UserCancelTest.php 23.2 KB
Newer Older
1 2 3 4 5 6 7 8 9 10
<?php

/**
 * @file
 * Definition of Drupal\user\Tests\UserCancelTest.
 */

namespace Drupal\user\Tests;

use Drupal\simpletest\WebTestBase;
11
use Drupal\comment\CommentInterface;
12
use Drupal\comment\Entity\Comment;
13 14

/**
15 16 17
 * Ensure that account cancellation methods work as expected.
 *
 * @group user
18 19
 */
class UserCancelTest extends WebTestBase {
20

21 22 23 24 25
  /**
   * Modules to enable.
   *
   * @var array
   */
26
  public static $modules = array('node', 'comment');
27

28
  protected function setUp() {
29 30 31 32 33
    parent::setUp();

    $this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page'));
  }

34 35 36 37
  /**
   * Attempt to cancel account without permission.
   */
  function testUserCancelWithoutPermission() {
38
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
39
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
40 41 42 43 44

    // Create a user.
    $account = $this->drupalCreateUser(array());
    $this->drupalLogin($account);
    // Load real user object.
45
    $account = user_load($account->id(), TRUE);
46 47

    // Create a node.
48
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
49 50

    // Attempt to cancel account.
51
    $this->drupalGet('user/' . $account->id() . '/edit');
52
    $this->assertNoRaw(t('Cancel account'), 'No cancel account button displayed.');
53 54

    // Attempt bogus account cancellation request confirmation.
55 56
    $timestamp = $account->getLastLoginTime();
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
57
    $this->assertResponse(403, 'Bogus cancelling request rejected.');
58
    $account = user_load($account->id());
59
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
60 61

    // Confirm user's content has not been altered.
62 63
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
64
    $this->assertTrue(($test_node->getOwnerId() == $account->id() && $test_node->isPublished()), 'Node of the user has not been altered.');
65 66
  }

67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
  /**
   * Test ability to change the permission for canceling users.
   */
  public function testUserCancelChangePermission() {
    \Drupal::service('module_installer')->install(array('user_form_test'));
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();

    // Create a regular user.
    $account = $this->drupalCreateUser(array());

    $admin_user = $this->drupalCreateUser(array('cancel other accounts'));
    $this->drupalLogin($admin_user);

    // Delete regular user.
    $this->drupalPostForm('user_form_test_cancel/' . $account->id(), array(), t('Cancel account'));

    // Confirm deletion.
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), 'User deleted.');
    $this->assertFalse(user_load($account->id()), 'User is not found in the database.');
  }

88 89 90 91 92 93 94
  /**
   * Tests that user account for uid 1 cannot be cancelled.
   *
   * This should never be possible, or the site owner would become unable to
   * administer the site.
   */
  function testUserCancelUid1() {
95
    \Drupal::service('module_installer')->install(array('views'));
96 97 98 99
    // Update uid 1's name and password to we know it.
    $password = user_password();
    $account = array(
      'name' => 'user1',
100
      'pass' => $this->container->get('password')->hash(trim($password)),
101 102 103
    );
    // We cannot use $account->save() here, because this would result in the
    // password being hashed again.
104
    db_update('users_field_data')
105 106 107 108 109 110 111 112 113
      ->fields($account)
      ->condition('uid', 1)
      ->execute();

    // Reload and log in uid 1.
    $user1 = user_load(1, TRUE);
    $user1->pass_raw = $password;

    // Try to cancel uid 1's account with a different user.
114 115
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);
116
    $edit = array(
117 118
      'action' => 'user_cancel_user_action',
      'user_bulk_form[0]' => TRUE,
119
    );
120
    $this->drupalPostForm('admin/people', $edit, t('Apply'));
121 122 123

    // Verify that uid 1's account was not cancelled.
    $user1 = user_load(1, TRUE);
124
    $this->assertTrue($user1->isActive(), 'User #1 still exists and is not blocked.');
125 126 127 128 129 130
  }

  /**
   * Attempt invalid account cancellations.
   */
  function testUserCancelInvalid() {
131
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
132
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
133 134 135 136 137

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
138
    $account = user_load($account->id(), TRUE);
139 140

    // Create a node.
141
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
142 143

    // Attempt to cancel account.
144
    $this->drupalPostForm('user/' . $account->id() . '/edit', NULL, t('Cancel account'));
145 146 147

    // Confirm account cancellation.
    $timestamp = time();
148
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
149
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
150 151 152

    // Attempt bogus account cancellation request confirmation.
    $bogus_timestamp = $timestamp + 60;
153
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->getPassword(), $bogus_timestamp, $account->getLastLoginTime()));
154
    $this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), 'Bogus cancelling request rejected.');
155
    $account = user_load($account->id());
156
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
157 158 159

