Loading basic_auth.module +1 −0 Original line number Diff line number Diff line Loading @@ -119,6 +119,7 @@ function basic_auth($path, $username, $password, $id = 'basic_auth', $callback = if ($password === $_SERVER['PHP_AUTH_PW'] && $username === $_SERVER['PHP_AUTH_USER']) { flood_clear_event($event); drupal_page_is_cacheable(FALSE); return !empty($callback) && is_callable($callback) ? (bool) call_user_func_array($callback, $arguments) : TRUE; } Loading src/Tests/BasicAuthTest.php +16 −4 Original line number Diff line number Diff line Loading @@ -22,6 +22,7 @@ class BasicAuthTest extends \DrupalWebTestCase { 'path' => 'basic-auth-test', 'username' => 'views-page', 'password' => 'passw0rd', 'result_after_auth' => 200, ], ]; Loading Loading @@ -72,12 +73,19 @@ class BasicAuthTest extends \DrupalWebTestCase { } /** * Tests configuration through UI. * Tests configuration through UI, and availability of cached pages. */ public function testConfigForm() { if ($this->createBasicAuthConfigurations(static::DATA)) { if ($this->createBasicAuthConfigurations(static::DATA, ['access content'])) { $this->validate(static::DATA); } // A different user should still get an authentication request for the // cacheable view (which, in practice, proves that it is not cached). $this->drupalLogout(); $data = array_filter(static::DATA, function ($data) { return $data['path'] === 'basic-auth-test'; }); $this->validate($data); } /** Loading Loading @@ -134,6 +142,9 @@ class BasicAuthTest extends \DrupalWebTestCase { */ protected function validate(array $items) { foreach ($items as $item) { // The Curl handle somehow remembers if it was granted/denied access // last time, which could skew test results. Get a new one. unset($this->curlHandle); // Visit path, for which was configured basic HTTP authentication. $this->drupalGet($item['path']); // User should be unauthorized. Loading @@ -145,8 +156,8 @@ class BasicAuthTest extends \DrupalWebTestCase { CURLOPT_HTTPGET => TRUE, CURLOPT_USERPWD => sprintf('%s:%s', $item['username'], $item['password']), ]); // Expected result is 403 because user has not enough Drupal permissions. $this->assertResponse(403, sprintf('User has passed basic HTTP authentication for "%s".', $item['path'])); $expected_result_code = isset($item['result_after_auth']) ? $item['result_after_auth'] : 403; $this->assertResponse($expected_result_code, sprintf('User passed basic HTTP authentication for "%s" and received a HTTP %s response.', $item['path'], $expected_result_code)); } } Loading @@ -171,6 +182,7 @@ class BasicAuthTest extends \DrupalWebTestCase { $configs = []; foreach ($items as $i => $item) { $item = array_intersect_key($item, ['path' => 1, 'username' => 1, 'password' => 1]); foreach ($item as $property => $value) { $configs["items[$i][$property]"] = $value; } Loading tests/basic_auth_test/basic_auth_test.views_default.inc +6 −2 Original line number Diff line number Diff line Loading @@ -26,8 +26,12 @@ function basic_auth_test_views_default_views() { $handler->display->display_options['title'] = 'Basic Auth (Test)'; $handler->display->display_options['use_more_always'] = FALSE; $handler->display->display_options['access']['type'] = 'perm'; $handler->display->display_options['access']['perm'] = 'administer nodes'; $handler->display->display_options['cache']['type'] = 'none'; $handler->display->display_options['access']['perm'] = 'access content'; $handler->display->display_options['cache']['type'] = 'time'; $handler->display->display_options['cache']['results_lifespan'] = '3600'; $handler->display->display_options['cache']['results_lifespan_custom'] = '0'; $handler->display->display_options['cache']['output_lifespan'] = '3600'; $handler->display->display_options['cache']['output_lifespan_custom'] = '0'; $handler->display->display_options['query']['type'] = 'views_query'; $handler->display->display_options['exposed_form']['type'] = 'basic'; $handler->display->display_options['pager']['type'] = 'some'; Loading Loading
