Commit 0007ba12 authored by Roderik Muit's avatar Roderik Muit
Browse files

Issue #2997430 by sjerdo, roderik: Caching should be disabled for protected pages.

parent 84ea55b9
Loading
Loading
Loading
Loading
+1 −0
Original line number Diff line number Diff line
@@ -119,6 +119,7 @@ function basic_auth($path, $username, $password, $id = 'basic_auth', $callback =
      if ($password === $_SERVER['PHP_AUTH_PW'] && $username === $_SERVER['PHP_AUTH_USER']) {
        flood_clear_event($event);

        drupal_page_is_cacheable(FALSE);
        return !empty($callback) && is_callable($callback) ? (bool) call_user_func_array($callback, $arguments) : TRUE;
      }

+16 −4
Original line number Diff line number Diff line
@@ -22,6 +22,7 @@ class BasicAuthTest extends \DrupalWebTestCase {
      'path' => 'basic-auth-test',
      'username' => 'views-page',
      'password' => 'passw0rd',
      'result_after_auth' => 200,
    ],
  ];

@@ -72,12 +73,19 @@ class BasicAuthTest extends \DrupalWebTestCase {
  }

  /**
   * Tests configuration through UI.
   * Tests configuration through UI, and availability of cached pages.
   */
  public function testConfigForm() {
    if ($this->createBasicAuthConfigurations(static::DATA)) {
    if ($this->createBasicAuthConfigurations(static::DATA, ['access content'])) {
      $this->validate(static::DATA);
    }
    // A different user should still get an authentication request for the
    // cacheable view (which, in practice, proves that it is not cached).
    $this->drupalLogout();
    $data = array_filter(static::DATA, function ($data) {
      return $data['path'] === 'basic-auth-test';
    });
    $this->validate($data);
  }

  /**
@@ -134,6 +142,9 @@ class BasicAuthTest extends \DrupalWebTestCase {
   */
  protected function validate(array $items) {
    foreach ($items as $item) {
      // The Curl handle somehow remembers if it was granted/denied access
      // last time, which could skew test results. Get a new one.
      unset($this->curlHandle);
      // Visit path, for which was configured basic HTTP authentication.
      $this->drupalGet($item['path']);
      // User should be unauthorized.
@@ -145,8 +156,8 @@ class BasicAuthTest extends \DrupalWebTestCase {
        CURLOPT_HTTPGET => TRUE,
        CURLOPT_USERPWD => sprintf('%s:%s', $item['username'], $item['password']),
      ]);
      // Expected result is 403 because user has not enough Drupal permissions.
      $this->assertResponse(403, sprintf('User has passed basic HTTP authentication for "%s".', $item['path']));
      $expected_result_code = isset($item['result_after_auth']) ? $item['result_after_auth'] : 403;
      $this->assertResponse($expected_result_code, sprintf('User passed basic HTTP authentication for "%s" and received a HTTP %s response.', $item['path'], $expected_result_code));
    }
  }

@@ -171,6 +182,7 @@ class BasicAuthTest extends \DrupalWebTestCase {
    $configs = [];

    foreach ($items as $i => $item) {
      $item = array_intersect_key($item, ['path' => 1, 'username' => 1, 'password' => 1]);
      foreach ($item as $property => $value) {
        $configs["items[$i][$property]"] = $value;
      }
+6 −2
Original line number Diff line number Diff line
@@ -26,8 +26,12 @@ function basic_auth_test_views_default_views() {
  $handler->display->display_options['title'] = 'Basic Auth (Test)';
  $handler->display->display_options['use_more_always'] = FALSE;
  $handler->display->display_options['access']['type'] = 'perm';
  $handler->display->display_options['access']['perm'] = 'administer nodes';
  $handler->display->display_options['cache']['type'] = 'none';
  $handler->display->display_options['access']['perm'] = 'access content';
  $handler->display->display_options['cache']['type'] = 'time';
  $handler->display->display_options['cache']['results_lifespan'] = '3600';
  $handler->display->display_options['cache']['results_lifespan_custom'] = '0';
  $handler->display->display_options['cache']['output_lifespan'] = '3600';
  $handler->display->display_options['cache']['output_lifespan_custom'] = '0';
  $handler->display->display_options['query']['type'] = 'views_query';
  $handler->display->display_options['exposed_form']['type'] = 'basic';
  $handler->display->display_options['pager']['type'] = 'some';