Commit d78b0396 authored by xjm's avatar xjm
Browse files

Issue #3132964 by jungle, longwave, sja112, dww, xjm, daffie: assertResponse()...

Issue #3132964 by jungle, longwave, sja112, dww, xjm, daffie: assertResponse() does not actually support a $message parameter, so stop passing one

(cherry picked from commit f09c8902)
parent 9ce30654
......@@ -35,7 +35,7 @@ public function testAddFeed() {
// Check feed source.
$this->drupalGet('aggregator/sources/' . $feed->id());
$this->assertResponse(200, 'Feed source exists.');
$this->assertResponse(200);
$this->assertText($feed->label(), 'Page title');
$this->assertRaw($feed->getWebsiteUrl());
......@@ -91,7 +91,7 @@ public function testAddLongFeed() {
// Check feed source.
$this->drupalGet('aggregator/sources/' . $feed->id());
$this->assertResponse(200, 'Long URL feed source exists.');
$this->assertResponse(200);
$this->assertText($feed->label(), 'Page title');
// Delete feeds.
......
......@@ -181,7 +181,7 @@ public function getDefaultFeedItemCount() {
public function updateFeedItems(FeedInterface $feed, $expected_count = NULL) {
// First, let's ensure we can get to the rss xml.
$this->drupalGet($feed->getUrl());
$this->assertResponse(200, new FormattableMarkup(':url is reachable.', [':url' => $feed->getUrl()]));
$this->assertResponse(200);
// Attempt to access the update link directly without an access token.
$this->drupalGet('admin/config/services/aggregator/update/' . $feed->id());
......
......@@ -45,7 +45,7 @@ public function testDeleteFeed() {
// Check feed source.
$this->drupalGet('aggregator/sources/' . $feed1->id());
$this->assertResponse(404, 'Deleted feed source does not exist.');
$this->assertResponse(404);
// Check database for feed.
$result = \Drupal::entityQuery('aggregator_feed')->condition('title', $feed1->label())->condition('url', $feed1->getUrl())->count()->execute();
......
......@@ -22,7 +22,7 @@ public function testFeedUpdateFields() {
$scheduled_feed = $this->createFeed(NULL, ['refresh' => '900']);
$this->drupalGet('admin/config/services/aggregator');
$this->assertResponse(200, 'Aggregator feed overview page exists.');
$this->assertResponse(200);
// The scheduled feed shows that it has not been updated yet and is
// scheduled.
......
......@@ -2,7 +2,6 @@
namespace Drupal\Tests\aggregator\Functional;
use Drupal\Component\Render\FormattableMarkup;
use Drupal\aggregator\FeedStorageInterface;
use Drupal\Core\Url;
use Drupal\aggregator\Entity\Feed;
......@@ -38,7 +37,7 @@ public function testRSS091Sample() {
$feed = $this->createFeed($this->getRSS091Sample());
$feed->refreshItems();
$this->drupalGet('aggregator/sources/' . $feed->id());
$this->assertResponse(200, new FormattableMarkup('Feed %name exists.', ['%name' => $feed->label()]));
$this->assertResponse(200);
$this->assertText('First example feed item title');
$this->assertLinkByHref('http://example.com/example-turns-one');
$this->assertText('First example feed item description.');
......@@ -61,7 +60,7 @@ public function testAtomSample() {
$feed = $this->createFeed($this->getAtomSample());
$feed->refreshItems();
$this->drupalGet('aggregator/sources/' . $feed->id());
$this->assertResponse(200, new FormattableMarkup('Feed %name exists.', ['%name' => $feed->label()]));
$this->assertResponse(200);
$this->assertText('Atom-Powered Robots Run Amok');
$this->assertLinkByHref('http://example.org/2003/12/13/atom03');
$this->assertText('Some text.');
......@@ -85,7 +84,7 @@ public function testHtmlEntitiesSample() {
$feed = $this->createFeed($this->getHtmlEntitiesSample());
$feed->refreshItems();
$this->drupalGet('aggregator/sources/' . $feed->id());
$this->assertResponse(200, new FormattableMarkup('Feed %name exists.', ['%name' => $feed->label()]));
$this->assertResponse(200);
$this->assertRaw("Quote" Amp&");
}
......
......@@ -44,7 +44,7 @@ public function testUpdateFeed() {
// Check feed source.
$this->drupalGet('aggregator/sources/' . $feed->id());
$this->assertResponse(200, 'Feed source exists.');
$this->assertResponse(200);
$this->assertText($edit['title[0][value]'], 'Page title');
// Set correct title so deleteFeed() will work.
