blocked_account, $timestamp) . '/login');
        $this->assertSession()
            ->statusCodeEquals(403);
    }
    
    /**
     * Retrieves password reset email and extracts the login link.
     */
    public function getResetURL() {
        // Assume the most recent email.
        $_emails = $this->drupalGetMails();
        $email = end($_emails);
        $urls = [];
        preg_match('#.+user/reset/.+#', $email['body'], $urls);
        return $urls[0];
    }
    
    /**
     * Test user password reset while logged in.
     */
    public function testUserPasswordResetLoggedIn() {
        $another_account = $this->drupalCreateUser();
        $this->drupalLogin($another_account);
        $this->drupalGet('user/password');
        $this->drupalPostForm(NULL, NULL, t('Submit'));
        // Click the reset URL while logged and change our password.
        $resetURL = $this->getResetURL();
        // Log in as a different user.
        $this->drupalLogin($this->account);
        $this->drupalGet($resetURL);
        $this->assertRaw(new FormattableMarkup('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href=":logout">log out</a> and try using the link again.', [
            '%other_user' => $this->account
                ->getAccountName(),
            '%resetting_user' => $another_account->getAccountName(),
            ':logout' => Url::fromRoute('user.logout')->toString(),
        ]));
        $another_account->delete();
        $this->drupalGet($resetURL);
        $this->assertText('The one-time login link you clicked is invalid.');
        // Log in.
        $this->drupalLogin($this->account);
        // Reset the password by username via the password reset page.
        $this->drupalGet('user/password');
        $this->drupalPostForm(NULL, NULL, t('Submit'));
        // Click the reset URL while logged and change our password.
        $resetURL = $this->getResetURL();
        $this->drupalGet($resetURL);
        $this->drupalPostForm(NULL, NULL, t('Log in'));
        // Change the password.
        $password = user_password();
        $edit = [
            'pass[pass1]' => $password,
            'pass[pass2]' => $password,
        ];
        $this->drupalPostForm(NULL, $edit, t('Save'));
        $this->assertText(t('The changes have been saved.'), 'Password changed.');
        // Logged in users should not be able to access the user.reset.login or the
        // user.reset.form routes.
        $timestamp = REQUEST_TIME - 1;
        $this->drupalGet("user/reset/" . $this->account
            ->id() . "/{$timestamp}/" . user_pass_rehash($this->account, $timestamp) . '/login');
        $this->assertSession()
            ->statusCodeEquals(403);
        $this->drupalGet("user/reset/" . $this->account
            ->id());
        $this->assertSession()
            ->statusCodeEquals(403);
    }
    
    /**
     * Prefill the text box on incorrect login via link to password reset page.
     */
    public function testUserResetPasswordTextboxFilled() {
        $this->drupalGet('user/login');
        $edit = [
            'name' => $this->randomMachineName(),
            'pass' => $this->randomMachineName(),
        ];
        $this->drupalPostForm('user/login', $edit, t('Log in'));
        $this->assertRaw(t('Unrecognized username or password. <a href=":password">Forgot your password?</a>', [
            ':password' => Url::fromRoute('user.pass', [], [
                'query' => [
                    'name' => $edit['name'],
                ],
            ])->toString(),
        ]));
        unset($edit['pass']);
        $this->drupalGet('user/password', [
            'query' => [
                'name' => $edit['name'],
            ],
        ]);
        $this->assertFieldByName('name', $edit['name'], 'User name found.');
        // Ensure the name field value is not cached.
        $this->drupalGet('user/password');
        $this->assertNoFieldByName('name', $edit['name'], 'User name not found.');
    }
    
    /**
     * Tests password reset flood control for one user.
     */
    public function testUserResetPasswordUserFloodControl() {
        \Drupal::configFactory()->getEditable('user.flood')
            ->set('user_limit', 3)
            ->save();
        $edit = [
            'name' => $this->account
                ->getAccountName(),
        ];
        // Try 3 requests that should not trigger flood control.
        for ($i = 0; $i < 3; $i++) {
            $this->drupalGet('user/password');
            $this->drupalPostForm(NULL, $edit, t('Submit'));
            $this->assertValidPasswordReset($edit['name']);
            $this->assertNoPasswordUserFlood();
        }
        // The next request should trigger flood control.
        $this->drupalGet('user/password');
        $this->drupalPostForm(NULL, $edit, t('Submit'));
        $this->assertPasswordUserFlood();
    }
    
