UserSearchTest.php

Same filename in other branches
  1. 9 core/modules/user/tests/src/Functional/UserSearchTest.php
  2. 8.9.x core/modules/user/tests/src/Functional/UserSearchTest.php
  3. 11.x core/modules/user/tests/src/Functional/UserSearchTest.php

Namespace

Drupal\Tests\user\Functional

File

core/modules/user/tests/src/Functional/UserSearchTest.php

View source
<?php

declare (strict_types=1);
namespace Drupal\Tests\user\Functional;

use Drupal\Tests\BrowserTestBase;

/**
 * Verifies that sensitive information is hidden from unauthorized users.
 *
 * @group user
 */
class UserSearchTest extends BrowserTestBase {
    
    /**
     * {@inheritdoc}
     */
    protected static $modules = [
        'search',
    ];
    
    /**
     * {@inheritdoc}
     */
    protected $defaultTheme = 'stark';
    public function testUserSearch() : void {
        // Verify that a user without 'administer users' permission cannot search
        // for users by email address. Additionally, ensure that the username has a
        // plus sign to ensure searching works with that.
        $user1 = $this->drupalCreateUser([
            'access user profiles',
            'search content',
        ], "foo+bar");
        $this->drupalLogin($user1);
        $keys = $user1->getEmail();
        $edit = [
            'keys' => $keys,
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->pageTextContains('Your search yielded no results.');
        $this->assertSession()
            ->pageTextContains('no results');
        // Verify that a non-matching query gives an appropriate message.
        $keys = 'nomatch';
        $edit = [
            'keys' => $keys,
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->pageTextContains('no results');
        // Verify that a user with search permission can search for users by name.
        $keys = $user1->getAccountName();
        $edit = [
            'keys' => $keys,
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->linkExists($keys, 0, 'Search by username worked for non-admin user');
        // Verify that searching by sub-string works too.
        $subkey = substr($keys, 1, 5);
        $edit = [
            'keys' => $subkey,
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->linkExists($keys, 0, 'Search by username substring worked for non-admin user');
        // Verify that wildcard search works.
        $subkey = substr($keys, 0, 2) . '*' . substr($keys, 4, 2);
        $edit = [
            'keys' => $subkey,
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->linkExists($keys, 0, 'Search with wildcard worked for non-admin user');
        // Verify that a user with 'administer users' permission can search by
        // email.
        $user2 = $this->drupalCreateUser([
            'administer users',
            'access user profiles',
            'search content',
        ]);
        $this->drupalLogin($user2);
        $keys = $user2->getEmail();
        $edit = [
            'keys' => $keys,
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->pageTextContains($keys);
        $this->assertSession()
            ->pageTextContains($user2->getAccountName());
        // Verify that a substring works too for email.
        $subkey = substr($keys, 1, 5);
        $edit = [
            'keys' => $subkey,
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->pageTextContains($keys);
        $this->assertSession()
            ->pageTextContains($user2->getAccountName());
        // Verify that wildcard search works for email
        $subkey = substr($keys, 0, 2) . '*' . substr($keys, 4, 2);
        $edit = [
            'keys' => $subkey,
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->pageTextContains($user2->getAccountName());
        // Verify that if they search by user name, they see email address too.
        $keys = $user1->getAccountName();
        $edit = [
            'keys' => $keys,
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->pageTextContains($keys);
        $this->assertSession()
            ->pageTextContains($user1->getEmail());
        // Create a blocked user.
        $blocked_user = $this->drupalCreateUser();
        $blocked_user->block();
        $blocked_user->save();
        // Verify that users with "administer users" permissions can see blocked
        // accounts in search results.
        $edit = [
            'keys' => $blocked_user->getAccountName(),
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->pageTextContains($blocked_user->getAccountName());
        // Verify that users without "administer users" permissions do not see
        // blocked accounts in search results.
        $this->drupalLogin($user1);
        $edit = [
            'keys' => $blocked_user->getAccountName(),
        ];
        $this->drupalGet('search/user');
        $this->submitForm($edit, 'Search');
        $this->assertSession()
            ->pageTextContains('Your search yielded no results.');
        // Ensure that a user without access to user profiles cannot access the
        // user search page.
        $user3 = $this->drupalCreateUser([
            'search content',
        ]);
        $this->drupalLogin($user3);
        $this->drupalGet('search/user');
        $this->assertSession()
            ->statusCodeEquals(403);
        // Ensure that a user without search permission cannot access the user
        // search page.
        $user4 = $this->drupalCreateUser([
            'access user profiles',
        ]);
        $this->drupalLogin($user4);
        $this->drupalGet('search/user');
        $this->assertSession()
            ->statusCodeEquals(403);
        $this->drupalLogout();
    }

}

Classes

Title Deprecated Summary
UserSearchTest Verifies that sensitive information is hidden from unauthorized users.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.