......
......@@ -47,31 +47,37 @@ public function testBasicAuth() {
$account = $this->drupalCreateUser();
$url = Url::fromRoute('router_test.11');
// Ensure we can log in with valid authentication details.
$this->basicAuthGet($url, $account->getAccountName(), $account->pass_raw);
$this->assertText($account->getAccountName(), 'Account name is displayed.');
$this->assertResponse('200', 'HTTP response is OK');
$this->assertResponse(200);
$this->mink->resetSessions();
$this->assertNull($this->drupalGetHeader('X-Drupal-Cache'));
// Check that Cache-Control is not set to public.
$this->assertSession()->responseHeaderNotContains('Cache-Control', 'public');
// Ensure that invalid authentication details give access denied.
$this->basicAuthGet($url, $account->getAccountName(), $this->randomMachineName());
$this->assertNoText($account->getAccountName(), 'Bad basic auth credentials do not authenticate the user.');
$this->assertResponse('403', 'Access is not granted.');
$this->assertResponse(403);
$this->mink->resetSessions();
// Ensure that the user is prompted to authenticate if they are not yet
// authenticated and the route only allows basic auth.
$this->drupalGet($url);
$this->assertEqual($this->drupalGetHeader('WWW-Authenticate'), new FormattableMarkup('Basic realm="@realm"', ['@realm' => \Drupal::config('system.site')->get('name')]));
$this->assertResponse('401', 'Not authenticated on the route that allows only basic_auth. Prompt to authenticate received.');
$this->assertResponse(401);
// Ensure that a route without basic auth defined doesn't prompt for auth.
$this->drupalGet('admin');
$this->assertResponse('403', 'No authentication prompt for routes not explicitly defining authentication providers.');
$this->assertResponse(403);
$account = $this->drupalCreateUser(['access administration pages']);
// Ensure that a route without basic auth defined doesn't allow login.
$this->basicAuthGet(Url::fromRoute('system.admin'), $account->getAccountName(), $account->pass_raw);
$this->assertNoLink('Log out', 'User is not logged in');
$this->assertResponse('403', 'No basic authentication for routes not explicitly defining authentication providers.');
$this->assertResponse(403);
$this->mink->resetSessions();
// Ensure that pages already in the page cache aren't returned from page
......@@ -107,7 +113,7 @@ public function testGlobalLoginFloodControl() {
// IP limit has reached to its limit. Even valid user credentials will fail.
$this->basicAuthGet($url, $user->getAccountName(), $user->pass_raw);
$this->assertResponse('403', 'Access is blocked because of IP based flood prevention.');
$this->assertResponse(403);
}
/**
......@@ -131,7 +137,7 @@ public function testPerUserLoginFloodControl() {
// A successful login will reset the per-user flood control count.
$this->basicAuthGet($url, $user->getAccountName(), $user->pass_raw);
$this->assertResponse('200', 'Per user flood prevention gets reset on a successful login.');
$this->assertResponse(200);
// Try 2 failed logins for a user. They will trigger flood control.
for ($i = 0; $i < 2; $i++) {
......@@ -140,12 +146,12 @@ public function testPerUserLoginFloodControl() {
// Now the user account is blocked.
$this->basicAuthGet($url, $user->getAccountName(), $user->pass_raw);
$this->assertResponse('403', 'The user account is blocked due to per user flood prevention.');
$this->assertResponse(403);
// Try one successful attempt for a different user, it should not trigger
// any flood control.
$this->basicAuthGet($url, $user2->getAccountName(), $user2->pass_raw);
$this->assertResponse('200', 'Per user flood prevention does not block access for other users.');
$this->assertResponse(200);
}
/**
......@@ -160,7 +166,7 @@ public function testLocale() {
$this->basicAuthGet($url, $account->getAccountName(), $account->pass_raw);
$this->assertText($account->getAccountName(), 'Account name is displayed.');
$this->assertResponse('200', 'HTTP response is OK');
$this->assertResponse(200);
}
/**
......@@ -172,24 +178,24 @@ public function testUnauthorizedErrorMessage() {
// Case when no credentials are passed.
$this->drupalGet($url);
$this->assertResponse('401', 'The user is blocked when no credentials are passed.');
$this->assertResponse(401);
$this->assertNoText('Exception', "No raw exception is displayed on the page.");
$this->assertText('Please log in to access this page.', "A user friendly access unauthorized message is displayed.");
// Case when empty credentials are passed.