    // Attempt expired account cancellation request confirmation.
    $bogus_timestamp = $timestamp - 86400 - 60;
160
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->getPassword(), $bogus_timestamp, $account->getLastLoginTime()));
161
    $this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), 'Expired cancel account request rejected.');
162
    $account = user_load($account->id(), TRUE);
163
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
164 165

    // Confirm user's content has not been altered.
166 167
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
168
    $this->assertTrue(($test_node->getOwnerId() == $account->id() && $test_node->isPublished()), 'Node of the user has not been altered.');
169 170 171 172 173 174
  }

  /**
   * Disable account and keep all content.
   */
  function testUserBlock() {
175
    $this->config('user.settings')->set('cancel_method', 'user_cancel_block')->save();
176 177 178 179 180 181

    // Create a user.
    $web_user = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($web_user);

    // Load real user object.
182
    $account = user_load($web_user->id(), TRUE);
183 184

    // Attempt to cancel account.
185
    $this->drupalGet('user/' . $account->id() . '/edit');
186
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
187
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
188
    $this->assertText(t('Your account will be blocked and you will no longer be able to log in. All of your content will remain attributed to your username.'), 'Informs that all content will be remain as is.');
189
    $this->assertNoText(t('Select the method to cancel the account above.'), 'Does not allow user to select account cancellation method.');
190 191 192 193

    // Confirm account cancellation.
    $timestamp = time();

194
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
195
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
196 197

    // Confirm account cancellation request.
198
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
199
    $account = user_load($account->id(), TRUE);
200
    $this->assertTrue($account->isBlocked(), 'User has been blocked.');
201

202
    // Confirm that the confirmation message made it through to the end user.
203
    $this->assertRaw(t('%name has been disabled.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
204 205 206 207 208 209
  }

  /**
   * Disable account and unpublish all content.
   */
  function testUserBlockUnpublish() {
210
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
211
    $this->config('user.settings')->set('cancel_method', 'user_cancel_block_unpublish')->save();
212 213
    // Create comment field on page.
    \Drupal::service('comment.manager')->addDefaultField('node', 'page');
214 215 216 217 218

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
219
    $account = user_load($account->id(), TRUE);
220 221

    // Create a node with two revisions.
222
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
223 224 225 226
    $settings = get_object_vars($node);
    $settings['revision'] = 1;
    $node = $this->drupalCreateNode($settings);

227
    // Add a comment to the page.
228 229
    $comment_subject = $this->randomMachineName(8);
    $comment_body = $this->randomMachineName(8);
230 231 232 233 234 235 236 237 238 239 240
    $comment = entity_create('comment', array(
      'subject' => $comment_subject,
      'comment_body' => $comment_body,
      'entity_id' => $node->id(),
      'entity_type' => 'node',
      'field_name' => 'comment',
      'status' => CommentInterface::PUBLISHED,
      'uid' => $account->id(),
    ));
    $comment->save();

241
    // Attempt to cancel account.
242
    $this->drupalGet('user/' . $account->id() . '/edit');
243
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
244 245
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
    $this->assertText(t('Your account will be blocked and you will no longer be able to log in. All of your content will be hidden from everyone but administrators.'), 'Informs that all content will be unpublished.');
246 247 248

    // Confirm account cancellation.
    $timestamp = time();
249
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
250
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
251 252

    // Confirm account cancellation request.
253
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
254
    $account = user_load($account->id(), TRUE);
255
    $this->assertTrue($account->isBlocked(), 'User has been blocked.');
256 257

    // Confirm user's content has been unpublished.
258 259
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
260 261 262
    $this->assertFalse($test_node->isPublished(), 'Node of the user has been unpublished.');
    $test_node = node_revision_load($node->getRevisionId());
    $this->assertFalse($test_node->isPublished(), 'Node revision of the user has been unpublished.');
263

264 265 266 267 268
    $storage = \Drupal::entityManager()->getStorage('comment');
    $storage->resetCache(array($comment->id()));
    $comment = $storage->load($comment->id());
    $this->assertFalse($comment->isPublished(), 'Comment of the user has been unpublished.');

269
    // Confirm that the confirmation message made it through to the end user.
270
    $this->assertRaw(t('%name has been disabled.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
271 272 273 274 275 276
  }

  /**
   * Delete account and anonymize all content.
   */
  function testUserAnonymize() {
277
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
278
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
279 280 281 282 283

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
284
    $account = user_load($account->id(), TRUE);
285 286

