function UserBlocksTest::testUserLoginBlock

Same name and namespace in other branches
  1. 9 core/modules/user/tests/src/Functional/UserBlocksTest.php \Drupal\Tests\user\Functional\UserBlocksTest::testUserLoginBlock()
  2. 10 core/modules/user/tests/src/Functional/UserBlocksTest.php \Drupal\Tests\user\Functional\UserBlocksTest::testUserLoginBlock()
  3. 11.x core/modules/user/tests/src/Functional/UserBlocksTest.php \Drupal\Tests\user\Functional\UserBlocksTest::testUserLoginBlock()

Test the user login block.

File

core/modules/user/tests/src/Functional/UserBlocksTest.php, line 71

Class

UserBlocksTest
Tests user blocks.

Namespace

Drupal\Tests\user\Functional

Code

public function testUserLoginBlock() {
  // Create a user with some permission that anonymous users lack.
  $user = $this->drupalCreateUser([
    'administer permissions',
  ]);
  // Log in using the block.
  $edit = [];
  $edit['name'] = $user->getAccountName();
  $edit['pass'] = $user->passRaw;
  $this->drupalPostForm('admin/people/permissions', $edit, t('Log in'));
  $this->assertNoText(t('User login'), 'Logged in.');
  // Check that we are still on the same page.
  $this->assertUrl(Url::fromRoute('user.admin_permissions', [], [
    'absolute' => TRUE,
  ])->toString(), [], 'Still on the same page after login for access denied page');
  // Now, log out and repeat with a non-403 page.
  $this->drupalLogout();
  $this->drupalGet('filter/tips');
  $this->assertEqual('MISS', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
  $this->drupalPostForm(NULL, $edit, t('Log in'));
  $this->assertNoText(t('User login'), 'Logged in.');
  // Verify that we are still on the same page after login for allowed page.
  $this->assertPattern('!<title.*?Compose tips.*?</title>!');
  // Log out again and repeat with a non-403 page including query arguments.
  $this->drupalLogout();
  $this->drupalGet('filter/tips', [
    'query' => [
      'foo' => 'bar',
    ],
  ]);
  $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
  $this->drupalPostForm(NULL, $edit, t('Log in'));
  $this->assertNoText(t('User login'), 'Logged in.');
  // Verify that we are still on the same page after login for allowed page.
  $this->assertPattern('!<title.*?Compose tips.*?</title>!');
  $this->assertStringContainsString('/filter/tips?foo=bar', $this->getUrl(), 'Correct query arguments are displayed after login');
  // Repeat with different query arguments.
  $this->drupalLogout();
  $this->drupalGet('filter/tips', [
    'query' => [
      'foo' => 'baz',
    ],
  ]);
  $this->assertEqual('HIT', $this->drupalGetHeader(DynamicPageCacheSubscriber::HEADER));
  $this->drupalPostForm(NULL, $edit, t('Log in'));
  $this->assertNoText(t('User login'), 'Logged in.');
  // Verify that we are still on the same page after login for allowed page.
  $this->assertPattern('!<title.*?Compose tips.*?</title>!');
  $this->assertStringContainsString('/filter/tips?foo=baz', $this->getUrl(), 'Correct query arguments are displayed after login');
  // Check that the user login block is not vulnerable to information
  // disclosure to third party sites.
  $this->drupalLogout();
  $this->drupalPostForm('http://example.com/', $edit, t('Log in'), [
    'external' => FALSE,
  ]);
  // Check that we remain on the site after login.
  $this->assertUrl($user->toUrl('canonical', [
    'absolute' => TRUE,
  ])
    ->toString(), [], 'Redirected to user profile page after login from the frontpage');
  // Verify that form validation errors are displayed immediately for forms
  // in blocks and not on subsequent page requests.
  $this->drupalLogout();
  $edit = [];
  $edit['name'] = 'foo';
  $edit['pass'] = 'invalid password';
  $this->drupalPostForm('filter/tips', $edit, t('Log in'));
  $this->assertText(t('Unrecognized username or password. Forgot your password?'));
  $this->drupalGet('filter/tips');
  $this->assertNoText(t('Unrecognized username or password. Forgot your password?'));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.