$this->basicAuthGet($url, NULL, NULL);
$this->assertResponse('403', 'The user is blocked when empty credentials are passed.');
$this->assertResponse(403);
$this->assertText('Access denied', "A user friendly access denied message is displayed");
// Case when wrong credentials are passed.
$this->basicAuthGet($url, $account->getAccountName(), $this->randomMachineName());
$this->assertResponse('403', 'The user is blocked when wrong credentials are passed.');
$this->assertResponse(403);
$this->assertText('Access denied', "A user friendly access denied message is displayed");
// Case when correct credentials but hasn't access to the route.
$url = Url::fromRoute('router_test.15');
$this->basicAuthGet($url, $account->getAccountName(), $account->pass_raw);
$this->assertResponse('403', 'The used authentication method is not allowed on this route.');
$this->assertResponse(403);
$this->assertText('Access denied', "A user friendly access denied message is displayed");
}
......
......@@ -94,13 +94,15 @@ public function testBlockDemoUiPage() {
$elements = $this->xpath('//div[contains(@class, "region-highlighted")]/div[contains(@class, "block-region") and contains(text(), :title)]', [':title' => 'Highlighted']);
$this->assertTrue(!empty($elements), 'Block demo regions are shown.');
// Ensure that other themes can use the block demo page.
\Drupal::service('theme_installer')->install(['test_theme']);
$this->drupalGet('admin/structure/block/demo/test_theme');
$this->assertEscaped('<strong>Test theme</strong>');
// Ensure that a hidden theme cannot use the block demo page.
\Drupal::service('theme_installer')->install(['stable']);
$this->drupalGet('admin/structure/block/demo/stable');
$this->assertResponse(404, 'Hidden themes that are not the default theme are not supported by the block demo screen');
$this->assertResponse(404);
}
/**
......@@ -159,16 +161,19 @@ public function testBlockAdminUiPage() {
$this->assertLink($theme_handler->getName('stark'));
$this->assertNoLink($theme_handler->getName('stable'));
// Ensure that a hidden theme cannot use the block demo page.
$this->drupalGet('admin/structure/block/list/stable');
$this->assertResponse(404, 'Placing blocks through UI is not possible for a hidden base theme.');
$this->assertResponse(404);
// Ensure that a hidden theme set as the admin theme can use the block demo
// page.
\Drupal::configFactory()->getEditable('system.theme')->set('admin', 'stable')->save();
\Drupal::service('router.builder')->rebuildIfNeeded();
$this->drupalPlaceBlock('local_tasks_block', ['region' => 'header', 'theme' => 'stable']);
$this->drupalGet('admin/structure/block');
$this->assertLink($theme_handler->getName('stable'));
$this->drupalGet('admin/structure/block/list/stable');
$this->assertResponse(200, 'Placing blocks through UI is possible for a hidden base theme that is the admin theme.');
$this->assertResponse(200);
}
/**
......
......@@ -31,8 +31,8 @@ public function testPageEdit() {
// Attempt to view the block.
$this->drupalGet('block-content/' . $block->id());
// Assert response was '200' and not '403 Access denied'.
$this->assertResponse('200', 'User was able the view the block');
// Ensure user was able to view the block.
$this->assertResponse(200);
$this->drupalGet('<front>');
$this->assertRaw(t('This block is broken or missing. You may be missing content or you might need to enable the original module.'));
}
......
......@@ -214,11 +214,11 @@ public function testBookExport() {
// Make sure we can't export an unsupported format.
$this->drupalGet('book/export/foobar/' . $this->book->id());
$this->assertResponse('404', 'Unsupported export format returned "not found".');
$this->assertResponse(404);
// Make sure we get a 404 on a not existing book node.
$this->drupalGet('book/export/html/123');
$this->assertResponse('404', 'Not existing book node returned "not found".');
$this->assertResponse(404);
// Make sure an anonymous user cannot view printer-friendly version.
$this->drupalLogout();
......@@ -229,14 +229,14 @@ public function testBookExport() {
// Try getting the URL directly, and verify it fails.
$this->drupalGet('book/export/html/' . $this->book->id());
$this->assertResponse('403', 'Anonymous user properly forbidden.');
$this->assertResponse(403);
// Now grant anonymous users permission to view the printer-friendly
// version and verify that node access restrictions still prevent them from
// seeing it.
user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access printer-friendly version']);
$this->drupalGet('book/export/html/' . $this->book->id());
$this->assertResponse('403', 'Anonymous user properly forbidden from seeing the printer-friendly version when denied by node access.');
$this->assertResponse(403);
}
/**
......@@ -356,9 +356,11 @@ public function testBookDelete() {
$this->drupalLogin($this->adminUser);
$edit = [];
// Test access to delete top-level and child book nodes.
