UserCancelTest.php 21.7 KB
Newer Older
1 2 3 4 5 6 7 8 9 10
<?php

/**
 * @file
 * Definition of Drupal\user\Tests\UserCancelTest.
 */

namespace Drupal\user\Tests;

use Drupal\simpletest\WebTestBase;
11
use Drupal\comment\CommentInterface;
12
use Drupal\comment\Entity\Comment;
13 14 15 16 17

/**
 * Test cancelling a user.
 */
class UserCancelTest extends WebTestBase {
18

19 20 21 22 23
  /**
   * Modules to enable.
   *
   * @var array
   */
24
  public static $modules = array('node', 'comment');
25

26 27 28 29 30 31 32 33
  public static function getInfo() {
    return array(
      'name' => 'Cancel account',
      'description' => 'Ensure that account cancellation methods work as expected.',
      'group' => 'User',
    );
  }

34 35 36 37 38 39
  function setUp() {
    parent::setUp();

    $this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page'));
  }

40 41 42 43
  /**
   * Attempt to cancel account without permission.
   */
  function testUserCancelWithoutPermission() {
44
    \Drupal::config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
45 46 47 48 49

    // Create a user.
    $account = $this->drupalCreateUser(array());
    $this->drupalLogin($account);
    // Load real user object.
50
    $account = user_load($account->id(), TRUE);
51 52

    // Create a node.
53
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
54 55

    // Attempt to cancel account.
56
    $this->drupalGet('user/' . $account->id() . '/edit');
57
    $this->assertNoRaw(t('Cancel account'), 'No cancel account button displayed.');
58 59

    // Attempt bogus account cancellation request confirmation.
60 61
    $timestamp = $account->getLastLoginTime();
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
62
    $this->assertResponse(403, 'Bogus cancelling request rejected.');
63
    $account = user_load($account->id());
64
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
65 66

    // Confirm user's content has not been altered.
67
    $test_node = node_load($node->id(), TRUE);
68
    $this->assertTrue(($test_node->getOwnerId() == $account->id() && $test_node->isPublished()), 'Node of the user has not been altered.');
69 70 71 72 73 74 75 76 77
  }

  /**
   * Tests that user account for uid 1 cannot be cancelled.
   *
   * This should never be possible, or the site owner would become unable to
   * administer the site.
   */
  function testUserCancelUid1() {
78
    \Drupal::moduleHandler()->install(array('views'));
79 80 81 82
    // Update uid 1's name and password to we know it.
    $password = user_password();
    $account = array(
      'name' => 'user1',
83
      'pass' => $this->container->get('password')->hash(trim($password)),
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
    );
    // We cannot use $account->save() here, because this would result in the
    // password being hashed again.
    db_update('users')
      ->fields($account)
      ->condition('uid', 1)
      ->execute();

    // Reload and log in uid 1.
    $user1 = user_load(1, TRUE);
    $user1->pass_raw = $password;

    // Try to cancel uid 1's account with a different user.
    $this->admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($this->admin_user);
    $edit = array(
100 101
      'action' => 'user_cancel_user_action',
      'user_bulk_form[0]' => TRUE,
102
    );
103
    $this->drupalPostForm('admin/people', $edit, t('Apply'));
104 105 106

    // Verify that uid 1's account was not cancelled.
    $user1 = user_load(1, TRUE);
107
    $this->assertTrue($user1->isActive(), 'User #1 still exists and is not blocked.');
108 109 110 111 112 113
  }

  /**
   * Attempt invalid account cancellations.
   */
  function testUserCancelInvalid() {
114
    \Drupal::config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
115 116 117 118 119

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
120
    $account = user_load($account->id(), TRUE);
121 122

    // Create a node.
123
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
124 125

    // Attempt to cancel account.
126
    $this->drupalPostForm('user/' . $account->id() . '/edit', NULL, t('Cancel account'));
127 128 129

    // Confirm account cancellation.
    $timestamp = time();
130
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
131
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
132 133 134

    // Attempt bogus account cancellation request confirmation.
    $bogus_timestamp = $timestamp + 60;
135
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->getPassword(), $bogus_timestamp, $account->getLastLoginTime()));
136
    $this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), 'Bogus cancelling request rejected.');
137
    $account = user_load($account->id());
138
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
139 140 141

    // Attempt expired account cancellation request confirmation.
    $bogus_timestamp = $timestamp - 86400 - 60;
142
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->getPassword(), $bogus_timestamp, $account->getLastLoginTime()));
143
    $this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), 'Expired cancel account request rejected.');
144
    $account = user_load($account->id(), TRUE);
145
    $this->assertTrue($account->isActive(), 'User account was not canceled.');
146 147