    /**
     * Tests password reset flood control for one IP.
     */
    public function testUserResetPasswordIpFloodControl() {
        \Drupal::configFactory()->getEditable('user.flood')
            ->set('ip_limit', 3)
            ->save();
        // Try 3 requests that should not trigger flood control.
        for ($i = 0; $i < 3; $i++) {
            $this->drupalGet('user/password');
            $edit = [
                'name' => $this->randomMachineName(),
            ];
            $this->drupalPostForm(NULL, $edit, t('Submit'));
            // Because we're testing with a random name, the password reset will not be valid.
            $this->assertNoValidPasswordReset($edit['name']);
            $this->assertNoPasswordIpFlood();
        }
        // The next request should trigger flood control.
        $this->drupalGet('user/password');
        $edit = [
            'name' => $this->randomMachineName(),
        ];
        $this->drupalPostForm(NULL, $edit, t('Submit'));
        $this->assertPasswordIpFlood();
    }
    
    /**
     * Tests user password reset flood control is cleared on successful reset.
     */
    public function testUserResetPasswordUserFloodControlIsCleared() {
        \Drupal::configFactory()->getEditable('user.flood')
            ->set('user_limit', 3)
            ->save();
        $edit = [
            'name' => $this->account
                ->getAccountName(),
        ];
        // Try 3 requests that should not trigger flood control.
        for ($i = 0; $i < 3; $i++) {
            $this->drupalGet('user/password');
            $this->drupalPostForm(NULL, $edit, t('Submit'));
            $this->assertValidPasswordReset($edit['name']);
            $this->assertNoPasswordUserFlood();
        }
        // Use the last password reset URL which was generated.
        $reset_url = $this->getResetURL();
        $this->drupalGet($reset_url . '/login');
        $this->assertSession()
            ->linkExists(t('Log out'));
        $this->assertTitle($this->account
            ->getAccountName() . ' | Drupal');
        $this->drupalLogout();
        // The next request should *not* trigger flood control, since a successful
        // password reset should have cleared flood events for this user.
        $this->drupalGet('user/password');
        $this->drupalPostForm(NULL, $edit, t('Submit'));
        $this->assertValidPasswordReset($edit['name']);
        $this->assertNoPasswordUserFlood();
    }
    
    /**
     * Helper function to make assertions about a valid password reset.
     */
    public function assertValidPasswordReset($name) {
        // Make sure the error text is not displayed and email sent.
        $this->assertNoText(t('Sorry, @name is not recognized as a username or an e-mail address.', [
            '@name' => $name,
        ]), 'Validation error message shown when trying to request password for invalid account.');
        $this->assertMail('to', $this->account
            ->getEmail(), 'Password e-mail sent to user.');
        $subject = t('Replacement login information for @username at @site', [
            '@username' => $this->account
                ->getAccountName(),
            '@site' => \Drupal::config('system.site')->get('name'),
        ]);
        $this->assertMail('subject', $subject, 'Password reset e-mail subject is correct.');
    }
    
    /**
     * Helper function to make assertions about an invalid password reset.
     */
    public function assertNoValidPasswordReset($name) {
        // Make sure the error text is displayed and no email sent.
        $this->assertText(t('@name is not recognized as a username or an email address.', [
            '@name' => $name,
        ]), 'Validation error message shown when trying to request password for invalid account.');
        $this->assertCount(0, $this->drupalGetMails([
            'id' => 'user_password_reset',
        ]), 'No e-mail was sent when requesting a password for an invalid account.');
    }
    
    /**
     * Makes assertions about a password reset triggering user flood control.
     */
    public function assertPasswordUserFlood() {
        $this->assertText(t('Too many password recovery requests for this account. It is temporarily blocked. Try again later or contact the site administrator.'), 'User password reset flood error message shown.');
    }
    
    /**
     * Makes assertions about a password reset not triggering user flood control.
     */
    public function assertNoPasswordUserFlood() {
        $this->assertNoText(t('Too many password recovery requests for this account. It is temporarily blocked. Try again later or contact the site administrator.'), 'User password reset flood error message not shown.');
    }
    
    /**
     * Makes assertions about a password reset triggering IP flood control.
     */
    public function assertPasswordIpFlood() {
        $this->assertText(t('Too many password recovery requests from your IP address. It is temporarily blocked. Try again later or contact the site administrator.'), 'IP password reset flood error message shown.');
    }
    
