function FormTest::testInputWithInvalidToken

Same name in other branches
  1. 9 core/modules/system/tests/src/Functional/Form/FormTest.php \Drupal\Tests\system\Functional\Form\FormTest::testInputWithInvalidToken()
  2. 8.9.x core/modules/system/tests/src/Functional/Form/FormTest.php \Drupal\Tests\system\Functional\Form\FormTest::testInputWithInvalidToken()
  3. 10 core/modules/system/tests/src/Functional/Form/FormTest.php \Drupal\Tests\system\Functional\Form\FormTest::testInputWithInvalidToken()

Tests that input is retained for safe elements even with an invalid token.

Submits a test form containing several types of form elements.

File

core/modules/system/tests/src/Functional/Form/FormTest.php, line 246

Class

FormTest
Tests various form element validation mechanisms.

Namespace

Drupal\Tests\system\Functional\Form

Code

public function testInputWithInvalidToken() : void {
    // We need to be logged in to have CSRF tokens.
    $account = $this->createUser();
    $this->drupalLogin($account);
    // Submit again with required fields set but an invalid form token and
    // verify that all the values are retained.
    $this->drupalGet(Url::fromRoute('form_test.validate_required'));
    $this->assertSession()
        ->elementExists('css', 'input[name="form_token"]')
        ->setValue('invalid token');
    $random_string = $this->randomString();
    $edit = [
        'textfield' => $random_string,
        'checkboxes[bar]' => TRUE,
        'select' => 'bar',
        'radios' => 'foo',
    ];
    $this->submitForm($edit, 'Submit');
    // Verify that error message is displayed with invalid token even when
    // required fields are filled.
    $this->assertSession()
        ->elementExists('xpath', '//div[contains(@class, "error")]');
    $assert = $this->assertSession();
    $element = $assert->fieldExists('textfield');
    $this->assertEmpty($element->getValue());
    $assert->responseNotContains($random_string);
    $this->assertSession()
        ->pageTextContains('The form has become outdated.');
    // Ensure that we don't use the posted values.
    $this->assertSession()
        ->fieldValueEquals('textfield', '');
    $this->assertSession()
        ->checkboxNotChecked('edit-checkboxes-foo');
    $this->assertSession()
        ->checkboxNotChecked('edit-checkboxes-bar');
    $this->assertTrue($this->assertSession()
        ->optionExists('edit-select', '')
        ->isSelected());
    $this->assertSession()
        ->checkboxNotChecked('edit-radios-foo');
    // Check another form that has a textarea input.
    $this->drupalGet(Url::fromRoute('form_test.required'));
    $this->assertSession()
        ->elementExists('css', 'input[name="form_token"]')
        ->setValue('invalid token');
    $edit = [
        'textfield' => $this->randomString(),
        'textarea' => $this->randomString() . "\n",
    ];
    $this->submitForm($edit, 'Submit');
    // Verify that the error message is displayed with invalid token even when
    // required fields are filled.
    $this->assertSession()
        ->elementExists('xpath', '//div[contains(@class, "error")]');
    $this->assertSession()
        ->pageTextContains('The form has become outdated.');
    $this->assertSession()
        ->fieldValueEquals('textfield', '');
    $this->assertSession()
        ->fieldValueEquals('textarea', '');
    // Check another form that has a number input.
    $this->drupalGet(Url::fromRoute('form_test.number'));
    $this->assertSession()
        ->elementExists('css', 'input[name="form_token"]')
        ->setValue('invalid token');
    $edit = [
        // We choose a random value which is higher than the default value,
        // so we don't accidentally generate the default value.
'integer_step' => mt_rand(6, 100),
    ];
    $this->submitForm($edit, 'Submit');
    // Verify that the error message is displayed with invalid token even when
    // required fields are filled.'
    $this->assertSession()
        ->elementExists('xpath', '//div[contains(@class, "error")]');
    $this->assertSession()
        ->pageTextContains('The form has become outdated.');
    $this->assertSession()
        ->fieldValueEquals('integer_step', 5);
    // Check a form with a URL field
    $this->drupalGet(Url::fromRoute('form_test.url'));
    $this->assertSession()
        ->elementExists('css', 'input[name="form_token"]')
        ->setValue('invalid token');
    $edit = [
        'url' => $this->randomString(),
    ];
    $this->submitForm($edit, 'Submit');
    // Verify that the error message is displayed with invalid token even when
    // required fields are filled.
    $this->assertSession()
        ->elementExists('xpath', '//div[contains(@class, "error")]');
    $this->assertSession()
        ->pageTextContains('The form has become outdated.');
    $this->assertSession()
        ->fieldValueEquals('url', '');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.