    // Confirm user's content has not been altered.
148
    $test_node = node_load($node->id(), TRUE);
149
    $this->assertTrue(($test_node->getOwnerId() == $account->id() && $test_node->isPublished()), 'Node of the user has not been altered.');
150 151 152 153 154 155
  }

  /**
   * Disable account and keep all content.
   */
  function testUserBlock() {
156
    \Drupal::config('user.settings')->set('cancel_method', 'user_cancel_block')->save();
157 158 159 160 161 162

    // Create a user.
    $web_user = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($web_user);

    // Load real user object.
163
    $account = user_load($web_user->id(), TRUE);
164 165

    // Attempt to cancel account.
166
    $this->drupalGet('user/' . $account->id() . '/edit');
167
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
168 169 170
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
    $this->assertText(t('Your account will be blocked and you will no longer be able to log in. All of your content will remain attributed to your user name.'), 'Informs that all content will be remain as is.');
    $this->assertNoText(t('Select the method to cancel the account above.'), 'Does not allow user to select account cancellation method.');
171 172 173 174

    // Confirm account cancellation.
    $timestamp = time();

175
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
176
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
177 178

    // Confirm account cancellation request.
179
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
180
    $account = user_load($account->id(), TRUE);
181
    $this->assertTrue($account->isBlocked(), 'User has been blocked.');
182

183
    // Confirm that the confirmation message made it through to the end user.
184
    $this->assertRaw(t('%name has been disabled.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
185 186 187 188 189 190
  }

  /**
   * Disable account and unpublish all content.
   */
  function testUserBlockUnpublish() {
191
    \Drupal::config('user.settings')->set('cancel_method', 'user_cancel_block_unpublish')->save();
192 193
    // Create comment field on page.
    \Drupal::service('comment.manager')->addDefaultField('node', 'page');
194 195 196 197 198

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
199
    $account = user_load($account->id(), TRUE);
200 201

    // Create a node with two revisions.
202
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
203 204 205 206
    $settings = get_object_vars($node);
    $settings['revision'] = 1;
    $node = $this->drupalCreateNode($settings);

207 208 209 210 211 212 213 214 215 216 217 218 219 220
    // Add a comment to the page.
    $comment_subject = $this->randomName(8);
    $comment_body = $this->randomName(8);
    $comment = entity_create('comment', array(
      'subject' => $comment_subject,
      'comment_body' => $comment_body,
      'entity_id' => $node->id(),
      'entity_type' => 'node',
      'field_name' => 'comment',
      'status' => CommentInterface::PUBLISHED,
      'uid' => $account->id(),
    ));
    $comment->save();

221
    // Attempt to cancel account.
222
    $this->drupalGet('user/' . $account->id() . '/edit');
223
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
224 225
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
    $this->assertText(t('Your account will be blocked and you will no longer be able to log in. All of your content will be hidden from everyone but administrators.'), 'Informs that all content will be unpublished.');
226 227 228

    // Confirm account cancellation.
    $timestamp = time();
229
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
230
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
231 232

    // Confirm account cancellation request.
233
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
234
    $account = user_load($account->id(), TRUE);
235
    $this->assertTrue($account->isBlocked(), 'User has been blocked.');
236 237

    // Confirm user's content has been unpublished.
238
    $test_node = node_load($node->id(), TRUE);
239 240 241
    $this->assertFalse($test_node->isPublished(), 'Node of the user has been unpublished.');
    $test_node = node_revision_load($node->getRevisionId());
    $this->assertFalse($test_node->isPublished(), 'Node revision of the user has been unpublished.');
242

243 244 245 246 247
    $storage = \Drupal::entityManager()->getStorage('comment');
    $storage->resetCache(array($comment->id()));
    $comment = $storage->load($comment->id());
    $this->assertFalse($comment->isPublished(), 'Comment of the user has been unpublished.');

248
    // Confirm that the confirmation message made it through to the end user.
249
    $this->assertRaw(t('%name has been disabled.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
250 251 252 253 254 255
  }

  /**
   * Delete account and anonymize all content.
   */
  function testUserAnonymize() {
256
    \Drupal::config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
257 258 259 260 261

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account'));
    $this->drupalLogin($account);
    // Load real user object.
262
    $account = user_load($account->id(), TRUE);
263 264

    // Create a simple node.
265
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
266 267 268

    // Create a node with two revisions, the initial one belonging to the
    // cancelling user.
269
    $revision_node = $this->drupalCreateNode(array('uid' => $account->id()));
270
    $revision = $revision_node->getRevisionId();
271 272 273 274 275 276
    $settings = get_object_vars($revision_node);
    $settings['revision'] = 1;
    $settings['uid'] = 1; // Set new/current revision to someone else.
    $revision_node = $this->drupalCreateNode($settings);

