UserCancelTest.php 22.4 KB
Newer Older
1 2 3 4 5 6 7 8 9 10
<?php

/**
 * @file
 * Definition of Drupal\user\Tests\UserCancelTest.
 */

namespace Drupal\user\Tests;

use Drupal\simpletest\WebTestBase;
11
use Drupal\comment\CommentInterface;
12
use Drupal\comment\Entity\Comment;
13 14

/**
15 16 17
 * Ensure that account cancellation methods work as expected.
 *
 * @group user
18 19
 */
class UserCancelTest extends WebTestBase {
20

21 22 23 24 25
  /**
   * Modules to enable.
   *
   * @var array
   */
26
  public static $modules = array('node', 'comment');
27

28
  protected function setUp() {
29 30 31 32 33
    parent::setUp();

    $this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page'));
  }

34 35 36 37
  /**
   * Attempt to cancel account without permission.
   */
  function testUserCancelWithoutPermission() {
38
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
39
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
40 41 42 43 44

    // Create a user.
    $account = $this->drupalCreateUser(array());
    $this->drupalLogin($account);
    // Load real user object.
45
    $account = user_load($account->id(), TRUE);
46 47

    // Create a node.
48
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
49 50

    // Attempt to cancel account.
51
    $this->drupalGet('user/' . $account->id() . '/edit');
52
    $this->assertNoRaw(t('Cancel account'), 'No cancel account button displayed.');
53 54

    // Attempt bogus account cancellation request confirmation.
55 56
    $timestamp = $account->getLastLoginTime();
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
57
    $this->assertResponse(403, 'Bogus cancelling request rejected.');
58
    $account = user_load($account->id());
59
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
60 61

    // Confirm user's content has not been altered.
62 63
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
64
    $this->assertTrue(($test_node->getOwnerId() == $account->id() && $test_node->isPublished()), 'Node of the user has not been altered.');
65 66 67 68 69 70 71 72 73
  }

  /**
   * Tests that user account for uid 1 cannot be cancelled.
   *
   * This should never be possible, or the site owner would become unable to
   * administer the site.
   */
  function testUserCancelUid1() {
74
    \Drupal::service('module_installer')->install(array('views'));
75 76 77 78
    // Update uid 1's name and password to we know it.
    $password = user_password();
    $account = array(
      'name' => 'user1',
79
      'pass' => $this->container->get('password')->hash(trim($password)),
80 81 82
    );
    // We cannot use $account->save() here, because this would result in the
    // password being hashed again.
83
    db_update('users_field_data')
84 85 86 87 88 89 90 91 92 93 94 95
      ->fields($account)
      ->condition('uid', 1)
      ->execute();

    // Reload and log in uid 1.
    $user1 = user_load(1, TRUE);
    $user1->pass_raw = $password;

    // Try to cancel uid 1's account with a different user.
    $this->admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($this->admin_user);
    $edit = array(
96 97
      'action' => 'user_cancel_user_action',
      'user_bulk_form[0]' => TRUE,
98
    );
99
    $this->drupalPostForm('admin/people', $edit, t('Apply'));
100 101 102

    // Verify that uid 1's account was not cancelled.
    $user1 = user_load(1, TRUE);
103
    $this->assertTrue($user1->isActive(), 'User #1 still exists and is not blocked.');
104 105 106 107 108 109
  }

  /**
   * Attempt invalid account cancellations.
   */
  function testUserCancelInvalid() {
110
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
111
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
112 113 114 115 116

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
117
    $account = user_load($account->id(), TRUE);
118 119

    // Create a node.
120
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
121 122

    // Attempt to cancel account.
123
    $this->drupalPostForm('user/' . $account->id() . '/edit', NULL, t('Cancel account'));
124 125 126

    // Confirm account cancellation.
    $timestamp = time();
127
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
128
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
129 130 131

    // Attempt bogus account cancellation request confirmation.
    $bogus_timestamp = $timestamp + 60;
132
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->getPassword(), $bogus_timestamp, $account->getLastLoginTime()));
133
    $this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), 'Bogus cancelling request rejected.');
134
    $account = user_load($account->id());
135
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
136 137 138

    // Attempt expired account cancellation request confirmation.
    $bogus_timestamp = $timestamp - 86400 - 60;
139
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->getPassword(), $bogus_timestamp, $account->getLastLoginTime()));
140
    $this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), 'Expired cancel account request rejected.');
141
    $account = user_load($account->id(), TRUE);
142
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
143 144