basic_auth.module +1 −0 Original line number Diff line number Diff line Loading @@ -119,6 +119,7 @@ function basic_auth($path, $username, $password, $id = 'basic_auth', $callback = if ($password === $_SERVER['PHP_AUTH_PW'] && $username === $_SERVER['PHP_AUTH_USER']) { flood_clear_event($event); drupal_page_is_cacheable(FALSE); return !empty($callback) && is_callable($callback) ? (bool) call_user_func_array($callback, $arguments) : TRUE; } Loading
src/Tests/BasicAuthTest.php +16 −4 Original line number Diff line number Diff line Loading @@ -22,6 +22,7 @@ class BasicAuthTest extends \DrupalWebTestCase { 'path' => 'basic-auth-test', 'username' => 'views-page', 'password' => 'passw0rd', 'result_after_auth' => 200, ], ]; Loading Loading @@ -72,12 +73,19 @@ class BasicAuthTest extends \DrupalWebTestCase { } /** * Tests configuration through UI. * Tests configuration through UI, and availability of cached pages. */ public function testConfigForm() { if ($this->createBasicAuthConfigurations(static::DATA)) { if ($this->createBasicAuthConfigurations(static::DATA, ['access content'])) { $this->validate(static::DATA); } // A different user should still get an authentication request for the // cacheable view (which, in practice, proves that it is not cached). $this->drupalLogout(); $data = array_filter(static::DATA, function ($data) { return $data['path'] === 'basic-auth-test'; }); $this->validate($data); } /** Loading Loading @@ -134,6 +142,9 @@ class BasicAuthTest extends \DrupalWebTestCase { */ protected function validate(array $items) { foreach ($items as $item) { // The Curl handle somehow remembers if it was granted/denied access // last time, which could skew test results. Get a new one. unset($this->curlHandle); // Visit path, for which was configured basic HTTP authentication. $this->drupalGet($item['path']); // User should be unauthorized. Loading @@ -145,8 +156,8 @@ class BasicAuthTest extends \DrupalWebTestCase { CURLOPT_HTTPGET => TRUE, CURLOPT_USERPWD => sprintf('%s:%s', $item['username'], $item['password']), ]); // Expected result is 403 because user has not enough Drupal permissions. $this->assertResponse(403, sprintf('User has passed basic HTTP authentication for "%s".', $item['path'])); $expected_result_code = isset($item['result_after_auth']) ? $item['result_after_auth'] : 403; $this->assertResponse($expected_result_code, sprintf('User passed basic HTTP authentication for "%s" and received a HTTP %s response.', $item['path'], $expected_result_code)); } } Loading @@ -171,6 +182,7 @@ class BasicAuthTest extends \DrupalWebTestCase { $configs = []; foreach ($items as $i => $item) { $item = array_intersect_key($item, ['path' => 1, 'username' => 1, 'password' => 1]); foreach ($item as $property => $value) { $configs["items[$i][$property]"] = $value; } Loading
tests/basic_auth_test/basic_auth_test.views_default.inc +6 −2 Original line number Diff line number Diff line Loading @@ -26,8 +26,12 @@ function basic_auth_test_views_default_views() { $handler->display->display_options['title'] = 'Basic Auth (Test)'; $handler->display->display_options['use_more_always'] = FALSE; $handler->display->display_options['access']['type'] = 'perm'; $handler->display->display_options['access']['perm'] = 'administer nodes'; $handler->display->display_options['cache']['type'] = 'none'; $handler->display->display_options['access']['perm'] = 'access content'; $handler->display->display_options['cache']['type'] = 'time'; $handler->display->display_options['cache']['results_lifespan'] = '3600'; $handler->display->display_options['cache']['results_lifespan_custom'] = '0'; $handler->display->display_options['cache']['output_lifespan'] = '3600'; $handler->display->display_options['cache']['output_lifespan_custom'] = '0'; $handler->display->display_options['query']['type'] = 'views_query'; $handler->display->display_options['exposed_form']['type'] = 'basic'; $handler->display->display_options['pager']['type'] = 'some'; Loading