// Ensure that the top-level book node cannot be deleted.
$this->drupalGet('node/' . $this->book->id() . '/outline/remove');
$this->assertResponse('403', 'Deleting top-level book node properly forbidden.');
$this->assertResponse(403);
// Ensure that a child book node can be deleted.
$this->drupalPostForm('node/' . $nodes[4]->id() . '/outline/remove', $edit, t('Remove'));
$node_storage->resetCache([$nodes[4]->id()]);
$node4 = $node_storage->load($nodes[4]->id());
......
......@@ -156,12 +156,14 @@ public function testApprovalNodeInterface() {
$this->assertFalse($this->commentExists($anonymous_comment4), 'Anonymous comment was not published.');
// Approve comment.
// Ensure comments cannot be approved without a valid token.
$this->drupalLogin($this->adminUser);
$this->drupalGet('comment/1/approve');
$this->assertResponse(403, 'Forged comment approval was denied.');
$this->assertResponse(403);
$this->drupalGet('comment/1/approve', ['query' => ['token' => 'forged']]);
$this->assertResponse(403, 'Forged comment approval was denied.');
$this->assertResponse(403);
// Approve comment.
$this->drupalGet('comment/1/edit');
$this->assertFieldChecked('edit-status-0');
$this->drupalGet('node/' . $this->node->id());
......
......@@ -64,8 +64,9 @@ public function testCommentTypeCreation() {
// Log in a test user.
$this->drupalLogin($this->adminUser);
// Ensure that the new comment type admin page can be accessed.
$this->drupalGet('admin/structure/comment/manage/' . $type->id());
$this->assertResponse(200, 'The new comment type can be accessed at the edit form.');
$this->assertResponse(200);
// Create a comment type via the user interface.
$edit = [
......
......@@ -53,7 +53,7 @@ public function testExport() {
// Submit the export form and verify response. This will create a file in
// temporary directory with the default name config.tar.gz.
$this->drupalPostForm('admin/config/development/configuration/full/export', [], t('Export'));
$this->assertResponse(200, 'User can access the download callback.');
$this->assertResponse(200);
// Test if header contains file name with hostname and timestamp.
$request = \Drupal::request();
......
......@@ -51,7 +51,7 @@ protected function setUp(): void {
public function testContactLanguage() {
// Ensure that contact form by default does not show the language select.
$this->drupalGet('contact');
$this->assertResponse(200, 'The page exists');
$this->assertResponse(200);
$this->assertNoField('edit-langcode-0-value');
// Enable language select from content language settings page.
......@@ -62,7 +62,7 @@ public function testContactLanguage() {
// Ensure that contact form now shows the language select.
$this->drupalGet('contact');
$this->assertResponse(200, 'The page exists');
$this->assertResponse(200);
$this->assertField('edit-langcode-0-value');
}
......
......@@ -137,7 +137,7 @@ public function testPersonalContactAccess() {
$original_email = $this->contactUser->getEmail();
$this->contactUser->setEmail(FALSE)->save();
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertResponse(404, 'Not found (404) returned when visiting a personal contact form for a user with no email address');
$this->assertResponse(404);
// Test that the 'contact tab' does not appear on the user profiles
// for users without an email address configured.
......
......@@ -83,7 +83,7 @@ protected function doTestBasicTranslation() {
$entity = $storage->load($this->entityId);
$this->assertNotEmpty($entity, 'Entity found in the database.');
$this->drupalGet($entity->toUrl());
$this->assertResponse(200, 'Entity URL is valid.');
$this->assertResponse(200);
// Ensure that the content language cache context is not yet added to the
// page.
......
......@@ -163,26 +163,25 @@ public function testWorkflows() {
protected function doTestWorkflows(UserInterface $user, $expected_status) {
$default_langcode = $this->langcodes[0];
$languages = $this->container->get('language_manager')->getLanguages();
$args = ['@user_label' => $user->getAccountName()];
$options = ['language' => $languages[$default_langcode], 'absolute' => TRUE];
$this->drupalLogin($user);
// Check whether the user is allowed to access the entity form in edit mode.
$edit_url = $this->entity->toUrl('edit-form', $options);
$this->drupalGet($edit_url, $options);
$this->assertResponse($expected_status['edit'], new FormattableMarkup('The @user_label has the expected edit access.', $args));
$this->assertResponse($expected_status['edit']);
// Check whether the user is allowed to access the entity delete form.
