UserCancelTest.php 23.3 KB
Newer Older
1 2 3 4 5 6 7 8 9
<?php

/**
 * @file
 * Definition of Drupal\user\Tests\UserCancelTest.
 */

namespace Drupal\user\Tests;

10
use Drupal\comment\Tests\CommentTestTrait;
11
use Drupal\simpletest\WebTestBase;
12
use Drupal\comment\CommentInterface;
13
use Drupal\comment\Entity\Comment;
14 15

/**
16 17 18
 * Ensure that account cancellation methods work as expected.
 *
 * @group user
19 20
 */
class UserCancelTest extends WebTestBase {
21

22 23
  use CommentTestTrait;

24 25 26 27 28
  /**
   * Modules to enable.
   *
   * @var array
   */
29
  public static $modules = array('node', 'comment');
30

31
  protected function setUp() {
32 33 34 35 36
    parent::setUp();

    $this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page'));
  }

37 38 39 40
  /**
   * Attempt to cancel account without permission.
   */
  function testUserCancelWithoutPermission() {
41
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
42
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
43 44 45 46 47

    // Create a user.
    $account = $this->drupalCreateUser(array());
    $this->drupalLogin($account);
    // Load real user object.
48
    $account = user_load($account->id(), TRUE);
49 50

    // Create a node.
51
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
52 53

    // Attempt to cancel account.
54
    $this->drupalGet('user/' . $account->id() . '/edit');
55
    $this->assertNoRaw(t('Cancel account'), 'No cancel account button displayed.');
56 57

    // Attempt bogus account cancellation request confirmation.
58
    $timestamp = $account->getLastLoginTime();
59
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime(), $account->id()));
60
    $this->assertResponse(403, 'Bogus cancelling request rejected.');
61
    $account = user_load($account->id());
62
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
63 64

    // Confirm user's content has not been altered.
65 66
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
67
    $this->assertTrue(($test_node->getOwnerId() == $account->id() && $test_node->isPublished()), 'Node of the user has not been altered.');
68 69
  }

70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
  /**
   * Test ability to change the permission for canceling users.
   */
  public function testUserCancelChangePermission() {
    \Drupal::service('module_installer')->install(array('user_form_test'));
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();

    // Create a regular user.
    $account = $this->drupalCreateUser(array());

    $admin_user = $this->drupalCreateUser(array('cancel other accounts'));
    $this->drupalLogin($admin_user);

    // Delete regular user.
    $this->drupalPostForm('user_form_test_cancel/' . $account->id(), array(), t('Cancel account'));

    // Confirm deletion.
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), 'User deleted.');
    $this->assertFalse(user_load($account->id()), 'User is not found in the database.');
  }

91 92 93 94 95 96 97
  /**
   * Tests that user account for uid 1 cannot be cancelled.
   *
   * This should never be possible, or the site owner would become unable to
   * administer the site.
   */
  function testUserCancelUid1() {
98
    \Drupal::service('module_installer')->install(array('views'));
99 100 101 102
    // Update uid 1's name and password to we know it.
    $password = user_password();
    $account = array(
      'name' => 'user1',
103
      'pass' => $this->container->get('password')->hash(trim($password)),
104 105 106
    );
    // We cannot use $account->save() here, because this would result in the
    // password being hashed again.
107
    db_update('users_field_data')
108 109 110 111 112 113 114 115 116
      ->fields($account)
      ->condition('uid', 1)
      ->execute();

    // Reload and log in uid 1.
    $user1 = user_load(1, TRUE);
    $user1->pass_raw = $password;

    // Try to cancel uid 1's account with a different user.
117 118
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);
119
    $edit = array(
120 121
      'action' => 'user_cancel_user_action',
      'user_bulk_form[0]' => TRUE,
122
    );
123
    $this->drupalPostForm('admin/people', $edit, t('Apply'));
124 125 126

    // Verify that uid 1's account was not cancelled.
    $user1 = user_load(1, TRUE);
127
    $this->assertTrue($user1->isActive(), 'User #1 still exists and is not blocked.');
128 129 130 131 132 133
  }

  /**
   * Attempt invalid account cancellations.
   */
  function testUserCancelInvalid() {
134
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
135
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
136 137 138 139 140

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
141
    $account = user_load($account->id(), TRUE);
142 143

    // Create a node.
144
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
145 146

    // Attempt to cancel account.
147
    $this->drupalPostForm('user/' . $account->id() . '/edit', NULL, t('Cancel account'));
148 149 150

    // Confirm account cancellation.
    $timestamp = time();
151
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
152
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
153 154 155