    // Create a simple node.
287
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
288 289 290

    // Create a node with two revisions, the initial one belonging to the
    // cancelling user.
291
    $revision_node = $this->drupalCreateNode(array('uid' => $account->id()));
292
    $revision = $revision_node->getRevisionId();
293 294 295 296 297 298
    $settings = get_object_vars($revision_node);
    $settings['revision'] = 1;
    $settings['uid'] = 1; // Set new/current revision to someone else.
    $revision_node = $this->drupalCreateNode($settings);

    // Attempt to cancel account.
299
    $this->drupalGet('user/' . $account->id() . '/edit');
300
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
301
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
302
    $this->assertRaw(t('Your account will be removed and all account information deleted. All of your content will be assigned to the %anonymous-name user.', array('%anonymous-name' => $this->config('user.settings')->get('anonymous'))), 'Informs that all content will be attributed to anonymous account.');
303 304 305

    // Confirm account cancellation.
    $timestamp = time();
306
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
307
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
308 309

    // Confirm account cancellation request.
310
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
311
    $this->assertFalse(user_load($account->id(), TRUE), 'User is not found in the database.');
312 313

    // Confirm that user's content has been attributed to anonymous user.
314 315
    $node_storage->resetCache(array($node->id()));
    $test_node = $node_storage->load($node->id());
316
    $this->assertTrue(($test_node->getOwnerId() == 0 && $test_node->isPublished()), 'Node of the user has been attributed to anonymous user.');
317
    $test_node = node_revision_load($revision, TRUE);
318
    $this->assertTrue(($test_node->getRevisionAuthor()->id() == 0 && $test_node->isPublished()), 'Node revision of the user has been attributed to anonymous user.');
319 320
    $node_storage->resetCache(array($revision_node->id()));
    $test_node = $node_storage->load($revision_node->id());
321
    $this->assertTrue(($test_node->getOwnerId() != 0 && $test_node->isPublished()), "Current revision of the user's node was not attributed to anonymous user.");
322

323
    // Confirm that the confirmation message made it through to the end user.
324
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
325 326 327 328 329 330
  }

  /**
   * Delete account and remove all content.
   */
  function testUserDelete() {
331
    $node_storage = $this->container->get('entity.manager')->getStorage('node');
332
    $this->config('user.settings')->set('cancel_method', 'user_cancel_delete')->save();
333
    \Drupal::service('module_installer')->install(array('comment'));
334
    $this->resetAll();
335
    $this->container->get('comment.manager')->addDefaultField('node', 'page');
336 337 338 339 340

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account', 'post comments', 'skip comment approval'));
    $this->drupalLogin($account);
    // Load real user object.
341
    $account = user_load($account->id(), TRUE);
342 343

    // Create a simple node.
344
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
345 346 347

    // Create comment.
    $edit = array();
348 349
    $edit['subject[0][value]'] = $this->randomMachineName(8);
    $edit['comment_body[0][value]'] = $this->randomMachineName(16);
350

351
    $this->drupalPostForm('comment/reply/node/' . $node->id() . '/comment', $edit, t('Preview'));
352
    $this->drupalPostForm(NULL, array(), t('Save'));
353
    $this->assertText(t('Your comment has been posted.'));
354
    $comments = entity_load_multiple_by_properties('comment', array('subject' => $edit['subject[0][value]']));
355
    $comment = reset($comments);
356
    $this->assertTrue($comment->id(), 'Comment found.');
357 358 359

    // Create a node with two revisions, the initial one belonging to the
    // cancelling user.
360
    $revision_node = $this->drupalCreateNode(array('uid' => $account->id()));
361
    $revision = $revision_node->getRevisionId();
362 363 364 365 366 367
    $settings = get_object_vars($revision_node);
    $settings['revision'] = 1;
    $settings['uid'] = 1; // Set new/current revision to someone else.
    $revision_node = $this->drupalCreateNode($settings);

    // Attempt to cancel account.
368
    $this->drupalGet('user/' . $account->id() . '/edit');
369
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
370 371
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
    $this->assertText(t('Your account will be removed and all account information deleted. All of your content will also be deleted.'), 'Informs that all content will be deleted.');
372 373 374

    // Confirm account cancellation.
    $timestamp = time();
375
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
376
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
377 378

    // Confirm account cancellation request.
379
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
380
    $this->assertFalse(user_load($account->id(), TRUE), 'User is not found in the database.');
381 382

