function UserBlocksTest::testUserLoginBlock

Tests the user login block.

File

core/modules/user/tests/src/Functional/UserBlocksTest.php, line 73

Class

UserBlocksTest

Tests user blocks.

Namespace

Code

public function testUserLoginBlock() : void {
  // Create a user with some permission that anonymous users lack.
  $user = $this->drupalCreateUser([
    'administer permissions',
  ]);
  // Log in using the block.
  $edit = [];
  $edit['name'] = $user->getAccountName();
  $edit['pass'] = $user->passRaw;
  $this->drupalGet('admin/people/permissions');
  $this->submitForm($edit, 'Log in');
  $this->assertSession()
    ->pageTextNotContains('User login');
  // Check that we are still on the same page.
  $this->assertSession()
    ->addressEquals(Url::fromRoute('user.admin_permissions'));
  // Now, log out and repeat with a non-403 page.
  $this->drupalLogout();
  $this->drupalGet('filter/tips');
  $this->assertSession()
    ->responseHeaderEquals(DynamicPageCacheSubscriber::HEADER, 'MISS');
  $this->submitForm($edit, 'Log in');
  $this->assertSession()
    ->pageTextNotContains('User login');
  // Verify that we are still on the same page after login for allowed page.
  $this->assertSession()
    ->responseMatches('!<title.*?Compose tips.*?</title>!');
  // Log out again and repeat with a non-403 page including query arguments.
  $this->drupalLogout();
  // @todo This test should not check for cache hits. Because it does and the
  // cache has some clever redirect logic internally, we need to request the
  // page twice to see the cache HIT in the headers.
  // @see https://www.drupal.org/project/drupal/issues/2551419 #154
  $this->drupalGet('filter/tips', [
    'query' => [
      'cat' => 'dog',
    ],
  ]);
  $this->drupalGet('filter/tips', [
    'query' => [
      'foo' => 'bar',
    ],
  ]);
  $this->assertSession()
    ->responseHeaderEquals(DynamicPageCacheSubscriber::HEADER, 'HIT');
  $this->submitForm($edit, 'Log in');
  $this->assertSession()
    ->pageTextNotContains('User login');
  // Verify that we are still on the same page after login for allowed page.
  $this->assertSession()
    ->responseMatches('!<title.*?Compose tips.*?</title>!');
  $this->assertStringContainsString('/filter/tips?foo=bar', $this->getUrl(), 'Correct query arguments are displayed after login');
  // Repeat with different query arguments.
  $this->drupalLogout();
  $this->drupalGet('filter/tips', [
    'query' => [
      'foo' => 'baz',
    ],
  ]);
  $this->assertSession()
    ->responseHeaderEquals(DynamicPageCacheSubscriber::HEADER, 'HIT');
  $this->submitForm($edit, 'Log in');
  $this->assertSession()
    ->pageTextNotContains('User login');
  // Verify that we are still on the same page after login for allowed page.
  $this->assertSession()
    ->responseMatches('!<title.*?Compose tips.*?</title>!');
  $this->assertStringContainsString('/filter/tips?foo=baz', $this->getUrl(), 'Correct query arguments are displayed after login');
  // Check that the user login block is not vulnerable to information
  // disclosure to third party sites.
  $this->drupalLogout();
  $this->drupalGet('http://example.com/', [
    'external' => FALSE,
  ]);
  $this->submitForm($edit, 'Log in');
  // Check that we remain on the site after login.
  $this->assertSession()
    ->addressEquals($user->toUrl('canonical'));
  // Verify that form validation errors are displayed immediately for forms
  // in blocks and not on subsequent page requests.
  $this->drupalLogout();
  $edit = [];
  $edit['name'] = 'foo';
  $edit['pass'] = 'invalid password';
  $this->drupalGet('filter/tips');
  $this->submitForm($edit, 'Log in');
  $this->assertSession()
    ->pageTextContains('Unrecognized username or password. Forgot your password?');
  $this->drupalGet('filter/tips');
  $this->assertSession()
    ->pageTextNotContains('Unrecognized username or password. Forgot your password?');
}