Commit 5a3ef306 authored by alexpott's avatar alexpott

Issue #2239969 by znerol, sun: Session of (UI) test runner leaks into web tests.

parent 0947b0fb
......@@ -7,6 +7,7 @@
namespace Drupal\simpletest;
use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\Random;
use Drupal\Core\Database\Database;
use Drupal\Component\Utility\String;
......@@ -189,6 +190,11 @@ abstract class TestBase {
*/
protected $randomGenerator;
/**
* The name of the session cookie.
*/
protected $originalSessionName;
/**
* Constructor for Test.
*
......@@ -1029,8 +1035,17 @@ private function prepareEnvironment() {
$this->originalProfile = drupal_get_profile();
$this->originalUser = isset($user) ? clone $user : NULL;
// Ensure that the current session is not changed by the new environment.
\Drupal::service('session_manager')->disable();
// Prevent that session data is leaked into the UI test runner by closing
// the session and then setting the session-name (i.e. the name of the
// session cookie) to a random value. If a test starts a new session, then
// it will be associated with a different session-name. After the test-run
// it can be safely destroyed.
// @see TestBase::restoreEnvironment()
if (PHP_SAPI != 'cli' && session_status() == PHP_SESSION_ACTIVE) {
session_write_close();
}
$this->originalSessionName = session_name();
session_name('SIMPLETEST' . Crypt::randomBytesBase64());
// Save and clean the shutdown callbacks array because it is static cached
// and will be changed by the test run. Otherwise it will contain callbacks
......@@ -1145,6 +1160,15 @@ protected function tearDown() {
* @see TestBase::prepareEnvironment()
*/
private function restoreEnvironment() {
// Destroy the session if one was started during the test-run.
$_SESSION = array();
if (PHP_SAPI != 'cli' && session_status() == PHP_SESSION_ACTIVE) {
session_destroy();
$params = session_get_cookie_params();
setcookie(session_name(), '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
session_name($this->originalSessionName);
// Reset all static variables.
// Unsetting static variables will potentially invoke destruct methods,
// which might call into functions that prime statics and caches again.
......@@ -1230,7 +1254,6 @@ private function restoreEnvironment() {
// Restore original user session.
$this->container->set('current_user', $this->originalUser);
\Drupal::service('session_manager')->enable();
}
/**
......
......@@ -776,6 +776,16 @@ protected function drupalLogout() {
}
}
/**
* Return the session name in use on the child site.
*
* @return string
* The name of the session cookie.
*/
public function getSessionName() {
return $this->session_name;
}
/**
* Sets up a Drupal site for running functional and integration tests.
*
......@@ -807,6 +817,12 @@ protected function setUp() {
'pass_raw' => $this->randomName(),
));
// The simpletest child site currently uses the same session name as the
// execution environment.
// @todo: Introduce a setting such that the session name can be customized
// for the child site.
$this->session_name = $this->originalSessionName;
// Reset the static batch to remove Simpletest's batch operations.
$batch = &batch_get();
$batch = array();
......@@ -1107,7 +1123,6 @@ protected function rebuildContainer($environment = 'prod') {
else {
$this->container->get('request_stack')->push($request);
}
$this->container->get('current_user')->setAccount(\Drupal::currentUser());
// The request context is normally set by the router_listener from within
// its KernelEvents::REQUEST listener. In the simpletest parent site this
......@@ -1224,9 +1239,6 @@ protected function curlInitialize() {
if (!$result) {
throw new \UnexpectedValueException('One or more cURL options could not be set.');
}
// By default, the child session name should be the same as the parent.
$this->session_name = session_name();
}
// We set the user agent header on each request so as to use the current
// time and a new uniqid.
......
......@@ -40,12 +40,12 @@ public function setUp() {
protected function testHttpsSession() {
if ($this->request->isSecure()) {
$secure_session_name = session_name();
$insecure_session_name = substr(session_name(), 1);
$secure_session_name = $this->getSessionName();
$insecure_session_name = substr($this->getSessionName(), 1);
}
else {
$secure_session_name = 'S' . session_name();
$insecure_session_name = session_name();
$secure_session_name = 'S' . $this->getSessionName();
$insecure_session_name = $this->getSessionName();
}
$user = $this->drupalCreateUser(array('access administration pages'));
......@@ -124,8 +124,8 @@ protected function testMixedModeSslSession() {
return;
}
else {
$secure_session_name = 'S' . session_name();
$insecure_session_name = session_name();
$secure_session_name = 'S' . $this->getSessionName();
$insecure_session_name = $this->getSessionName();
}
// Enable secure pages.
......@@ -231,12 +231,12 @@ protected function testMixedModeSslSession() {
*/
protected function testCsrfTokenWithMixedModeSsl() {
if ($this->request->isSecure()) {
$secure_session_name = session_name();
$insecure_session_name = substr(session_name(), 1);
$secure_session_name = $this->getSessionName();
$insecure_session_name = substr($this->getSessionName(), 1);
}
else {
$secure_session_name = 'S' . session_name();
$insecure_session_name = session_name();
$secure_session_name = 'S' . $this->getSessionName();
$insecure_session_name = $this->getSessionName();
}
// Enable mixed mode SSL.
......
......@@ -36,7 +36,7 @@ public static function getInfo() {
*/
function testSessionSaveRegenerate() {
$session_manager = $this->container->get('session_manager');
$this->assertFalse($session_manager->isEnabled(), 'SessionManager->isEnabled() initially returns FALSE (in testing framework).');
$this->assertTrue($session_manager->isEnabled(), 'SessionManager->isEnabled() initially returns TRUE.');
$this->assertFalse($session_manager->disable()->isEnabled(), 'SessionManager->isEnabled() returns FALSE after disabling.');
$this->assertTrue($session_manager->enable()->isEnabled(), 'SessionManager->isEnabled() returns TRUE after enabling.');
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment