class SessionTestCase

@file Provides SimpleTests for core session handling functionality.

Hierarchy

Expanded class hierarchy of SessionTestCase

File

modules/simpletest/tests/session.test, line 8

View source
class SessionTestCase extends DrupalWebTestCase {
    protected $_logged_in;
    public static function getInfo() {
        return array(
            'name' => 'Session tests',
            'description' => 'Drupal session handling tests.',
            'group' => 'Session',
        );
    }
    function setUp() {
        parent::setUp('session_test');
    }
    
    /**
     * Tests for drupal_save_session() and drupal_session_regenerate().
     */
    function testSessionSaveRegenerate() {
        $this->assertFalse(drupal_save_session(), 'drupal_save_session() correctly returns FALSE (inside of testing framework) when initially called with no arguments.', 'Session');
        $this->assertFalse(drupal_save_session(FALSE), 'drupal_save_session() correctly returns FALSE when called with FALSE.', 'Session');
        $this->assertFalse(drupal_save_session(), 'drupal_save_session() correctly returns FALSE when saving has been disabled.', 'Session');
        $this->assertTrue(drupal_save_session(TRUE), 'drupal_save_session() correctly returns TRUE when called with TRUE.', 'Session');
        $this->assertTrue(drupal_save_session(), 'drupal_save_session() correctly returns TRUE when saving has been enabled.', 'Session');
        // Test session hardening code from SA-2008-044.
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        // Enable sessions.
        $this->sessionReset($user->uid);
        // Make sure the session cookie is set as HttpOnly.
        $this->drupalLogin($user);
        $this->assertTrue(preg_match('/HttpOnly/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as HttpOnly.');
        $this->drupalLogout();
        // Verify that the session is regenerated if a module calls exit
        // in hook_user_login().
        user_save($user, array(
            'name' => 'session_test_user',
        ));
        $user->name = 'session_test_user';
        $this->drupalGet('session-test/id');
        $matches = array();
        preg_match('/\\s*session_id:(.*)\\n/', $this->drupalGetContent(), $matches);
        $this->assertTrue(!empty($matches[1]), 'Found session ID before logging in.');
        $original_session = $matches[1];
        // We cannot use $this->drupalLogin($user); because we exit in
        // session_test_user_login() which breaks a normal assertion.
        $edit = array(
            'name' => $user->name,
            'pass' => $user->pass_raw,
        );
        $this->drupalPost('user', $edit, t('Log in'));
        $this->drupalGet('user');
        $pass = $this->assertText($user->name, format_string('Found name: %name', array(
            '%name' => $user->name,
        )), 'User login');
        $this->_logged_in = $pass;
        $this->drupalGet('session-test/id');
        $matches = array();
        preg_match('/\\s*session_id:(.*)\\n/', $this->drupalGetContent(), $matches);
        $this->assertTrue(!empty($matches[1]), 'Found session ID after logging in.');
        $this->assertTrue($matches[1] != $original_session, 'Session ID changed after login.');
    }
    
    /**
     * Test data persistence via the session_test module callbacks.
     */
    function testDataPersistence() {
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        // Enable sessions.
        $this->sessionReset($user->uid);
        $this->drupalLogin($user);
        $value_1 = $this->randomName();
        $this->drupalGet('session-test/set/' . $value_1);
        $this->assertText($value_1, 'The session value was stored.', 'Session');
        $this->drupalGet('session-test/get');
        $this->assertText($value_1, 'Session correctly returned the stored data for an authenticated user.', 'Session');
        // Attempt to write over val_1. If drupal_save_session(FALSE) is working.
        // properly, val_1 will still be set.
        $value_2 = $this->randomName();
        $this->drupalGet('session-test/no-set/' . $value_2);
        $this->assertText($value_2, 'The session value was correctly passed to session-test/no-set.', 'Session');
        $this->drupalGet('session-test/get');
        $this->assertText($value_1, 'Session data is not saved for drupal_save_session(FALSE).', 'Session');
        // Switch browser cookie to anonymous user, then back to user 1.
        $this->sessionReset();
        $this->sessionReset($user->uid);
        $this->assertText($value_1, 'Session data persists through browser close.', 'Session');
        // Logout the user and make sure the stored value no longer persists.
        $this->drupalLogout();
        $this->sessionReset();
        $this->drupalGet('session-test/get');
        $this->assertNoText($value_1, "After logout, previous user's session data is not available.", 'Session');
        // Now try to store some data as an anonymous user.
        $value_3 = $this->randomName();
        $this->drupalGet('session-test/set/' . $value_3);
        $this->assertText($value_3, 'Session data stored for anonymous user.', 'Session');
        $this->drupalGet('session-test/get');
        $this->assertText($value_3, 'Session correctly returned the stored data for an anonymous user.', 'Session');
        // Try to store data when drupal_save_session(FALSE).
        $value_4 = $this->randomName();
        $this->drupalGet('session-test/no-set/' . $value_4);
        $this->assertText($value_4, 'The session value was correctly passed to session-test/no-set.', 'Session');
        $this->drupalGet('session-test/get');
        $this->assertText($value_3, 'Session data is not saved for drupal_save_session(FALSE).', 'Session');
        // Login, the data should persist.
        $this->drupalLogin($user);
        $this->sessionReset($user->uid);
        $this->drupalGet('session-test/get');
        $this->assertNoText($value_1, 'Session has persisted for an authenticated user after logging out and then back in.', 'Session');
        // Change session and create another user.
        $user2 = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->sessionReset($user2->uid);
        $this->drupalLogin($user2);
    }
    