    // Confirm user's content has not been altered.
145 146
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
147
    $this->assertTrue(($test_node->getOwnerId() == $account->id() && $test_node->isPublished()), 'Node of the user has not been altered.');
148 149 150 151 152 153
  }

  /**
   * Disable account and keep all content.
   */
  function testUserBlock() {
154
    $this->config('user.settings')->set('cancel_method', 'user_cancel_block')->save();
155 156 157 158 159 160

    // Create a user.
    $web_user = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($web_user);

    // Load real user object.
161
    $account = user_load($web_user->id(), TRUE);
162 163

    // Attempt to cancel account.
164
    $this->drupalGet('user/' . $account->id() . '/edit');
165
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
166
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
167
    $this->assertText(t('Your account will be blocked and you will no longer be able to log in. All of your content will remain attributed to your username.'), 'Informs that all content will be remain as is.');
168
    $this->assertNoText(t('Select the method to cancel the account above.'), 'Does not allow user to select account cancellation method.');
169 170 171 172

    // Confirm account cancellation.
    $timestamp = time();

173
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
174
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
175 176

    // Confirm account cancellation request.
177
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
178
    $account = user_load($account->id(), TRUE);
179
    $this->assertTrue($account->isBlocked(), 'User has been blocked.');
180

181
    // Confirm that the confirmation message made it through to the end user.
182
    $this->assertRaw(t('%name has been disabled.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
183 184 185 186 187 188
  }

  /**
   * Disable account and unpublish all content.
   */
  function testUserBlockUnpublish() {
189
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
190
    $this->config('user.settings')->set('cancel_method', 'user_cancel_block_unpublish')->save();
191 192
    // Create comment field on page.
    \Drupal::service('comment.manager')->addDefaultField('node', 'page');
193 194 195 196 197

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
198
    $account = user_load($account->id(), TRUE);
199 200

    // Create a node with two revisions.
201
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
202 203 204 205
    $settings = get_object_vars($node);
    $settings['revision'] = 1;
    $node = $this->drupalCreateNode($settings);

206
    // Add a comment to the page.
207 208
    $comment_subject = $this->randomMachineName(8);
    $comment_body = $this->randomMachineName(8);
209 210 211 212 213 214 215 216 217 218 219
    $comment = entity_create('comment', array(
      'subject' => $comment_subject,
      'comment_body' => $comment_body,
      'entity_id' => $node->id(),
      'entity_type' => 'node',
      'field_name' => 'comment',
      'status' => CommentInterface::PUBLISHED,
      'uid' => $account->id(),
    ));
    $comment->save();

220
    // Attempt to cancel account.
221
    $this->drupalGet('user/' . $account->id() . '/edit');
222
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
223 224
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
    $this->assertText(t('Your account will be blocked and you will no longer be able to log in. All of your content will be hidden from everyone but administrators.'), 'Informs that all content will be unpublished.');
225 226 227

    // Confirm account cancellation.
    $timestamp = time();
228
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
229
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
230 231

    // Confirm account cancellation request.
232
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
233
    $account = user_load($account->id(), TRUE);
234
    $this->assertTrue($account->isBlocked(), 'User has been blocked.');
235 236

    // Confirm user's content has been unpublished.
237 238
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
239 240 241
    $this->assertFalse($test_node->isPublished(), 'Node of the user has been unpublished.');
    $test_node = node_revision_load($node->getRevisionId());
    $this->assertFalse($test_node->isPublished(), 'Node revision of the user has been unpublished.');
242

243 244 245 246 247
    $storage = \Drupal::entityManager()->getStorage('comment');
    $storage->resetCache(array($comment->id()));
    $comment = $storage->load($comment->id());
    $this->assertFalse($comment->isPublished(), 'Comment of the user has been unpublished.');

248
    // Confirm that the confirmation message made it through to the end user.
249
    $this->assertRaw(t('%name has been disabled.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
250 251 252 253 254 255
  }

  /**
   * Delete account and anonymize all content.
   */
  function testUserAnonymize() {
256
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
257
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
258 259 260 261 262

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
263
    $account = user_load($account->id(), TRUE);
264 265

    // Create a simple node.
266
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
267 268 269