    // Attempt bogus account cancellation request confirmation.
    $bogus_timestamp = $timestamp + 60;
156
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->getPassword(), $bogus_timestamp, $account->getLastLoginTime(), $account->id()));
157
    $this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), 'Bogus cancelling request rejected.');
158
    $account = user_load($account->id());
159
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
160 161 162

    // Attempt expired account cancellation request confirmation.
    $bogus_timestamp = $timestamp - 86400 - 60;
163
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->getPassword(), $bogus_timestamp, $account->getLastLoginTime(), $account->id()));
164
    $this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), 'Expired cancel account request rejected.');
165
    $account = user_load($account->id(), TRUE);
166
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
167 168

    // Confirm user's content has not been altered.
169 170
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
171
    $this->assertTrue(($test_node->getOwnerId() == $account->id() && $test_node->isPublished()), 'Node of the user has not been altered.');
172 173 174 175 176 177
  }

  /**
   * Disable account and keep all content.
   */
  function testUserBlock() {
178
    $this->config('user.settings')->set('cancel_method', 'user_cancel_block')->save();
179 180 181 182 183 184

    // Create a user.
    $web_user = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($web_user);

    // Load real user object.
185
    $account = user_load($web_user->id(), TRUE);
186 187

    // Attempt to cancel account.
188
    $this->drupalGet('user/' . $account->id() . '/edit');
189
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
190
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
191
    $this->assertText(t('Your account will be blocked and you will no longer be able to log in. All of your content will remain attributed to your username.'), 'Informs that all content will be remain as is.');
192
    $this->assertNoText(t('Select the method to cancel the account above.'), 'Does not allow user to select account cancellation method.');
193 194 195 196

    // Confirm account cancellation.
    $timestamp = time();

197
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
198
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
199 200

    // Confirm account cancellation request.
201
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime(), $account->id()));
202
    $account = user_load($account->id(), TRUE);
203
    $this->assertTrue($account->isBlocked(), 'User has been blocked.');
204

205
    // Confirm that the confirmation message made it through to the end user.
206
    $this->assertRaw(t('%name has been disabled.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
207 208 209 210 211 212
  }

  /**
   * Disable account and unpublish all content.
   */
  function testUserBlockUnpublish() {
213
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
214
    $this->config('user.settings')->set('cancel_method', 'user_cancel_block_unpublish')->save();
215
    // Create comment field on page.
216
    $this->addDefaultCommentField('node', 'page');
217 218 219 220 221

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
222
    $account = user_load($account->id(), TRUE);
223 224

    // Create a node with two revisions.
225
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
226 227 228 229
    $settings = get_object_vars($node);
    $settings['revision'] = 1;
    $node = $this->drupalCreateNode($settings);

230
    // Add a comment to the page.
231 232
    $comment_subject = $this->randomMachineName(8);
    $comment_body = $this->randomMachineName(8);
233 234 235 236 237 238 239 240 241 242 243
    $comment = entity_create('comment', array(
      'subject' => $comment_subject,
      'comment_body' => $comment_body,
      'entity_id' => $node->id(),
      'entity_type' => 'node',
      'field_name' => 'comment',
      'status' => CommentInterface::PUBLISHED,
      'uid' => $account->id(),
    ));
    $comment->save();

244
    // Attempt to cancel account.
245
    $this->drupalGet('user/' . $account->id() . '/edit');
246
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
247 248
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
    $this->assertText(t('Your account will be blocked and you will no longer be able to log in. All of your content will be hidden from everyone but administrators.'), 'Informs that all content will be unpublished.');
249 250 251

    // Confirm account cancellation.
    $timestamp = time();
252
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
253
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
254 255

    // Confirm account cancellation request.
256
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime(), $account->id()));
257
    $account = user_load($account->id(), TRUE);
258
    $this->assertTrue($account->isBlocked(), 'User has been blocked.');
259 260

    // Confirm user's content has been unpublished.
261 262
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
263 264 265
    $this->assertFalse($test_node->isPublished(), 'Node of the user has been unpublished.');
    $test_node = node_revision_load($node->getRevisionId());
    $this->assertFalse($test_node->isPublished(), 'Node revision of the user has been unpublished.');
266

267 268 269 270 271
    $storage = \Drupal::entityManager()->getStorage('comment');
    $storage->resetCache(array($comment->id()));
    $comment = $storage->load($comment->id());
    $this->assertFalse($comment->isPublished(), 'Comment of the user has been unpublished.');

272
    // Confirm that the confirmation message made it through to the end user.
273
    $this->assertRaw(t('%name has been disabled.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
274 275 276 277 278 279
  }