    /**
     * Test that empty anonymous sessions are destroyed.
     */
    function testEmptyAnonymousSession() {
        // Verify that no session is automatically created for anonymous user.
        $this->drupalGet('');
        $this->assertSessionCookie(FALSE);
        $this->assertSessionEmpty(TRUE);
        // The same behavior is expected when caching is enabled.
        variable_set('cache', 1);
        $this->drupalGet('');
        $this->assertSessionCookie(FALSE);
        $this->assertSessionEmpty(TRUE);
        $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'MISS', 'Page was not cached.');
        // Start a new session by setting a message.
        $this->drupalGet('session-test/set-message');
        $this->assertSessionCookie(TRUE);
        $this->assertTrue($this->drupalGetHeader('Set-Cookie'), 'New session was started.');
        // Display the message, during the same request the session is destroyed
        // and the session cookie is unset.
        $this->drupalGet('');
        $this->assertSessionCookie(FALSE);
        $this->assertSessionEmpty(FALSE);
        $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Caching was bypassed.');
        $this->assertText(t('This is a dummy message.'), 'Message was displayed.');
        $this->assertTrue(preg_match('/SESS\\w+=deleted/', $this->drupalGetHeader('Set-Cookie')), 'Session cookie was deleted.');
        // Verify that session was destroyed.
        $this->drupalGet('');
        $this->assertSessionCookie(FALSE);
        $this->assertSessionEmpty(TRUE);
        $this->assertNoText(t('This is a dummy message.'), 'Message was not cached.');
        $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
        $this->assertFalse($this->drupalGetHeader('Set-Cookie'), 'New session was not started.');
        // Verify that no session is created if drupal_save_session(FALSE) is called.
        $this->drupalGet('session-test/set-message-but-dont-save');
        $this->assertSessionCookie(FALSE);
        $this->assertSessionEmpty(TRUE);
        // Verify that no message is displayed.
        $this->drupalGet('');
        $this->assertSessionCookie(FALSE);
        $this->assertSessionEmpty(TRUE);
        $this->assertNoText(t('This is a dummy message.'), 'The message was not saved.');
    }
    
    /**
     * Test that sessions are only saved when necessary.
     */
    function testSessionWrite() {
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->drupalLogin($user);
        $sql = 'SELECT u.access, s.timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE u.uid = :uid';
        $times1 = db_query($sql, array(
            ':uid' => $user->uid,
        ))
            ->fetchObject();
        // Before every request we sleep one second to make sure that if the session
        // is saved, its timestamp will change.
        // Modify the session.
        sleep(1);
        $this->drupalGet('session-test/set/foo');
        $times2 = db_query($sql, array(
            ':uid' => $user->uid,
        ))
            ->fetchObject();
        $this->assertEqual($times2->access, $times1->access, 'Users table was not updated.');
        $this->assertNotEqual($times2->timestamp, $times1->timestamp, 'Sessions table was updated.');
        // Write the same value again, i.e. do not modify the session.
        sleep(1);
        $this->drupalGet('session-test/set/foo');
        $times3 = db_query($sql, array(
            ':uid' => $user->uid,
        ))
            ->fetchObject();
        $this->assertEqual($times3->access, $times1->access, 'Users table was not updated.');
        $this->assertEqual($times3->timestamp, $times2->timestamp, 'Sessions table was not updated.');
        // Do not change the session.
        sleep(1);
        $this->drupalGet('');
        $times4 = db_query($sql, array(
            ':uid' => $user->uid,
        ))
            ->fetchObject();
        $this->assertEqual($times4->access, $times3->access, 'Users table was not updated.');
        $this->assertEqual($times4->timestamp, $times3->timestamp, 'Sessions table was not updated.');
        // Force updating of users and sessions table once per second.
        variable_set('session_write_interval', 0);
        $this->drupalGet('');
        $times5 = db_query($sql, array(
            ':uid' => $user->uid,
        ))
            ->fetchObject();
        $this->assertNotEqual($times5->access, $times4->access, 'Users table was updated.');
        $this->assertNotEqual($times5->timestamp, $times4->timestamp, 'Sessions table was updated.');
    }
    