    // Confirm that user's content has been deleted.
383 384
    $node_storage->resetCache(array($node->id()));
    $this->assertFalse($node_storage->load($node->id()), 'Node of the user has been deleted.');
385
    $this->assertFalse(node_revision_load($revision), 'Node revision of the user has been deleted.');
386 387
    $node_storage->resetCache(array($revision_node->id()));
    $this->assertTrue($node_storage->load($revision_node->id()), "Current revision of the user's node was not deleted.");
388 389
    \Drupal::entityManager()->getStorage('comment')->resetCache(array($comment->id()));
    $this->assertFalse(Comment::load($comment->id()), 'Comment of the user has been deleted.');
390

391
    // Confirm that the confirmation message made it through to the end user.
392
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
393 394 395 396 397 398
  }

  /**
   * Create an administrative user and delete another user.
   */
  function testUserCancelByAdmin() {
399
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
400 401 402 403 404 405 406 407 408

    // Create a regular user.
    $account = $this->drupalCreateUser(array());

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

    // Delete regular user.
409
    $this->drupalGet('user/' . $account->id() . '/edit');
410
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
411
    $this->assertRaw(t('Are you sure you want to cancel the account %name?', array('%name' => $account->getUsername())), 'Confirmation form to cancel account displayed.');
412
    $this->assertText(t('Select the method to cancel the account above.'), 'Allows to select account cancellation method.');
413 414

    // Confirm deletion.
415
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
416
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), 'User deleted.');
417
    $this->assertFalse(user_load($account->id()), 'User is not found in the database.');
418 419 420
  }

  /**
421
   * Tests deletion of a user account without an email address.
422 423
   */
  function testUserWithoutEmailCancelByAdmin() {
424
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
425 426 427

    // Create a regular user.
    $account = $this->drupalCreateUser(array());
428
    // This user has no email address.
429 430 431 432 433 434 435
    $account->mail = '';
    $account->save();

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

436
    // Delete regular user without email address.
437
    $this->drupalGet('user/' . $account->id() . '/edit');
438
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
439
    $this->assertRaw(t('Are you sure you want to cancel the account %name?', array('%name' => $account->getUsername())), 'Confirmation form to cancel account displayed.');
440
    $this->assertText(t('Select the method to cancel the account above.'), 'Allows to select account cancellation method.');
441 442

    // Confirm deletion.
443
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
444
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), 'User deleted.');
445
    $this->assertFalse(user_load($account->id()), 'User is not found in the database.');
446 447 448 449 450 451
  }

  /**
   * Create an administrative user and mass-delete other users.
   */
  function testMassUserCancelByAdmin() {
452
    \Drupal::service('module_installer')->install(array('views'));
453
    $this->config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
454
    // Enable account cancellation notification.
455
    $this->config('user.settings')->set('notify.status_canceled', TRUE)->save();
456 457 458 459 460 461 462 463 464

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

    // Create some users.
    $users = array();
    for ($i = 0; $i < 3; $i++) {
      $account = $this->drupalCreateUser(array());
465
      $users[$account->id()] = $account;
466 467 468 469
    }

    // Cancel user accounts, including own one.
    $edit = array();
470 471 472
    $edit['action'] = 'user_cancel_user_action';
    for ($i = 0; $i <= 4; $i++) {
      $edit['user_bulk_form[' . $i . ']'] = TRUE;
473
    }
474
    $this->drupalPostForm('admin/people', $edit, t('Apply'));
475 476
    $this->assertText(t('Are you sure you want to cancel these user accounts?'), 'Confirmation form to cancel accounts displayed.');
    $this->assertText(t('When cancelling these accounts'), 'Allows to select account cancellation method.');
477 478
    $this->assertText(t('Require email confirmation to cancel account'), 'Allows to send confirmation mail.');
    $this->assertText(t('Notify user when account is canceled'), 'Allows to send notification mail.');
479 480

    // Confirm deletion.
481
    $this->drupalPostForm(NULL, NULL, t('Cancel accounts'));
482 483
    $status = TRUE;
    foreach ($users as $account) {
484
      $status = $status && (strpos($this->content, t('%name has been deleted.', array('%name' => $account->getUsername()))) !== FALSE);
485
      $status = $status && !user_load($account->id(), TRUE);
486
    }
487
    $this->assertTrue($status, 'Users deleted and not found in the database.');
488 489

    // Ensure that admin account was not cancelled.
490
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
491
    $admin_user = user_load($admin_user->id());
492
    $this->assertTrue($admin_user->isActive(), 'Administrative user is found in the database and enabled.');
493 494 495

    // Verify that uid 1's account was not cancelled.
    $user1 = user_load(1, TRUE);
496
    $this->assertTrue($user1->isActive(), 'User #1 still exists and is not blocked.');
497 498
  }
}