  /**
   * Delete account and anonymize all content.
   */
  function testUserAnonymize() {
280
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
281
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
282 283 284 285 286

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
287
    $account = user_load($account->id(), TRUE);
288 289

    // Create a simple node.
290
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
291 292 293

    // Create a node with two revisions, the initial one belonging to the
    // cancelling user.
294
    $revision_node = $this->drupalCreateNode(array('uid' => $account->id()));
295
    $revision = $revision_node->getRevisionId();
296 297 298 299 300 301
    $settings = get_object_vars($revision_node);
    $settings['revision'] = 1;
    $settings['uid'] = 1; // Set new/current revision to someone else.
    $revision_node = $this->drupalCreateNode($settings);

    // Attempt to cancel account.
302
    $this->drupalGet('user/' . $account->id() . '/edit');
303
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
304
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
305
    $this->assertRaw(t('Your account will be removed and all account information deleted. All of your content will be assigned to the %anonymous-name user.', array('%anonymous-name' => $this->config('user.settings')->get('anonymous'))), 'Informs that all content will be attributed to anonymous account.');
306 307 308

    // Confirm account cancellation.
    $timestamp = time();
309
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
310
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
311 312

    // Confirm account cancellation request.
313
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime(), $account->id()));
314
    $this->assertFalse(user_load($account->id(), TRUE), 'User is not found in the database.');
315 316

    // Confirm that user's content has been attributed to anonymous user.
317 318
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
319
    $this->assertTrue(($test_node->getOwnerId() == 0 && $test_node->isPublished()), 'Node of the user has been attributed to anonymous user.');
320
    $test_node = node_revision_load($revision, TRUE);
321
    $this->assertTrue(($test_node->getRevisionAuthor()->id() == 0 && $test_node->isPublished()), 'Node revision of the user has been attributed to anonymous user.');
322 323
    $node_storage->resetCache(array($revision_node->id()));
    $test_node = $node_storage->load($revision_node->id());
324
    $this->assertTrue(($test_node->getOwnerId() != 0 && $test_node->isPublished()), "Current revision of the user's node was not attributed to anonymous user.");
325

326
    // Confirm that the confirmation message made it through to the end user.
327
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
328 329 330 331 332 333
  }

  /**
   * Delete account and remove all content.
   */
  function testUserDelete() {
334
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
335
    $this->config('user.settings')->set('cancel_method', 'user_cancel_delete')->save();
336
    \Drupal::service('module_installer')->install(array('comment'));
337
    $this->resetAll();
338
    $this->addDefaultCommentField('node', 'page');
339 340 341 342 343

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account', 'post comments', 'skip comment approval'));
    $this->drupalLogin($account);
    // Load real user object.
344
    $account = user_load($account->id(), TRUE);
345 346

    // Create a simple node.
347
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
348 349 350

    // Create comment.
    $edit = array();
351 352
    $edit['subject[0][value]'] = $this->randomMachineName(8);
    $edit['comment_body[0][value]'] = $this->randomMachineName(16);
353

354
    $this->drupalPostForm('comment/reply/node/' . $node->id() . '/comment', $edit, t('Preview'));
355
    $this->drupalPostForm(NULL, array(), t('Save'));
356
    $this->assertText(t('Your comment has been posted.'));
357
    $comments = entity_load_multiple_by_properties('comment', array('subject' => $edit['subject[0][value]']));
358
    $comment = reset($comments);
359
    $this->assertTrue($comment->id(), 'Comment found.');
360 361 362

    // Create a node with two revisions, the initial one belonging to the
    // cancelling user.
363
    $revision_node = $this->drupalCreateNode(array('uid' => $account->id()));
364
    $revision = $revision_node->getRevisionId();
365 366 367 368 369 370
    $settings = get_object_vars($revision_node);
    $settings['revision'] = 1;
    $settings['uid'] = 1; // Set new/current revision to someone else.
    $revision_node = $this->drupalCreateNode($settings);

    // Attempt to cancel account.
371
    $this->drupalGet('user/' . $account->id() . '/edit');
372
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
373 374
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
    $this->assertText(t('Your account will be removed and all account information deleted. All of your content will also be deleted.'), 'Informs that all content will be deleted.');
375 376 377

    // Confirm account cancellation.
    $timestamp = time();
378
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
379
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
380 381

    // Confirm account cancellation request.
382
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime(), $account->id()));
383
    $this->assertFalse(user_load($account->id(), TRUE), 'User is not found in the database.');
384 385