    /**
     * Test that empty session IDs are not allowed.
     */
    function testEmptySessionID() {
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->drupalLogin($user);
        $this->drupalGet('session-test/is-logged-in');
        $this->assertResponse(200, 'User is logged in.');
        // Reset the sid in {sessions} to a blank string. This may exist in the
        // wild in some cases, although we normally prevent it from happening.
        db_query("UPDATE {sessions} SET sid = '' WHERE uid = :uid", array(
            ':uid' => $user->uid,
        ));
        // Send a blank sid in the session cookie, and the session should no longer
        // be valid. Closing the curl handler will stop the previous session ID
        // from persisting.
        $this->curlClose();
        $this->additionalCurlOptions[CURLOPT_COOKIE] = rawurlencode($this->session_name) . '=;';
        $this->drupalGet('session-test/id-from-cookie');
        $this->assertRaw("session_id:\n", 'Session ID is blank as sent from cookie header.');
        // Assert that we have an anonymous session now.
        $this->drupalGet('session-test/is-logged-in');
        $this->assertResponse(403, 'An empty session ID is not allowed.');
    }
    
    /**
     * Test hashing of session ids in the database.
     */
    function testHashedSessionIds() {
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->drupalLogin($user);
        $this->drupalGet('session-test/is-logged-in');
        $this->assertResponse(200, 'User is logged in.');
        $this->drupalGet('session-test/id');
        $matches = array();
        preg_match('/\\s*session_id:(.*)\\n/', $this->drupalGetContent(), $matches);
        $this->assertTrue(!empty($matches[1]), 'Found session ID after logging in.');
        $session_id = $matches[1];
        $this->drupalGet('session-test/id-from-cookie');
        $matches = array();
        preg_match('/\\s*session_id:(.*)\\n/', $this->drupalGetContent(), $matches);
        $this->assertTrue(!empty($matches[1]), 'Found session ID from cookie.');
        $cookie_session_id = $matches[1];
        $this->assertEqual($session_id, $cookie_session_id, 'Session id and cookie session id are the same.');
        $sql = 'SELECT s.sid FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE u.uid = :uid';
        $db_session = db_query($sql, array(
            ':uid' => $user->uid,
        ))
            ->fetchObject();
        $this->assertNotEqual($db_session->sid, $cookie_session_id, 'Session id in the database is not the same as in the session cookie.');
        $this->assertEqual($db_session->sid, drupal_hash_base64($cookie_session_id), 'Session id in the database is the cookie session id hashed.');
    }
    
    /**
     * Test opt-out of hashing of session ids in the database.
     */
    function testHashedSessionIdsOptOut() {
        variable_set('do_not_hash_session_ids', TRUE);
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->drupalLogin($user);
        $this->drupalGet('session-test/is-logged-in');
        $this->assertResponse(200, 'User is logged in.');
        $this->drupalGet('session-test/id');
        $matches = array();
        preg_match('/\\s*session_id:(.*)\\n/', $this->drupalGetContent(), $matches);
        $this->assertTrue(!empty($matches[1]), 'Found session ID after logging in.');
        $session_id = $matches[1];
        $this->drupalGet('session-test/id-from-cookie');
        $matches = array();
        preg_match('/\\s*session_id:(.*)\\n/', $this->drupalGetContent(), $matches);
        $this->assertTrue(!empty($matches[1]), 'Found session ID from cookie.');
        $cookie_session_id = $matches[1];
        $this->assertEqual($session_id, $cookie_session_id, 'Session id and cookie session id are the same.');
        $sql = 'SELECT s.sid FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE u.uid = :uid';
        $db_session = db_query($sql, array(
            ':uid' => $user->uid,
        ))
            ->fetchObject();
        $this->assertEqual($db_session->sid, $cookie_session_id, 'Session id in the database is the same as in the session cookie.');
        $this->assertNotEqual($db_session->sid, drupal_hash_base64($cookie_session_id), 'Session id in the database is not the cookie session id hashed.');
    }
    
    /**
     * Test absence of SameSite attribute on session cookies by default.
     */
    function testNoSameSiteCookieAttributeDefault() {
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->sessionReset($user->uid);
        if (\PHP_VERSION_ID < 70300) {
            $this->drupalLogin($user);
        }
        else {
            // PHP often defaults to an empty value for session.cookie_samesite but
            // that may vary, so we set an explicit empty value.
            // Send our own login POST so that we can pass a custom header to trigger
            // session_test.module to call ini_set('session.cookie_samesite', $value)
            $headers[] = 'X-Session-Cookie-Ini-Set: *EMPTY*';
            $edit = array(
                'name' => $user->name,
                'pass' => $user->pass_raw,
            );
            $this->drupalPost('user', $edit, t('Log in'), array(), $headers);
        }
        $this->assertFalse(preg_match('/SameSite=/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie has no SameSite attribute (default).');
    }
    
    /**
     * Test SameSite attribute = None by default on Secure session cookies.
     */
    function testSameSiteCookieAttributeNoneSecure() {
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->sessionReset($user->uid);
        $headers = array();
        if (\PHP_VERSION_ID >= 70300) {
            // Send our own login POST so that we can pass a custom header to trigger
            // session_test.module to call ini_set('session.cookie_samesite', $value)
            $headers[] = 'X-Session-Cookie-Ini-Set: None';
        }
        // Test HTTPS session handling by altering the form action to submit the
        // login form through https.php, which creates a mock HTTPS request.
        $this->drupalGet('user');
        $form = $this->xpath('//form[@id="user-login"]');
        $form[0]['action'] = $this->httpsUrl('user');
        $edit = array(
            'name' => $user->name,
            'pass' => $user->pass_raw,
        );
        $this->drupalPost(NULL, $edit, t('Log in'), array(), $headers);
        $this->assertTrue(preg_match('/SameSite=None/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as SameSite=None.');
    }
    