    /**
     * Makes assertions about a password reset not triggering IP flood control.
     */
    public function assertNoPasswordIpFlood() {
        $this->assertNoText(t('Too many password recovery requests from your IP address. It is temporarily blocked. Try again later or contact the site administrator.'), 'IP password reset flood error message not shown.');
    }
    
    /**
     * Make sure that users cannot forge password reset URLs of other users.
     */
    public function testResetImpersonation() {
        // Create two identical user accounts except for the user name. They must
        // have the same empty password, so we can't use $this->drupalCreateUser().
        $edit = [];
        $edit['name'] = $this->randomMachineName();
        $edit['mail'] = $edit['name'] . '@example.com';
        $edit['status'] = 1;
        $user1 = User::create($edit);
        $user1->save();
        $edit['name'] = $this->randomMachineName();
        $user2 = User::create($edit);
        $user2->save();
        // Unique password hashes are automatically generated, the only way to
        // change that is to update it directly in the database.
        Database::getConnection()->update('users_field_data')
            ->fields([
            'pass' => NULL,
        ])
            ->condition('uid', [
            $user1->id(),
            $user2->id(),
        ], 'IN')
            ->execute();
        \Drupal::entityTypeManager()->getStorage('user')
            ->resetCache();
        $user1 = User::load($user1->id());
        $user2 = User::load($user2->id());
        $this->assertEqual($user1->getPassword(), $user2->getPassword(), 'Both users have the same password hash.');
        // The password reset URL must not be valid for the second user when only
        // the user ID is changed in the URL.
        $reset_url = user_pass_reset_url($user1);
        $attack_reset_url = str_replace("user/reset/{$user1->id()}", "user/reset/{$user2->id()}", $reset_url);
        $this->drupalGet($attack_reset_url);
        $this->drupalPostForm(NULL, NULL, t('Log in'));
        $this->assertNoText($user2->getAccountName(), 'The invalid password reset page does not show the user name.');
        $this->assertUrl('user/password', [], 'The user is redirected to the password reset request page.');
        $this->assertText('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');
    }