    // Create a node with two revisions, the initial one belonging to the
    // cancelling user.
270
    $revision_node = $this->drupalCreateNode(array('uid' => $account->id()));
271
    $revision = $revision_node->getRevisionId();
272 273 274 275 276 277
    $settings = get_object_vars($revision_node);
    $settings['revision'] = 1;
    $settings['uid'] = 1; // Set new/current revision to someone else.
    $revision_node = $this->drupalCreateNode($settings);

    // Attempt to cancel account.
278
    $this->drupalGet('user/' . $account->id() . '/edit');
279
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
280
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
281
    $this->assertRaw(t('Your account will be removed and all account information deleted. All of your content will be assigned to the %anonymous-name user.', array('%anonymous-name' => $this->config('user.settings')->get('anonymous'))), 'Informs that all content will be attributed to anonymous account.');
282 283 284

    // Confirm account cancellation.
    $timestamp = time();
285
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
286
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
287 288

    // Confirm account cancellation request.
289
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
290
    $this->assertFalse(user_load($account->id(), TRUE), 'User is not found in the database.');
291 292

    // Confirm that user's content has been attributed to anonymous user.
293 294
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
295
    $this->assertTrue(($test_node->getOwnerId() == 0 && $test_node->isPublished()), 'Node of the user has been attributed to anonymous user.');
296
    $test_node = node_revision_load($revision, TRUE);
297
    $this->assertTrue(($test_node->getRevisionAuthor()->id() == 0 && $test_node->isPublished()), 'Node revision of the user has been attributed to anonymous user.');
298 299
    $node_storage->resetCache(array($revision_node->id()));
    $test_node = $node_storage->load($revision_node->id());
300
    $this->assertTrue(($test_node->getOwnerId() != 0 && $test_node->isPublished()), "Current revision of the user's node was not attributed to anonymous user.");
301

302
    // Confirm that the confirmation message made it through to the end user.
303
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
304 305 306 307 308 309
  }

  /**
   * Delete account and remove all content.
   */
  function testUserDelete() {
310
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
311
    $this->config('user.settings')->set('cancel_method', 'user_cancel_delete')->save();
312
    \Drupal::service('module_installer')->install(array('comment'));
313
    $this->resetAll();
314
    $this->container->get('comment.manager')->addDefaultField('node', 'page');
315 316 317 318 319

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account', 'post comments', 'skip comment approval'));
    $this->drupalLogin($account);
    // Load real user object.
320
    $account = user_load($account->id(), TRUE);
321 322

    // Create a simple node.
323
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
324 325 326

    // Create comment.
    $edit = array();
327 328
    $edit['subject[0][value]'] = $this->randomMachineName(8);
    $edit['comment_body[0][value]'] = $this->randomMachineName(16);
329

330
    $this->drupalPostForm('comment/reply/node/' . $node->id() . '/comment', $edit, t('Preview'));
331
    $this->drupalPostForm(NULL, array(), t('Save'));
332
    $this->assertText(t('Your comment has been posted.'));
333
    $comments = entity_load_multiple_by_properties('comment', array('subject' => $edit['subject[0][value]']));
334
    $comment = reset($comments);
335
    $this->assertTrue($comment->id(), 'Comment found.');
336 337 338

    // Create a node with two revisions, the initial one belonging to the
    // cancelling user.
339
    $revision_node = $this->drupalCreateNode(array('uid' => $account->id()));
340
    $revision = $revision_node->getRevisionId();
341 342 343 344 345 346
    $settings = get_object_vars($revision_node);
    $settings['revision'] = 1;
    $settings['uid'] = 1; // Set new/current revision to someone else.
    $revision_node = $this->drupalCreateNode($settings);

    // Attempt to cancel account.
347
    $this->drupalGet('user/' . $account->id() . '/edit');
348
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
349 350
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
    $this->assertText(t('Your account will be removed and all account information deleted. All of your content will also be deleted.'), 'Informs that all content will be deleted.');
351 352 353

    // Confirm account cancellation.
    $timestamp = time();
354
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
355
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
356 357

    // Confirm account cancellation request.
358
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
359
    $this->assertFalse(user_load($account->id(), TRUE), 'User is not found in the database.');
360 361

    // Confirm that user's content has been deleted.
362 363
    $node_storage->resetCache(array($node->id()));
    $this->assertFalse($node_storage->load($node->id()), 'Node of the user has been deleted.');
364
    $this->assertFalse(node_revision_load($revision), 'Node revision of the user has been deleted.');
365 366
    $node_storage->resetCache(array($revision_node->id()));
    $this->assertTrue($node_storage->load($revision_node->id()), "Current revision of the user's node was not deleted.");
367 368
    \Drupal::entityManager()->getStorage('comment')->resetCache(array($comment->id()));
    $this->assertFalse(Comment::load($comment->id()), 'Comment of the user has been deleted.');
369