    /**
     * Test SameSite attribute = None on session cookies.
     */
    function testSameSiteCookieAttributeNone() {
        variable_set('samesite_cookie_value', 'None');
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->sessionReset($user->uid);
        $this->drupalLogin($user);
        $this->assertTrue(preg_match('/SameSite=None/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as SameSite=None.');
    }
    
    /**
     * Test SameSite attribute = Lax on session cookies.
     */
    function testSameSiteCookieAttributeLax() {
        variable_set('samesite_cookie_value', 'Lax');
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->sessionReset($user->uid);
        $this->drupalLogin($user);
        $this->assertTrue(preg_match('/SameSite=Lax/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as SameSite=Lax.');
    }
    
    /**
     * Test SameSite attribute = Strict on session cookies.
     */
    function testSameSiteCookieAttributeStrict() {
        variable_set('samesite_cookie_value', 'Strict');
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->sessionReset($user->uid);
        $this->drupalLogin($user);
        $this->assertTrue(preg_match('/SameSite=Strict/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as SameSite=Strict.');
    }
    
    /**
     * Test disabling the samesite attribute on session cookies via $conf
     */
    function testSameSiteCookieAttributeDisabledViaConf() {
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->sessionReset($user->uid);
        variable_set('samesite_cookie_value', FALSE);
        if (\PHP_VERSION_ID < 70300) {
            // There is no session.cookie_samesite in earlier PHP versions.
            $this->drupalLogin($user);
        }
        else {
            // Send our own login POST so that we can pass a custom header to trigger
            // session_test.module to call ini_set('session.cookie_samesite', $value)
            $headers[] = 'X-Session-Cookie-Ini-Set: Lax';
            $edit = array(
                'name' => $user->name,
                'pass' => $user->pass_raw,
            );
            $this->drupalPost('user', $edit, t('Log in'), array(), $headers);
        }
        $this->assertFalse(preg_match('/SameSite=/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie has no SameSite attribute (conf).');
    }
    
    /**
     * Test disabling the samesite attribute on session cookies via php ini
     */
    function testSameSiteCookieAttributeDisabledViaPhpIni() {
        if (\PHP_VERSION_ID < 70300) {
            // There is no session.cookie_samesite in earlier PHP versions.
            $this->pass('This test is only for PHP 7.3 and later.');
            return;
        }
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        // Send our own login POST so that we can pass a custom header to trigger
        // session_test.module to call ini_set('session.cookie_samesite', $value)
        $headers[] = 'X-Session-Cookie-Ini-Set: *EMPTY*';
        $edit = array(
            'name' => $user->name,
            'pass' => $user->pass_raw,
        );
        $this->drupalPost('user', $edit, t('Log in'), array(), $headers);
        $this->assertFalse(preg_match('/SameSite=/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie has no SameSite attribute (ini).');
    }
    
    /**
     * Test that a PHP setting for session.cookie_samesite is not overridden by
     * the default value in Drupal, without a samesite_cookie_value variable.
     */
    function testSamesiteCookiePhpSettingLax() {
        if (\PHP_VERSION_ID < 70300) {
            // There is no session.cookie_samesite in earlier PHP versions.
            $this->pass('This test is only for PHP 7.3 and later.');
            return;
        }
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        // Send our own login POST so that we can pass a custom header to trigger
        // session_test.module to call ini_set('session.cookie_samesite', $value)
        $headers[] = 'X-Session-Cookie-Ini-Set: Lax';
        $edit = array(
            'name' => $user->name,
            'pass' => $user->pass_raw,
        );
        $this->drupalPost('user', $edit, t('Log in'), array(), $headers);
        $this->assertTrue(preg_match('/SameSite=Lax/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as SameSite=Lax.');
    }
    
    /**
     * Test overriding the PHP setting for session.cookie_samesite with the
     * samesite_cookie_value variable.
     */
    function testSamesiteCookieOverrideLaxToStrict() {
        if (\PHP_VERSION_ID < 70300) {
            // There is no session.cookie_samesite in earlier PHP versions.
            $this->pass('This test is only for PHP 7.3 and later.');
            return;
        }
        variable_set('samesite_cookie_value', 'Strict');
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        // Send our own login POST so that we can pass a custom header to trigger
        // session_test.module to call ini_set('session.cookie_samesite', $value)
        $headers[] = 'X-Session-Cookie-Ini-Set: Lax';
        $edit = array(
            'name' => $user->name,
            'pass' => $user->pass_raw,
        );
        $this->drupalPost('user', $edit, t('Log in'), array(), $headers);
        $this->assertTrue(preg_match('/SameSite=Strict/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as SameSite=Strict.');
    }
    