}

Members

Title Deprecated Modifiers Object type Summary Member alias Overriden Title Overrides
AssertHelperTrait::castSafeStrings protected static function Casts MarkupInterface objects into strings.
AssertLegacyTrait::assert protected function
AssertLegacyTrait::assertCacheTag protected function Asserts whether an expected cache tag was present in the last response.
AssertLegacyTrait::assertElementNotPresent protected function Asserts that the element with the given CSS selector is not present.
AssertLegacyTrait::assertElementPresent protected function Asserts that the element with the given CSS selector is present.
AssertLegacyTrait::assertEqual protected function
AssertLegacyTrait::assertEscaped protected function Passes if the raw text IS found escaped on the loaded page, fail otherwise.
AssertLegacyTrait::assertField protected function Asserts that a field exists with the given name or ID.
AssertLegacyTrait::assertFieldById protected function Asserts that a field exists with the given ID and value.
AssertLegacyTrait::assertFieldByName protected function Asserts that a field exists with the given name and value.
AssertLegacyTrait::assertFieldByXPath protected function Asserts that a field exists in the current page by the given XPath.
AssertLegacyTrait::assertFieldChecked protected function Asserts that a checkbox field in the current page is checked.
AssertLegacyTrait::assertFieldsByValue protected function Asserts that a field exists in the current page with a given Xpath result.
AssertLegacyTrait::assertHeader protected function Checks that current response header equals value.
AssertLegacyTrait::assertIdentical protected function
AssertLegacyTrait::assertIdenticalObject protected function
AssertLegacyTrait::assertLink protected function Passes if a link with the specified label is found.
AssertLegacyTrait::assertLinkByHref protected function Passes if a link containing a given href (part) is found.
AssertLegacyTrait::assertNoCacheTag protected function Asserts whether an expected cache tag was absent in the last response.
AssertLegacyTrait::assertNoEscaped protected function Passes if the raw text is not found escaped on the loaded page.
AssertLegacyTrait::assertNoField protected function Asserts that a field does NOT exist with the given name or ID.
AssertLegacyTrait::assertNoFieldById protected function Asserts that a field does not exist with the given ID and value.
AssertLegacyTrait::assertNoFieldByName protected function Asserts that a field does not exist with the given name and value.
AssertLegacyTrait::assertNoFieldByXPath protected function Asserts that a field does not exist or its value does not match, by XPath.
AssertLegacyTrait::assertNoFieldChecked protected function Asserts that a checkbox field in the current page is not checked.
AssertLegacyTrait::assertNoLink protected function Passes if a link with the specified label is not found.
AssertLegacyTrait::assertNoLinkByHref protected function Passes if a link containing a given href (part) is not found.
AssertLegacyTrait::assertNoOption protected function Asserts that a select option does NOT exist in the current page.
AssertLegacyTrait::assertNoPattern protected function Triggers a pass if the Perl regex pattern is not found in the raw content.
AssertLegacyTrait::assertNoRaw protected function Passes if the raw text IS not found on the loaded page, fail otherwise. 1
AssertLegacyTrait::assertNotEqual protected function
AssertLegacyTrait::assertNoText protected function Passes if the page (with HTML stripped) does not contains the text. 1
AssertLegacyTrait::assertNotIdentical protected function
AssertLegacyTrait::assertNoUniqueText protected function Passes if the text is found MORE THAN ONCE on the text version of the page.
AssertLegacyTrait::assertOption protected function Asserts that a select option in the current page exists.
AssertLegacyTrait::assertOptionByText protected function Asserts that a select option with the visible text exists.
AssertLegacyTrait::assertOptionSelected protected function Asserts that a select option in the current page is checked.
AssertLegacyTrait::assertPattern protected function Triggers a pass if the Perl regex pattern is found in the raw content.
AssertLegacyTrait::assertRaw protected function Passes if the raw text IS found on the loaded page, fail otherwise. 1
AssertLegacyTrait::assertResponse protected function Asserts the page responds with the specified response code. 1
AssertLegacyTrait::assertText protected function Passes if the page (with HTML stripped) contains the text. 1
AssertLegacyTrait::assertTextHelper protected function Helper for assertText and assertNoText.
AssertLegacyTrait::assertTitle protected function Pass if the page title is the given string.
AssertLegacyTrait::assertUniqueText protected function Passes if the text is found ONLY ONCE on the text version of the page.
AssertLegacyTrait::assertUrl protected function Passes if the internal browser&#039;s URL matches the given path.
AssertLegacyTrait::buildXPathQuery protected function Builds an XPath query.
AssertLegacyTrait::constructFieldXpath protected function Helper: Constructs an XPath for the given set of attributes and value.
AssertLegacyTrait::getAllOptions protected function Get all option elements, including nested options, in a select.
AssertLegacyTrait::getRawContent protected function Gets the current raw content.
AssertLegacyTrait::pass protected function
AssertLegacyTrait::verbose protected function
AssertMailTrait::assertMail protected function Asserts that the most recently sent email message has the given value.