370
    // Confirm that the confirmation message made it through to the end user.
371
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
372 373 374 375 376 377
  }

  /**
   * Create an administrative user and delete another user.
   */
  function testUserCancelByAdmin() {
378
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
379 380 381 382 383 384 385 386 387

    // Create a regular user.
    $account = $this->drupalCreateUser(array());

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

    // Delete regular user.
388
    $this->drupalGet('user/' . $account->id() . '/edit');
389
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
390
    $this->assertRaw(t('Are you sure you want to cancel the account %name?', array('%name' => $account->getUsername())), 'Confirmation form to cancel account displayed.');
391
    $this->assertText(t('Select the method to cancel the account above.'), 'Allows to select account cancellation method.');
392 393

    // Confirm deletion.
394
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
395
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), 'User deleted.');
396
    $this->assertFalse(user_load($account->id()), 'User is not found in the database.');
397 398 399
  }

  /**
400
   * Tests deletion of a user account without an email address.
401 402
   */
  function testUserWithoutEmailCancelByAdmin() {
403
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
404 405 406

    // Create a regular user.
    $account = $this->drupalCreateUser(array());
407
    // This user has no email address.
408 409 410 411 412 413 414
    $account->mail = '';
    $account->save();

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

415
    // Delete regular user without email address.
416
    $this->drupalGet('user/' . $account->id() . '/edit');
417
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
418
    $this->assertRaw(t('Are you sure you want to cancel the account %name?', array('%name' => $account->getUsername())), 'Confirmation form to cancel account displayed.');
419
    $this->assertText(t('Select the method to cancel the account above.'), 'Allows to select account cancellation method.');
420 421

    // Confirm deletion.
422
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
423
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), 'User deleted.');
424
    $this->assertFalse(user_load($account->id()), 'User is not found in the database.');
425 426 427 428 429 430
  }

  /**
   * Create an administrative user and mass-delete other users.
   */
  function testMassUserCancelByAdmin() {
431
    \Drupal::service('module_installer')->install(array('views'));
432
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
433
    // Enable account cancellation notification.
434
    $this->config('user.settings')->set('notify.status_canceled', TRUE)->save();
435 436 437 438 439 440 441 442 443

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

    // Create some users.
    $users = array();
    for ($i = 0; $i < 3; $i++) {
      $account = $this->drupalCreateUser(array());
444
      $users[$account->id()] = $account;
445 446 447 448
    }

    // Cancel user accounts, including own one.
    $edit = array();
449 450 451
    $edit['action'] = 'user_cancel_user_action';
    for ($i = 0; $i <= 4; $i++) {
      $edit['user_bulk_form[' . $i . ']'] = TRUE;
452
    }
453
    $this->drupalPostForm('admin/people', $edit, t('Apply'));
454 455
    $this->assertText(t('Are you sure you want to cancel these user accounts?'), 'Confirmation form to cancel accounts displayed.');
    $this->assertText(t('When cancelling these accounts'), 'Allows to select account cancellation method.');
456 457
    $this->assertText(t('Require email confirmation to cancel account'), 'Allows to send confirmation mail.');
    $this->assertText(t('Notify user when account is canceled'), 'Allows to send notification mail.');
458 459

    // Confirm deletion.
460
    $this->drupalPostForm(NULL, NULL, t('Cancel accounts'));
461 462
    $status = TRUE;
    foreach ($users as $account) {
463
      $status = $status && (strpos($this->content, t('%name has been deleted.', array('%name' => $account->getUsername()))) !== FALSE);
464
      $status = $status && !user_load($account->id(), TRUE);
465
    }
466
    $this->assertTrue($status, 'Users deleted and not found in the database.');
467 468

    // Ensure that admin account was not cancelled.
469
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
470
    $admin_user = user_load($admin_user->id());
471
    $this->assertTrue($admin_user->isActive(), 'Administrative user is found in the database and enabled.');
472 473 474

    // Verify that uid 1's account was not cancelled.
    $user1 = user_load(1, TRUE);
475
    $this->assertTrue($user1->isActive(), 'User #1 still exists and is not blocked.');
476 477
  }
}