    /**
     * Test SameSite attribute = Lax on set-cookie header on logout.
     */
    function testSamesiteCookieLogoutLax() {
        variable_set('samesite_cookie_value', 'Lax');
        $user = $this->drupalCreateUser(array(
            'access content',
        ));
        $this->sessionReset($user->uid);
        $this->drupalLogin($user);
        $this->drupalGet('user/logout');
        $this->assertTrue(preg_match('/SameSite=Lax/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie deletion includes SameSite=Lax.');
    }
    
    /**
     * Reset the cookie file so that it refers to the specified user.
     *
     * @param $uid User id to set as the active session.
     */
    function sessionReset($uid = 0) {
        // Close the internal browser.
        $this->curlClose();
        $this->loggedInUser = FALSE;
        // Change cookie file for user.
        $this->cookieFile = file_stream_wrapper_get_instance_by_scheme('temporary')->getDirectoryPath() . '/cookie.' . $uid . '.txt';
        $this->additionalCurlOptions[CURLOPT_COOKIEFILE] = $this->cookieFile;
        $this->additionalCurlOptions[CURLOPT_COOKIESESSION] = TRUE;
        $this->drupalGet('session-test/get');
        $this->assertResponse(200, 'Session test module is correctly enabled.', 'Session');
    }
    
    /**
     * Assert whether the SimpleTest browser sent a session cookie.
     */
    function assertSessionCookie($sent) {
        if ($sent) {
            $this->assertNotNull($this->session_id, 'Session cookie was sent.');
        }
        else {
            $this->assertNull($this->session_id, 'Session cookie was not sent.');
        }
    }
    
    /**
     * Assert whether $_SESSION is empty at the beginning of the request.
     */
    function assertSessionEmpty($empty) {
        if ($empty) {
            $this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '1', 'Session was empty.');
        }
        else {
            $this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '0', 'Session was not empty.');
        }
    }
    
    /**
     * Builds a URL for submitting a mock HTTPS request to HTTP test environments.
     *
     * @param $url
     *   A Drupal path such as 'user'.
     *
     * @return
     *   An absolute URL.
     */
    protected function httpsUrl($url) {
        global $base_url;
        return $base_url . '/modules/simpletest/tests/https.php?q=' . $url;
    }