AssertMailTrait::assertMailPattern protected function Asserts that the most recently sent email message has the pattern in it.
AssertMailTrait::assertMailString protected function Asserts that the most recently sent email message has the string in it.
AssertMailTrait::getMails protected function Gets an array containing all emails sent during this test case. Aliased as: drupalGetMails
AssertMailTrait::verboseEmail protected function Outputs to verbose the most recent $count emails sent.
BlockCreationTrait::placeBlock protected function Creates a block instance based on default settings. Aliased as: drupalPlaceBlock
BrowserHtmlDebugTrait::$htmlOutputBaseUrl protected property The Base URI to use for links to the output files.
BrowserHtmlDebugTrait::$htmlOutputClassName protected property Class name for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputCounter protected property Counter for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputCounterStorage protected property Counter storage for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputDirectory protected property Directory name for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputEnabled protected property HTML output output enabled.
BrowserHtmlDebugTrait::$htmlOutputFile protected property The file name to write the list of URLs to.
BrowserHtmlDebugTrait::$htmlOutputTestId protected property HTML output test ID.
BrowserHtmlDebugTrait::formatHtmlOutputHeaders protected function Formats HTTP headers as string for HTML output logging.
BrowserHtmlDebugTrait::getHtmlOutputHeaders protected function Returns headers in HTML output format. 1
BrowserHtmlDebugTrait::htmlOutput protected function Logs a HTML output message in a text file.
BrowserHtmlDebugTrait::initBrowserOutputFile protected function Creates the directory to store browser output.
BrowserTestBase::$baseUrl protected property The base URL.
BrowserTestBase::$configImporter protected property The config importer that can be used in a test.
BrowserTestBase::$customTranslations protected property An array of custom translations suitable for drupal_rewrite_settings().
BrowserTestBase::$databasePrefix protected property The database prefix of this test run.
BrowserTestBase::$mink protected property Mink session manager.
BrowserTestBase::$minkDefaultDriverArgs protected property
BrowserTestBase::$minkDefaultDriverClass protected property 1
BrowserTestBase::$originalContainer protected property The original container.
BrowserTestBase::$originalShutdownCallbacks protected property The original array of shutdown function callbacks.
BrowserTestBase::$preserveGlobalState protected property
BrowserTestBase::$profile protected property The profile to install as a basis for testing. 39
BrowserTestBase::$root protected property The app root.
BrowserTestBase::$runTestInSeparateProcess protected property Browser tests are run in separate processes to prevent collisions between
code that may be loaded by tests.
BrowserTestBase::$timeLimit protected property Time limit in seconds for the test.
BrowserTestBase::$translationFilesDirectory protected property The translation file directory for the test environment.
BrowserTestBase::cleanupEnvironment protected function Clean up the Simpletest environment.
BrowserTestBase::config protected function Configuration accessor for tests. Returns non-overridden configuration.
BrowserTestBase::cssSelectToXpath protected function Translates a CSS expression to its XPath equivalent.
BrowserTestBase::drupalGetHeader protected function Gets the value of an HTTP response header.
BrowserTestBase::drupalGetHeaders Deprecated protected function Returns all response headers.
BrowserTestBase::filePreDeleteCallback public static function Ensures test files are deletable.
BrowserTestBase::getDefaultDriverInstance protected function Gets an instance of the default Mink driver.
BrowserTestBase::getDrupalSettings protected function Gets the JavaScript drupalSettings variable for the currently-loaded page. 1
BrowserTestBase::getHttpClient protected function Obtain the HTTP client for the system under test.
BrowserTestBase::getMinkDriverArgs protected function Get the Mink driver args from an environment variable, if it is set. Can
be overridden in a derived class so it is possible to use a different
value for a subset of tests, e.g. the JavaScript tests. 		1
BrowserTestBase::getOptions protected function Helper function to get the options of select field.
BrowserTestBase::getResponseLogHandler protected function Provides a Guzzle middleware handler to log every response received. Overrides BrowserHtmlDebugTrait::getResponseLogHandler
BrowserTestBase::getSession public function Returns Mink session.
BrowserTestBase::getSessionCookies protected function Get session cookies from current session.
BrowserTestBase::getTestMethodCaller protected function Retrieves the current calling line in the class under test. Overrides BrowserHtmlDebugTrait::getTestMethodCaller
BrowserTestBase::initFrontPage protected function Visits the front page when initializing Mink. 3
BrowserTestBase::initMink protected function Initializes Mink sessions. 1
BrowserTestBase::installDrupal public function Installs Drupal into the Simpletest site. 1
BrowserTestBase::registerSessions protected function Registers additional Mink sessions.
BrowserTestBase::tearDown protected function 3
BrowserTestBase::translatePostValues protected function Transforms a nested array into a flat array suitable for drupalPostForm().
BrowserTestBase::xpath protected function Performs an xpath search on the contents of the internal browser.
BrowserTestBase::__construct public function 1
BrowserTestBase::__sleep public function Prevents serializing any properties.