    // Attempt to cancel account.
277
    $this->drupalGet('user/' . $account->id() . '/edit');
278
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
279
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
280
    $this->assertRaw(t('Your account will be removed and all account information deleted. All of your content will be assigned to the %anonymous-name user.', array('%anonymous-name' => \Drupal::config('user.settings')->get('anonymous'))), 'Informs that all content will be attributed to anonymous account.');
281 282 283

    // Confirm account cancellation.
    $timestamp = time();
284
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
285
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
286 287

    // Confirm account cancellation request.
288
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
289
    $this->assertFalse(user_load($account->id(), TRUE), 'User is not found in the database.');
290 291

    // Confirm that user's content has been attributed to anonymous user.
292
    $test_node = node_load($node->id(), TRUE);
293
    $this->assertTrue(($test_node->getOwnerId() == 0 && $test_node->isPublished()), 'Node of the user has been attributed to anonymous user.');
294
    $test_node = node_revision_load($revision, TRUE);
295
    $this->assertTrue(($test_node->getRevisionAuthor()->id() == 0 && $test_node->isPublished()), 'Node revision of the user has been attributed to anonymous user.');
296
    $test_node = node_load($revision_node->id(), TRUE);
297
    $this->assertTrue(($test_node->getOwnerId() != 0 && $test_node->isPublished()), "Current revision of the user's node was not attributed to anonymous user.");
298

299
    // Confirm that the confirmation message made it through to the end user.
300
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
301 302 303 304 305 306
  }

  /**
   * Delete account and remove all content.
   */
  function testUserDelete() {
307
    \Drupal::config('user.settings')->set('cancel_method', 'user_cancel_delete')->save();
308
    \Drupal::moduleHandler()->install(array('comment'));
309
    $this->resetAll();
310
    $this->container->get('comment.manager')->addDefaultField('node', 'page');
311 312 313 314 315

    // Create a user.
    $account = $this->drupalCreateUser(array('cancel account', 'post comments', 'skip comment approval'));
    $this->drupalLogin($account);
    // Load real user object.
316
    $account = user_load($account->id(), TRUE);
317 318

    // Create a simple node.
319
    $node = $this->drupalCreateNode(array('uid' => $account->id()));
320 321 322 323

    // Create comment.
    $edit = array();
    $edit['subject'] = $this->randomName(8);
324
    $edit['comment_body[0][value]'] = $this->randomName(16);
325

326
    $this->drupalPostForm('comment/reply/node/' . $node->id() . '/comment', $edit, t('Preview'));
327
    $this->drupalPostForm(NULL, array(), t('Save'));
328
    $this->assertText(t('Your comment has been posted.'));
329
    $comments = entity_load_multiple_by_properties('comment', array('subject' => $edit['subject']));
330
    $comment = reset($comments);
331
    $this->assertTrue($comment->id(), 'Comment found.');
332 333 334

    // Create a node with two revisions, the initial one belonging to the
    // cancelling user.
335
    $revision_node = $this->drupalCreateNode(array('uid' => $account->id()));
336
    $revision = $revision_node->getRevisionId();
337 338 339 340 341 342
    $settings = get_object_vars($revision_node);
    $settings['revision'] = 1;
    $settings['uid'] = 1; // Set new/current revision to someone else.
    $revision_node = $this->drupalCreateNode($settings);

    // Attempt to cancel account.
343
    $this->drupalGet('user/' . $account->id() . '/edit');
344
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
345 346
    $this->assertText(t('Are you sure you want to cancel your account?'), 'Confirmation form to cancel account displayed.');
    $this->assertText(t('Your account will be removed and all account information deleted. All of your content will also be deleted.'), 'Informs that all content will be deleted.');
347 348 349

    // Confirm account cancellation.
    $timestamp = time();
350
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
351
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
352 353

    // Confirm account cancellation request.
354
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime()));
355
    $this->assertFalse(user_load($account->id(), TRUE), 'User is not found in the database.');
356 357

    // Confirm that user's content has been deleted.
358
    $this->assertFalse(node_load($node->id(), TRUE), 'Node of the user has been deleted.');
359
    $this->assertFalse(node_revision_load($revision), 'Node revision of the user has been deleted.');
360
    $this->assertTrue(node_load($revision_node->id(), TRUE), "Current revision of the user's node was not deleted.");
361 362
    \Drupal::entityManager()->getStorage('comment')->resetCache(array($comment->id()));
    $this->assertFalse(Comment::load($comment->id()), 'Comment of the user has been deleted.');
363