}

Members

Title Sort descending Modifiers Object type Summary Overriden Title Overrides
DrupalTestCase::$assertions protected property Assertions thrown in that test case.
DrupalTestCase::$databasePrefix protected property The database prefix of this test run.
DrupalTestCase::$originalFileDirectory protected property The original file directory, before it was changed for testing purposes.
DrupalTestCase::$originalLanguage protected property The original language.
DrupalTestCase::$originalLanguageDefault protected property The original default language.
DrupalTestCase::$originalTheme protected property The original theme.
DrupalTestCase::$originalThemeKey protected property The original theme key.
DrupalTestCase::$originalThemePath protected property The original theme path.
DrupalTestCase::$results public property Current results of this test case.
DrupalTestCase::$setup protected property Flag to indicate whether the test has been set up.
DrupalTestCase::$setupDatabasePrefix protected property
DrupalTestCase::$setupEnvironment protected property
DrupalTestCase::$skipClasses protected property This class is skipped when looking for the source of an assertion.
DrupalTestCase::$testId protected property The test run ID.
DrupalTestCase::$timeLimit protected property Time limit for the test.
DrupalTestCase::$useSetupInstallationCache public property Whether to cache the installation part of the setUp() method.
DrupalTestCase::$useSetupModulesCache public property Whether to cache the modules installation part of the setUp() method.
DrupalTestCase::$verboseDirectoryUrl protected property URL to the verbose output file directory.
DrupalTestCase::assert protected function Internal helper: stores the assert.
DrupalTestCase::assertEqual protected function Check to see if two values are equal.
DrupalTestCase::assertFalse protected function Check to see if a value is false (an empty string, 0, NULL, or FALSE).
DrupalTestCase::assertIdentical protected function Check to see if two values are identical.
DrupalTestCase::assertNotEqual protected function Check to see if two values are not equal.
DrupalTestCase::assertNotIdentical protected function Check to see if two values are not identical.
DrupalTestCase::assertNotNull protected function Check to see if a value is not NULL.
DrupalTestCase::assertNull protected function Check to see if a value is NULL.
DrupalTestCase::assertTrue protected function Check to see if a value is not false (not an empty string, 0, NULL, or FALSE).
DrupalTestCase::deleteAssert public static function Delete an assertion record by message ID.
DrupalTestCase::error protected function Fire an error assertion. 1
DrupalTestCase::errorHandler public function Handle errors during test runs. 1
DrupalTestCase::exceptionHandler protected function Handle exceptions.
DrupalTestCase::fail protected function Fire an assertion that is always negative.
DrupalTestCase::generatePermutations public static function Converts a list of possible parameters into a stack of permutations.
DrupalTestCase::getAssertionCall protected function Cycles through backtrace until the first non-assertion method is found.
DrupalTestCase::getDatabaseConnection public static function Returns the database connection to the site running Simpletest.
DrupalTestCase::insertAssert public static function Store an assertion from outside the testing context.
DrupalTestCase::pass protected function Fire an assertion that is always positive.
DrupalTestCase::randomName public static function Generates a random string containing letters and numbers.
DrupalTestCase::randomString public static function Generates a random string of ASCII characters of codes 32 to 126.
DrupalTestCase::run public function Run all tests in this class.
DrupalTestCase::verbose protected function Logs a verbose message in a text file.
DrupalWebTestCase::$additionalCurlOptions protected property Additional cURL options.
DrupalWebTestCase::$content protected property The content of the page currently loaded in the internal browser.
DrupalWebTestCase::$cookieFile protected property The current cookie file used by cURL.
DrupalWebTestCase::$cookies protected property The cookies of the page currently loaded in the internal browser.
DrupalWebTestCase::$curlHandle protected property The handle of the current cURL connection.
DrupalWebTestCase::$drupalSettings protected property The value of the Drupal.settings JavaScript variable for the page currently loaded in the internal browser.
DrupalWebTestCase::$elements protected property The parsed version of the page.
DrupalWebTestCase::$generatedTestFiles protected property Whether the files were copied to the test files directory.
DrupalWebTestCase::$headers protected property The headers of the page currently loaded in the internal browser.
DrupalWebTestCase::$httpauth_credentials protected property HTTP authentication credentials (&lt;username&gt;:&lt;password&gt;).
DrupalWebTestCase::$httpauth_method protected property HTTP authentication method
DrupalWebTestCase::$loggedInUser protected property The current user logged in using the internal browser.
DrupalWebTestCase::$originalCleanUrl protected property The original clean_url variable value.
DrupalWebTestCase::$originalLanguageUrl protected property The original language URL.
DrupalWebTestCase::$originalProfile protected property The original active installation profile.
DrupalWebTestCase::$originalShutdownCallbacks protected property The original shutdown handlers array, before it was cleaned for testing purposes.
DrupalWebTestCase::$originalUser protected property The original user, before it was changed to a clean uid = 1 for testing purposes.
DrupalWebTestCase::$plainTextContent protected property The content of the page currently loaded in the internal browser (plain text version).
DrupalWebTestCase::$private_files_directory protected property The private files directory created for testing purposes.
DrupalWebTestCase::$profile protected property The profile to install as a basis for testing. 20
DrupalWebTestCase::$public_files_directory protected property The public files directory created for testing purposes.
DrupalWebTestCase::$redirect_count protected property The number of redirects followed during the handling of a request.
DrupalWebTestCase::$session_id protected property The current session ID, if available.
DrupalWebTestCase::$session_name protected property The current session name, if available.
DrupalWebTestCase::$temp_files_directory protected property The temporary files directory created for testing purposes.
DrupalWebTestCase::$url protected property The URL currently loaded in the internal browser.
DrupalWebTestCase::assertField protected function Asserts that a field exists with the given name or ID.
DrupalWebTestCase::assertFieldById protected function Asserts that a field exists in the current page with the given ID and value.