ConfigTestTrait::configImporter protected function Returns a ConfigImporter object to import test configuration.
ConfigTestTrait::copyConfig protected function Copies configuration objects from source storage to target storage.
ContentTypeCreationTrait::createContentType protected function Creates a custom content type based on default settings. Aliased as: drupalCreateContentType 1
FunctionalTestSetupTrait::$apcuEnsureUniquePrefix protected property The flag to set &#039;apcu_ensure_unique_prefix&#039; setting. 1
FunctionalTestSetupTrait::$classLoader protected property The class loader to use for installation and initialization of setup.
FunctionalTestSetupTrait::$configDirectories Deprecated protected property The config directories used in this test.
FunctionalTestSetupTrait::$rootUser protected property The &quot;#1&quot; admin user.
FunctionalTestSetupTrait::doInstall protected function Execute the non-interactive installer. 1
FunctionalTestSetupTrait::getDatabaseTypes protected function Returns all supported database driver installer objects.
FunctionalTestSetupTrait::initConfig protected function Initialize various configurations post-installation. 2
FunctionalTestSetupTrait::initKernel protected function Initializes the kernel after installation.
FunctionalTestSetupTrait::initSettings protected function Initialize settings created during install.
FunctionalTestSetupTrait::initUserSession protected function Initializes user 1 for the site to be installed.
FunctionalTestSetupTrait::installDefaultThemeFromClassProperty protected function Installs the default theme defined by `static::$defaultTheme` when needed.
FunctionalTestSetupTrait::installModulesFromClassProperty protected function Install modules defined by `static::$modules`. 1
FunctionalTestSetupTrait::installParameters protected function Returns the parameters that will be used when Simpletest installs Drupal. 9
FunctionalTestSetupTrait::prepareEnvironment protected function Prepares the current environment for running the test. 23
FunctionalTestSetupTrait::prepareRequestForGenerator protected function Creates a mock request and sets it on the generator.
FunctionalTestSetupTrait::prepareSettings protected function Prepares site settings and services before installation. 2
FunctionalTestSetupTrait::rebuildAll protected function Resets and rebuilds the environment after setup.
FunctionalTestSetupTrait::rebuildContainer protected function Rebuilds \Drupal::getContainer().
FunctionalTestSetupTrait::resetAll protected function Resets all data structures after having enabled new modules.
FunctionalTestSetupTrait::setContainerParameter protected function Changes parameters in the services.yml file.
FunctionalTestSetupTrait::setupBaseUrl protected function Sets up the base URL based upon the environment variable.
FunctionalTestSetupTrait::writeSettings protected function Rewrites the settings.php file of the test site.
NodeCreationTrait::createNode protected function Creates a node based on default settings. Aliased as: drupalCreateNode
NodeCreationTrait::getNodeByTitle public function Get a node from the database based on its title. Aliased as: drupalGetNodeByTitle
PhpunitCompatibilityTrait::getMock Deprecated public function Returns a mock object for the specified class using the available method.
PhpunitCompatibilityTrait::setExpectedException Deprecated public function Compatibility layer for PHPUnit 6 to support PHPUnit 4 code.
RandomGeneratorTrait::$randomGenerator protected property The random generator.
RandomGeneratorTrait::getRandomGenerator protected function Gets the random generator for the utility methods.
RandomGeneratorTrait::randomMachineName protected function Generates a unique random string containing letters and numbers. 1
RandomGeneratorTrait::randomObject public function Generates a random PHP object.
RandomGeneratorTrait::randomString public function Generates a pseudo-random string of ASCII characters of codes 32 to 126.
RandomGeneratorTrait::randomStringValidate public function Callback for random string validation.
RefreshVariablesTrait::refreshVariables protected function Refreshes in-memory configuration and state information. 3
SessionTestTrait::$sessionName protected property The name of the session cookie.
SessionTestTrait::generateSessionName protected function Generates a session cookie name.
SessionTestTrait::getSessionName protected function Returns the session name in use on the child site.
StorageCopyTrait::replaceStorageContents protected static function Copy the configuration from one storage to another and remove stale items.
TestRequirementsTrait::checkModuleRequirements private function Checks missing module requirements.
TestRequirementsTrait::checkRequirements protected function Check module requirements for the Drupal use case. 1
TestRequirementsTrait::getDrupalRoot protected static function Returns the Drupal root directory.
TestSetupTrait::$configSchemaCheckerExclusions protected static property An array of config object names that are excluded from schema checking.
TestSetupTrait::$container protected property The dependency injection container used in the test.
TestSetupTrait::$kernel protected property The DrupalKernel instance used in the test.
TestSetupTrait::$originalSite protected property The site directory of the original parent site.
TestSetupTrait::$privateFilesDirectory protected property The private file directory for the test environment.
TestSetupTrait::$publicFilesDirectory protected property The public file directory for the test environment.
TestSetupTrait::$siteDirectory protected property The site directory of this test run.