364
    // Confirm that the confirmation message made it through to the end user.
365
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), "Confirmation message displayed to user.");
366 367 368 369 370 371
  }

  /**
   * Create an administrative user and delete another user.
   */
  function testUserCancelByAdmin() {
372
    \Drupal::config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
373 374 375 376 377 378 379 380 381

    // Create a regular user.
    $account = $this->drupalCreateUser(array());

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

    // Delete regular user.
382
    $this->drupalGet('user/' . $account->id() . '/edit');
383
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
384
    $this->assertRaw(t('Are you sure you want to cancel the account %name?', array('%name' => $account->getUsername())), 'Confirmation form to cancel account displayed.');
385
    $this->assertText(t('Select the method to cancel the account above.'), 'Allows to select account cancellation method.');
386 387

    // Confirm deletion.
388
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
389
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), 'User deleted.');
390
    $this->assertFalse(user_load($account->id()), 'User is not found in the database.');
391 392 393
  }

  /**
394
   * Tests deletion of a user account without an email address.
395 396
   */
  function testUserWithoutEmailCancelByAdmin() {
397
    \Drupal::config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
398 399 400

    // Create a regular user.
    $account = $this->drupalCreateUser(array());
401
    // This user has no email address.
402 403 404 405 406 407 408
    $account->mail = '';
    $account->save();

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

409
    // Delete regular user without email address.
410
    $this->drupalGet('user/' . $account->id() . '/edit');
411
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
412
    $this->assertRaw(t('Are you sure you want to cancel the account %name?', array('%name' => $account->getUsername())), 'Confirmation form to cancel account displayed.');
413
    $this->assertText(t('Select the method to cancel the account above.'), 'Allows to select account cancellation method.');
414 415

    // Confirm deletion.
416
    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
417
    $this->assertRaw(t('%name has been deleted.', array('%name' => $account->getUsername())), 'User deleted.');
418
    $this->assertFalse(user_load($account->id()), 'User is not found in the database.');
419 420 421 422 423 424
  }

  /**
   * Create an administrative user and mass-delete other users.
   */
  function testMassUserCancelByAdmin() {
425
    \Drupal::moduleHandler()->install(array('views'));
426
    \Drupal::config('user.settings')->set('cancel_method', 'user_cancel_reassign')->save();
427
    // Enable account cancellation notification.
428
    \Drupal::config('user.settings')->set('notify.status_canceled', TRUE)->save();
429 430 431 432 433 434 435 436 437

    // Create administrative user.
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);

    // Create some users.
    $users = array();
    for ($i = 0; $i < 3; $i++) {
      $account = $this->drupalCreateUser(array());
438
      $users[$account->id()] = $account;
439 440 441 442
    }

    // Cancel user accounts, including own one.
    $edit = array();
443 444 445
    $edit['action'] = 'user_cancel_user_action';
    for ($i = 0; $i <= 4; $i++) {
      $edit['user_bulk_form[' . $i . ']'] = TRUE;
446
    }
447
    $this->drupalPostForm('admin/people', $edit, t('Apply'));
448 449
    $this->assertText(t('Are you sure you want to cancel these user accounts?'), 'Confirmation form to cancel accounts displayed.');
    $this->assertText(t('When cancelling these accounts'), 'Allows to select account cancellation method.');
450
    $this->assertText(t('Require email confirmation to cancel account.'), 'Allows to send confirmation mail.');
451
    $this->assertText(t('Notify user when account is canceled.'), 'Allows to send notification mail.');
452 453

    // Confirm deletion.
454
    $this->drupalPostForm(NULL, NULL, t('Cancel accounts'));
455 456
    $status = TRUE;
    foreach ($users as $account) {
457
      $status = $status && (strpos($this->content, t('%name has been deleted.', array('%name' => $account->getUsername()))) !== FALSE);
458
      $status = $status && !user_load($account->id(), TRUE);
459
    }
460
    $this->assertTrue($status, 'Users deleted and not found in the database.');
461 462

    // Ensure that admin account was not cancelled.
463
    $this->assertText(t('A confirmation request to cancel your account has been sent to your email address.'), 'Account cancellation request mailed message displayed.');
464
    $admin_user = user_load($admin_user->id());
465
    $this->assertTrue($admin_user->isActive(), 'Administrative user is found in the database and enabled.');
466 467 468

    // Verify that uid 1's account was not cancelled.
    $user1 = user_load(1, TRUE);
469
    $this->assertTrue($user1->isActive(), 'User #1 still exists and is not blocked.');
470 471
  }
}