DrupalWebTestCase::assertFieldByName protected function Asserts that a field exists in the current page with the given name and value.
DrupalWebTestCase::assertFieldByXPath protected function Asserts that a field exists in the current page by the given XPath.
DrupalWebTestCase::assertFieldChecked protected function Asserts that a checkbox field in the current page is checked.
DrupalWebTestCase::assertLink protected function Pass if a link with the specified label is found, and optional with the
specified index.
DrupalWebTestCase::assertLinkByHref protected function Pass if a link containing a given href (part) is found.
DrupalWebTestCase::assertMail protected function Asserts that the most recently sent e-mail message has the given value.
DrupalWebTestCase::assertMailPattern protected function Asserts that the most recently sent e-mail message has the pattern in it.
DrupalWebTestCase::assertMailString protected function Asserts that the most recently sent e-mail message has the string in it.
DrupalWebTestCase::assertNoDuplicateIds protected function Asserts that each HTML ID is used for just a single element.
DrupalWebTestCase::assertNoField protected function Asserts that a field does not exist with the given name or ID.
DrupalWebTestCase::assertNoFieldById protected function Asserts that a field does not exist with the given ID and value.
DrupalWebTestCase::assertNoFieldByName protected function Asserts that a field does not exist with the given name and value.
DrupalWebTestCase::assertNoFieldByXPath protected function Asserts that a field doesn&#039;t exist or its value doesn&#039;t match, by XPath.
DrupalWebTestCase::assertNoFieldChecked protected function Asserts that a checkbox field in the current page is not checked.
DrupalWebTestCase::assertNoLink protected function Pass if a link with the specified label is not found.
DrupalWebTestCase::assertNoLinkByHref protected function Pass if a link containing a given href (part) is not found.
DrupalWebTestCase::assertNoOptionSelected protected function Asserts that a select option in the current page is not checked.
DrupalWebTestCase::assertNoPattern protected function Will trigger a pass if the perl regex pattern is not present in raw content.
DrupalWebTestCase::assertNoRaw protected function Pass if the raw text is NOT found on the loaded page, fail otherwise. Raw text
refers to the raw HTML that the page generated.
DrupalWebTestCase::assertNoResponse protected function Asserts the page did not return the specified response code.
DrupalWebTestCase::assertNoText protected function Pass if the text is NOT found on the text version of the page. The text version
is the equivalent of what a user would see when viewing through a web browser.
In other words the HTML has been filtered out of the contents.
DrupalWebTestCase::assertNoTitle protected function Pass if the page title is not the given string.
DrupalWebTestCase::assertNoUniqueText protected function Pass if the text is found MORE THAN ONCE on the text version of the page.
DrupalWebTestCase::assertOptionSelected protected function Asserts that a select option in the current page is checked.
DrupalWebTestCase::assertPattern protected function Will trigger a pass if the Perl regex pattern is found in the raw content.
DrupalWebTestCase::assertRaw protected function Pass if the raw text IS found on the loaded page, fail otherwise. Raw text
refers to the raw HTML that the page generated.
DrupalWebTestCase::assertResponse protected function Asserts the page responds with the specified response code.
DrupalWebTestCase::assertText protected function Pass if the text IS found on the text version of the page. The text version
is the equivalent of what a user would see when viewing through a web browser.
In other words the HTML has been filtered out of the contents.
DrupalWebTestCase::assertTextHelper protected function Helper for assertText and assertNoText.
DrupalWebTestCase::assertThemeOutput protected function Asserts themed output.
DrupalWebTestCase::assertTitle protected function Pass if the page title is the given string.
DrupalWebTestCase::assertUniqueText protected function Pass if the text is found ONLY ONCE on the text version of the page.
DrupalWebTestCase::assertUniqueTextHelper protected function Helper for assertUniqueText and assertNoUniqueText.
DrupalWebTestCase::assertUrl protected function Pass if the internal browser&#039;s URL matches the given path.
DrupalWebTestCase::buildXPathQuery protected function Builds an XPath query.
DrupalWebTestCase::changeDatabasePrefix protected function Changes the database connection to the prefixed one.
DrupalWebTestCase::checkForMetaRefresh protected function Check for meta refresh tag and if found call drupalGet() recursively. This
function looks for the http-equiv attribute to be set to &quot;Refresh&quot;
and is case-sensitive.
DrupalWebTestCase::checkPermissions protected function Check to make sure that the array of permissions are valid.
DrupalWebTestCase::clickLink protected function Follows a link by name.
DrupalWebTestCase::constructFieldXpath protected function Helper function: construct an XPath for the given set of attributes and value.
DrupalWebTestCase::copySetupCache protected function Copy the setup cache from/to another table and files directory.
DrupalWebTestCase::cronRun protected function Runs cron in the Drupal installed by Simpletest.
DrupalWebTestCase::curlClose protected function Close the cURL handler and unset the handler.
DrupalWebTestCase::curlExec protected function Initializes and executes a cURL request.
DrupalWebTestCase::curlHeaderCallback protected function Reads headers and registers errors received from the tested site.
DrupalWebTestCase::curlInitialize protected function Initializes the cURL connection.
DrupalWebTestCase::drupalCompareFiles protected function Compare two files based on size and file name.
DrupalWebTestCase::drupalCreateContentType protected function Creates a custom content type based on default settings.
DrupalWebTestCase::drupalCreateNode protected function Creates a node based on default settings.
DrupalWebTestCase::drupalCreateRole protected function Creates a role with specified permissions.
DrupalWebTestCase::drupalCreateUser protected function Create a user with a given set of permissions.
DrupalWebTestCase::drupalGet protected function Retrieves a Drupal path or an absolute path.
DrupalWebTestCase::drupalGetAJAX protected function Retrieve a Drupal path or an absolute path and JSON decode the result.
DrupalWebTestCase::drupalGetContent protected function Gets the current raw HTML of requested page.
DrupalWebTestCase::drupalGetHeader protected function Gets the value of an HTTP response header. If multiple requests were
required to retrieve the page, only the headers from the last request will
be checked by default. However, if TRUE is passed as the second argument,