TestSetupTrait::$strictConfigSchema protected property Set to TRUE to strict check all configuration saved. 2
TestSetupTrait::$tempFilesDirectory protected property The temporary file directory for the test environment.
TestSetupTrait::$testId protected property The test run ID.
TestSetupTrait::changeDatabasePrefix protected function Changes the database connection to the prefixed one.
TestSetupTrait::getConfigSchemaExclusions protected function Gets the config schema exclusions for this test.
TestSetupTrait::getDatabaseConnection public static function Returns the database connection to the site running Simpletest.
TestSetupTrait::prepareDatabasePrefix protected function Generates a database prefix for running tests. 2
UiHelperTrait::$loggedInUser protected property The current user logged in using the Mink controlled browser.
UiHelperTrait::$maximumMetaRefreshCount protected property The number of meta refresh redirects to follow, or NULL if unlimited.
UiHelperTrait::$metaRefreshCount protected property The number of meta refresh redirects followed during ::drupalGet().
UiHelperTrait::assertSession public function Returns WebAssert object. 1
UiHelperTrait::buildUrl protected function Builds an a absolute URL from a system path or a URL object.
UiHelperTrait::checkForMetaRefresh protected function Checks for meta refresh tag and if found call drupalGet() recursively.
UiHelperTrait::click protected function Clicks the element with the given CSS selector.
UiHelperTrait::clickLink protected function Follows a link by complete name.
UiHelperTrait::cssSelect protected function Searches elements using a CSS selector in the raw content.
UiHelperTrait::drupalGet protected function Retrieves a Drupal path or an absolute path. 3
UiHelperTrait::drupalLogin protected function Logs in a user using the Mink controlled browser.
UiHelperTrait::drupalLogout protected function Logs a user out of the Mink controlled browser and confirms.
UiHelperTrait::drupalPostForm protected function Executes a form submission.
UiHelperTrait::drupalUserIsLoggedIn protected function Returns whether a given user account is logged in.
UiHelperTrait::getAbsoluteUrl protected function Takes a path and returns an absolute path.
UiHelperTrait::getTextContent protected function Retrieves the plain-text content from the current page.
UiHelperTrait::getUrl protected function Get the current URL from the browser.
UiHelperTrait::prepareRequest protected function Prepare for a request to testing site. 1
UiHelperTrait::submitForm protected function Fills and submits a form.
UserCreationTrait::checkPermissions protected function Checks whether a given list of permission names is valid.
UserCreationTrait::createAdminRole protected function Creates an administrative role.
UserCreationTrait::createRole protected function Creates a role with specified permissions. Aliased as: drupalCreateRole
UserCreationTrait::createUser protected function Create a user with a given set of permissions. Aliased as: drupalCreateUser
UserCreationTrait::grantPermissions protected function Grant permissions to a user role.
UserCreationTrait::setCurrentUser protected function Switch the current logged in user.
UserCreationTrait::setUpCurrentUser protected function Creates a random user account and sets it as current user.
UserPasswordResetTest::$account protected property The user object to test password resetting.
UserPasswordResetTest::$defaultTheme protected property The theme to install as the default for testing. Overrides BrowserTestBase::$defaultTheme
UserPasswordResetTest::$modules public static property Modules to enable. Overrides BrowserTestBase::$modules
UserPasswordResetTest::assertNoPasswordIpFlood public function Makes assertions about a password reset not triggering IP flood control.
UserPasswordResetTest::assertNoPasswordUserFlood public function Makes assertions about a password reset not triggering user flood control.
UserPasswordResetTest::assertNoValidPasswordReset public function Helper function to make assertions about an invalid password reset.
UserPasswordResetTest::assertPasswordIpFlood public function Makes assertions about a password reset triggering IP flood control.
UserPasswordResetTest::assertPasswordUserFlood public function Makes assertions about a password reset triggering user flood control.
UserPasswordResetTest::assertValidPasswordReset public function Helper function to make assertions about a valid password reset.
UserPasswordResetTest::getResetURL public function Retrieves password reset email and extracts the login link.
UserPasswordResetTest::setUp protected function Overrides BrowserTestBase::setUp
UserPasswordResetTest::testResetImpersonation public function Make sure that users cannot forge password reset URLs of other users.
UserPasswordResetTest::testUserPasswordReset public function Tests password reset functionality.
UserPasswordResetTest::testUserPasswordResetLoggedIn public function Test user password reset while logged in.
UserPasswordResetTest::testUserResetPasswordIpFloodControl public function Tests password reset flood control for one IP.
UserPasswordResetTest::testUserResetPasswordTextboxFilled public function Prefill the text box on incorrect login via link to password reset page.
UserPasswordResetTest::testUserResetPasswordUserFloodControl public function Tests password reset flood control for one user.
UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared public function Tests user password reset flood control is cleared on successful reset.
XdebugRequestTrait::extractCookiesFromRequest protected function Adds xdebug cookies, from request setup.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.