function UserBlocksTest::testUserLoginBlock

Same name in other branches
  1. 8.9.x core/modules/user/tests/src/Functional/UserBlocksTest.php \Drupal\Tests\user\Functional\UserBlocksTest::testUserLoginBlock()
  2. 10 core/modules/user/tests/src/Functional/UserBlocksTest.php \Drupal\Tests\user\Functional\UserBlocksTest::testUserLoginBlock()
  3. 11.x core/modules/user/tests/src/Functional/UserBlocksTest.php \Drupal\Tests\user\Functional\UserBlocksTest::testUserLoginBlock()

Tests the user login block.

File

core/modules/user/tests/src/Functional/UserBlocksTest.php, line 73

Class

UserBlocksTest
Tests user blocks.

Namespace

Drupal\Tests\user\Functional

Code

public function testUserLoginBlock() {
    // Create a user with some permission that anonymous users lack.
    $user = $this->drupalCreateUser([
        'administer permissions',
    ]);
    // Log in using the block.
    $edit = [];
    $edit['name'] = $user->getAccountName();
    $edit['pass'] = $user->passRaw;
    $this->drupalGet('admin/people/permissions');
    $this->submitForm($edit, 'Log in');
    $this->assertSession()
        ->pageTextNotContains('User login');
    // Check that we are still on the same page.
    $this->assertSession()
        ->addressEquals(Url::fromRoute('user.admin_permissions'));
    // Now, log out and repeat with a non-403 page.
    $this->drupalLogout();
    $this->drupalGet('filter/tips');
    $this->assertSession()
        ->responseHeaderEquals(DynamicPageCacheSubscriber::HEADER, 'MISS');
    $this->submitForm($edit, 'Log in');
    $this->assertSession()
        ->pageTextNotContains('User login');
    // Verify that we are still on the same page after login for allowed page.
    $this->assertSession()
        ->responseMatches('!<title.*?Compose tips.*?</title>!');
    // Log out again and repeat with a non-403 page including query arguments.
    $this->drupalLogout();
    $this->drupalGet('filter/tips', [
        'query' => [
            'foo' => 'bar',
        ],
    ]);
    $this->assertSession()
        ->responseHeaderEquals(DynamicPageCacheSubscriber::HEADER, 'HIT');
    $this->submitForm($edit, 'Log in');
    $this->assertSession()
        ->pageTextNotContains('User login');
    // Verify that we are still on the same page after login for allowed page.
    $this->assertSession()
        ->responseMatches('!<title.*?Compose tips.*?</title>!');
    $this->assertStringContainsString('/filter/tips?foo=bar', $this->getUrl(), 'Correct query arguments are displayed after login');
    // Repeat with different query arguments.
    $this->drupalLogout();
    $this->drupalGet('filter/tips', [
        'query' => [
            'foo' => 'baz',
        ],
    ]);
    $this->assertSession()
        ->responseHeaderEquals(DynamicPageCacheSubscriber::HEADER, 'HIT');
    $this->submitForm($edit, 'Log in');
    $this->assertSession()
        ->pageTextNotContains('User login');
    // Verify that we are still on the same page after login for allowed page.
    $this->assertSession()
        ->responseMatches('!<title.*?Compose tips.*?</title>!');
    $this->assertStringContainsString('/filter/tips?foo=baz', $this->getUrl(), 'Correct query arguments are displayed after login');
    // Check that the user login block is not vulnerable to information
    // disclosure to third party sites.
    $this->drupalLogout();
    $this->drupalGet('http://example.com/', [
        'external' => FALSE,
    ]);
    $this->submitForm($edit, 'Log in');
    // Check that we remain on the site after login.
    $this->assertSession()
        ->addressEquals($user->toUrl('canonical'));
    // Verify that form validation errors are displayed immediately for forms
    // in blocks and not on subsequent page requests.
    $this->drupalLogout();
    $edit = [];
    $edit['name'] = 'foo';
    $edit['pass'] = 'invalid password';
    $this->drupalGet('filter/tips');
    $this->submitForm($edit, 'Log in');
    $this->assertSession()
        ->pageTextContains('Unrecognized username or password. Forgot your password?');
    $this->drupalGet('filter/tips');
    $this->assertSession()
        ->pageTextNotContains('Unrecognized username or password. Forgot your password?');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.