all requests will be processed…
DrupalWebTestCase::drupalGetHeaders protected function Gets the HTTP response headers of the requested page. Normally we are only
interested in the headers returned by the last request. However, if a page
is redirected or HTTP authentication is in use, multiple requests will be
required to retrieve the…
DrupalWebTestCase::drupalGetMails protected function Gets an array containing all e-mails sent during this test case.
DrupalWebTestCase::drupalGetNodeByTitle function Get a node from the database based on its title.
DrupalWebTestCase::drupalGetSettings protected function Gets the value of the Drupal.settings JavaScript variable for the currently loaded page.
DrupalWebTestCase::drupalGetTestFiles protected function Get a list files that can be used in tests.
DrupalWebTestCase::drupalGetToken protected function Generate a token for the currently logged in user.
DrupalWebTestCase::drupalHead protected function Retrieves only the headers for a Drupal path or an absolute path.
DrupalWebTestCase::drupalLogin protected function Log in a user with the internal browser.
DrupalWebTestCase::drupalLogout protected function
DrupalWebTestCase::drupalPost protected function Execute a POST request on a Drupal page.
It will be done as usual POST request with SimpleBrowser.
DrupalWebTestCase::drupalPostAJAX protected function Execute an Ajax submission.
DrupalWebTestCase::drupalSetContent protected function Sets the raw HTML content. This can be useful when a page has been fetched
outside of the internal browser and assertions need to be made on the
returned page.
DrupalWebTestCase::drupalSetSettings protected function Sets the value of the Drupal.settings JavaScript variable for the currently loaded page.
DrupalWebTestCase::getAbsoluteUrl protected function Takes a path and returns an absolute path.
DrupalWebTestCase::getAllOptions protected function Get all option elements, including nested options, in a select.
DrupalWebTestCase::getSelectedItem protected function Get the selected value from a select field.
DrupalWebTestCase::getSetupCacheKey protected function Returns the cache key used for the setup caching.
DrupalWebTestCase::getUrl protected function Get the current URL from the cURL handler.
DrupalWebTestCase::handleForm protected function Handle form input related to drupalPost(). Ensure that the specified fields
exist and attempt to create POST data in the correct manner for the particular
field type.
DrupalWebTestCase::loadSetupCache protected function Copies the cached tables and files for a cached installation setup.
DrupalWebTestCase::parse protected function Parse content returned from curlExec using DOM and SimpleXML.
DrupalWebTestCase::preloadRegistry protected function Preload the registry from the testing site.
DrupalWebTestCase::prepareDatabasePrefix protected function Generates a database prefix for running tests.
DrupalWebTestCase::prepareEnvironment protected function Prepares the current environment for running the test.
DrupalWebTestCase::recursiveDirectoryCopy protected function Recursively copy one directory to another.
DrupalWebTestCase::refreshVariables protected function Refresh the in-memory set of variables. Useful after a page request is made
that changes a variable in a different thread.
1
DrupalWebTestCase::resetAll protected function Reset all data structures after having enabled new modules.
DrupalWebTestCase::storeSetupCache protected function Store the installation setup to a cache.
DrupalWebTestCase::tearDown protected function Delete created files and temporary files directory, delete the tables created by setUp(),
and reset the database prefix.
7
DrupalWebTestCase::verboseEmail protected function Outputs to verbose the most recent $count emails sent.
DrupalWebTestCase::xpath protected function Perform an xpath search on the contents of the internal browser. The search
is relative to the root element (HTML tag normally) of the page.
DrupalWebTestCase::__construct function Constructor for DrupalWebTestCase. Overrides DrupalTestCase::__construct 1
SessionTestCase::$_logged_in protected property
SessionTestCase::assertSessionCookie function Assert whether the SimpleTest browser sent a session cookie.
SessionTestCase::assertSessionEmpty function Assert whether $_SESSION is empty at the beginning of the request.
SessionTestCase::getInfo public static function
SessionTestCase::httpsUrl protected function Builds a URL for submitting a mock HTTPS request to HTTP test environments.
SessionTestCase::sessionReset function Reset the cookie file so that it refers to the specified user.
SessionTestCase::setUp function Sets up a Drupal site for running functional and integration tests. Overrides DrupalWebTestCase::setUp
SessionTestCase::testDataPersistence function Test data persistence via the session_test module callbacks.
SessionTestCase::testEmptyAnonymousSession function Test that empty anonymous sessions are destroyed.
SessionTestCase::testEmptySessionID function Test that empty session IDs are not allowed.
SessionTestCase::testHashedSessionIds function Test hashing of session ids in the database.
SessionTestCase::testHashedSessionIdsOptOut function Test opt-out of hashing of session ids in the database.
SessionTestCase::testNoSameSiteCookieAttributeDefault function Test absence of SameSite attribute on session cookies by default.
SessionTestCase::testSameSiteCookieAttributeDisabledViaConf function Test disabling the samesite attribute on session cookies via $conf
SessionTestCase::testSameSiteCookieAttributeDisabledViaPhpIni function Test disabling the samesite attribute on session cookies via php ini
SessionTestCase::testSameSiteCookieAttributeLax function Test SameSite attribute = Lax on session cookies.
SessionTestCase::testSameSiteCookieAttributeNone function Test SameSite attribute = None on session cookies.
SessionTestCase::testSameSiteCookieAttributeNoneSecure function Test SameSite attribute = None by default on Secure session cookies.
SessionTestCase::testSameSiteCookieAttributeStrict function Test SameSite attribute = Strict on session cookies.
SessionTestCase::testSamesiteCookieLogoutLax function Test SameSite attribute = Lax on set-cookie header on logout.
SessionTestCase::testSamesiteCookieOverrideLaxToStrict function Test overriding the PHP setting for session.cookie_samesite with the
samesite_cookie_value variable.
SessionTestCase::testSamesiteCookiePhpSettingLax function Test that a PHP setting for session.cookie_samesite is not overridden by
the default value in Drupal, without a samesite_cookie_value variable.
SessionTestCase::testSessionSaveRegenerate function Tests for drupal_save_session() and drupal_session_regenerate().
SessionTestCase::testSessionWrite function Test that sessions are only saved when necessary.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.