    // Confirm that user's content has been deleted.
386 387
    $node_storage->resetCache(array($node->id()));
    $this->assertFalse($node_storage->load($node->id()), 'Node of the user has been deleted.');
388
    $this->assertFalse(node_revision_load($revision), 'Node revision of the user has been deleted.');
389 390
    $node_storage->resetCache(array($revision_node->id()));
    $this->assertTrue($node_storage->load($revision_node->id()), "Current revision of the user's node was not deleted.");
391 392
    \Drupal::entityManager()->getStorage('comment')->resetCache(array($comment->id()));
    $this->assertFalse(Comment::load($comment->id()), 'Comment of the user has been deleted.');
393

394
    // Confirm that the confirmation message made it through to the end user.
395
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
396 397 398 399 400 401
  }

  /**
   * Create an administrative user and delete another user.
   */
  function testUserCancelByAdmin() {
402
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
403 404 405 406 407 408 409 410 411

    // Create a regular user.
    $account = $this->drupalCreateUser(array());

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

    // Delete regular user.
412
    $this->drupalGet('user/' . $account->id() . '/edit');
413
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
414
    $this->assertRaw(t('Are you sure you want to cancel the account %name?', array('%name' => $account->getUsername())), 'Confirmation form to cancel account displayed.');
415
    $this->assertText(t('Select the method to cancel the account above.'), 'Allows to select account cancellation method.');
416 417

    // Confirm deletion.
418
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
419
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), 'User deleted.');
420
    $this->assertFalse(user_load($account->id()), 'User is not found in the database.');
421 422 423
  }

  /**
424
   * Tests deletion of a user account without an email address.
425 426
   */
  function testUserWithoutEmailCancelByAdmin() {
427
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
428 429 430

    // Create a regular user.
    $account = $this->drupalCreateUser(array());
431
    // This user has no email address.
432 433 434 435 436 437 438
    $account->mail = '';
    $account->save();

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

439
    // Delete regular user without email address.
440
    $this->drupalGet('user/' . $account->id() . '/edit');
441
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
442
    $this->assertRaw(t('Are you sure you want to cancel the account %name?', array('%name' => $account->getUsername())), 'Confirmation form to cancel account displayed.');
443
    $this->assertText(t('Select the method to cancel the account above.'), 'Allows to select account cancellation method.');
444 445

    // Confirm deletion.
446
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
447
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), 'User deleted.');
448
    $this->assertFalse(user_load($account->id()), 'User is not found in the database.');
449 450 451 452 453 454
  }

  /**
   * Create an administrative user and mass-delete other users.
   */
  function testMassUserCancelByAdmin() {
455
    \Drupal::service('module_installer')->install(array('views'));
456
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
457
    // Enable account cancellation notification.
458
    $this->config('user.settings')->set('notify.status_canceled', TRUE)->save();
459 460 461 462 463 464 465 466 467

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

    // Create some users.
    $users = array();
    for ($i = 0; $i < 3; $i++) {
      $account = $this->drupalCreateUser(array());
468
      $users[$account->id()] = $account;
469 470 471 472
    }

    // Cancel user accounts, including own one.
    $edit = array();
473 474 475
    $edit['action'] = 'user_cancel_user_action';
    for ($i = 0; $i <= 4; $i++) {
      $edit['user_bulk_form[' . $i . ']'] = TRUE;
476
    }
477
    $this->drupalPostForm('admin/people', $edit, t('Apply'));
478 479
    $this->assertText(t('Are you sure you want to cancel these user accounts?'), 'Confirmation form to cancel accounts displayed.');
    $this->assertText(t('When cancelling these accounts'), 'Allows to select account cancellation method.');
480 481
    $this->assertText(t('Require email confirmation to cancel account'), 'Allows to send confirmation mail.');
    $this->assertText(t('Notify user when account is canceled'), 'Allows to send notification mail.');
482 483

    // Confirm deletion.
484
    $this->drupalPostForm(NULL, NULL, t('Cancel accounts'));
485 486
    $status = TRUE;
    foreach ($users as $account) {
487
      $status = $status && (strpos($this->content, t('%name has been deleted.', array('%name' => $account->getUsername()))) !== FALSE);
488
      $status = $status && !user_load($account->id(), TRUE);
489
    }
490
    $this->assertTrue($status, 'Users deleted and not found in the database.');
491 492

    // Ensure that admin account was not cancelled.
493
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
494
    $admin_user = user_load($admin_user->id());
495
    $this->assertTrue($admin_user->isActive(), 'Administrative user is found in the database and enabled.');
496 497 498

    // Verify that uid 1's account was not cancelled.
    $user1 = user_load(1, TRUE);
499
    $this->assertTrue($user1->isActive(), 'User #1 still exists and is not blocked.');
500 501
  }
}