function UserLoginHttpTest::doTestLogin

Same name in other branches
  1. 8.9.x core/modules/user/tests/src/Functional/UserLoginHttpTest.php \Drupal\Tests\user\Functional\UserLoginHttpTest::doTestLogin()
  2. 10 core/modules/user/tests/src/Functional/UserLoginHttpTest.php \Drupal\Tests\user\Functional\UserLoginHttpTest::doTestLogin()
  3. 11.x core/modules/user/tests/src/Functional/UserLoginHttpTest.php \Drupal\Tests\user\Functional\UserLoginHttpTest::doTestLogin()

Do login testing for a given serialization format.

Parameters

string $format: Serialization format.

2 calls to UserLoginHttpTest::doTestLogin()
UserHalLoginHttpTest::testLogin in core/modules/hal/tests/src/Functional/user/UserHalLoginHttpTest.php
Tests user session life cycle.
UserLoginHttpTest::testLogin in core/modules/user/tests/src/Functional/UserLoginHttpTest.php
Tests user session life cycle.

File

core/modules/user/tests/src/Functional/UserLoginHttpTest.php, line 121

Class

UserLoginHttpTest
Tests login and password reset via direct HTTP.

Namespace

Drupal\Tests\user\Functional

Code

protected function doTestLogin($format) {
    $client = \Drupal::httpClient();
    // Create new user for each iteration to reset flood.
    // Grant the user administer users permissions to they can see the
    // 'roles' field.
    $account = $this->drupalCreateUser([
        'administer users',
    ]);
    $name = $account->getAccountName();
    $pass = $account->passRaw;
    $login_status_url = $this->getLoginStatusUrlString($format);
    $response = $client->get($login_status_url);
    $this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_OUT);
    // Flooded.
    $this->config('user.flood')
        ->set('user_limit', 3)
        ->save();
    $response = $this->loginRequest($name, 'wrong-pass', $format);
    $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
    $response = $this->loginRequest($name, 'wrong-pass', $format);
    $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
    $response = $this->loginRequest($name, 'wrong-pass', $format);
    $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
    $response = $this->loginRequest($name, 'wrong-pass', $format);
    $this->assertHttpResponseWithMessage($response, 403, 'Too many failed login attempts from your IP address. This IP address is temporarily blocked.', $format);
    // After testing the flood control we can increase the limit.
    $this->config('user.flood')
        ->set('user_limit', 100)
        ->save();
    $response = $this->loginRequest(NULL, NULL, $format);
    $this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.', $format);
    $response = $this->loginRequest(NULL, $pass, $format);
    $this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.name.', $format);
    $response = $this->loginRequest($name, NULL, $format);
    $this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.pass.', $format);
    // Blocked.
    $account->block()
        ->save();
    $response = $this->loginRequest($name, $pass, $format);
    $this->assertHttpResponseWithMessage($response, 400, 'The user has not been activated or is blocked.', $format);
    $account->activate()
        ->save();
    $response = $this->loginRequest($name, 'garbage', $format);
    $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
    $response = $this->loginRequest('garbage', $pass, $format);
    $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
    $response = $this->loginRequest($name, $pass, $format);
    $this->assertEquals(200, $response->getStatusCode());
    $result_data = $this->serializer
        ->decode($response->getBody(), $format);
    $this->assertEquals($name, $result_data['current_user']['name']);
    $this->assertEquals($account->id(), $result_data['current_user']['uid']);
    $this->assertEquals($account->getRoles(), $result_data['current_user']['roles']);
    $logout_token = $result_data['logout_token'];
    // Logging in while already logged in results in a 403 with helpful message.
    $response = $this->loginRequest($name, $pass, $format);
    $this->assertSame(403, $response->getStatusCode());
    $this->assertSame([
        'message' => 'This route can only be accessed by anonymous users.',
    ], $this->serializer
        ->decode($response->getBody(), $format));
    $response = $client->get($login_status_url, [
        'cookies' => $this->cookies,
    ]);
    $this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_IN);
    $response = $this->logoutRequest($format, $logout_token);
    $this->assertEquals(204, $response->getStatusCode());
    $response = $client->get($login_status_url, [
        'cookies' => $this->cookies,
    ]);
    $this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_OUT);
    $this->resetFlood();
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.