$delete_url = $this->entity->toUrl('delete-form', $options);
$this->drupalGet($delete_url, $options);
$this->assertResponse($expected_status['delete'], new FormattableMarkup('The @user_label has the expected delete access.', $args));
$this->assertResponse($expected_status['delete']);
// Check whether the user is allowed to access the translation overview.
$langcode = $this->langcodes[1];
$options['language'] = $languages[$langcode];
$translations_url = $this->entity->toUrl('drupal:content-translation-overview', $options)->toString();
$this->drupalGet($translations_url);
$this->assertResponse($expected_status['overview'], new FormattableMarkup('The @user_label has the expected translation overview access.', $args));
$this->assertResponse($expected_status['overview']);
// Check whether the user is allowed to create a translation.
$add_translation_url = Url::fromRoute("entity.$this->entityTypeId.content_translation_add", [$this->entityTypeId => $this->entity->id(), 'source' => $default_langcode, 'target' => $langcode], $options);
......@@ -198,7 +197,7 @@ protected function doTestWorkflows(UserInterface $user, $expected_status) {
else {
$this->drupalGet($add_translation_url);
}
$this->assertResponse($expected_status['add_translation'], new FormattableMarkup('The @user_label has the expected translation creation access.', $args));
$this->assertResponse($expected_status['add_translation']);
// Check whether the user is allowed to edit a translation.
$langcode = $this->langcodes[2];
......@@ -226,7 +225,7 @@ protected function doTestWorkflows(UserInterface $user, $expected_status) {
else {
$this->drupalGet($edit_translation_url);
}
$this->assertResponse($expected_status['edit_translation'], new FormattableMarkup('The @user_label has the expected translation edit access.', $args));
$this->assertResponse($expected_status['edit_translation']);
// Check whether the user is allowed to delete a translation.
$langcode = $this->langcodes[2];
......@@ -254,7 +253,7 @@ protected function doTestWorkflows(UserInterface $user, $expected_status) {
else {
$this->drupalGet($delete_translation_url);
}
$this->assertResponse($expected_status['delete_translation'], new FormattableMarkup('The @user_label has the expected translation deletion access.', $args));
$this->assertResponse($expected_status['delete_translation']);
}
/**
......
......@@ -77,7 +77,7 @@ protected function doPrivateFileTransferTest() {
$this->drupalGet($url);
$this->assertEqual($this->drupalGetHeader('x-foo'), 'Bar', 'Found header set by file_test module on private download.');
$this->assertNull($this->drupalGetHeader('x-drupal-cache'), 'Page cache is disabled on private file download.');
$this->assertResponse(200, 'Correctly allowed access to a file when file_test provides headers.');
$this->assertResponse(200);
// Ensure hook_file_download is fired correctly.
$this->assertEquals($file->getFileUri(), \Drupal::state()->get('file_test.results')['download'][0][0]);
......
......@@ -40,7 +40,7 @@ public function testAnonymousNode() {
// Load the node form.
$this->drupalLogout();
$this->drupalGet('node/add/article');
$this->assertResponse(200, 'Loaded the article node form.');
$this->assertResponse(200);
$this->assertText(strip_tags(t('Create @name', ['@name' => $bundle_label])));
$edit = [
......@@ -71,7 +71,7 @@ public function testAnonymousNodeWithFile() {
// Load the node form.
$this->drupalLogout();
$this->drupalGet('node/add/article');
$this->assertResponse(200, 'Loaded the article node form.');
$this->assertResponse(200);
$this->assertText(strip_tags(t('Create @name', ['@name' => $bundle_label])));
// Generate an image file.
......@@ -128,7 +128,7 @@ protected function doTestNodeWithFileWithoutTitle() {
// Load the node form.
$this->drupalGet('node/add/article');
$this->assertResponse(200, 'Loaded the article node form.');
$this->assertResponse(200);
$this->assertText(strip_tags(t('Create @name', ['@name' => $bundle_label])));
// Generate an image file.
......
......@@ -93,7 +93,7 @@ public function testSingleValuedWidget() {
// Ensure the file can be downloaded.
$this->drupalGet($node_file->createFileUrl());
$this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
$this->assertResponse(200);
// Ensure the edit page has a remove button instead of an upload button.
$this->drupalGet("node/$nid/edit");
......@@ -267,7 +267,7 @@ public function testPrivateFileSetting() {
// Ensure the private file is available to the user who uploaded it.
$this->drupalGet($node_file->createFileUrl());
$this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
$this->assertResponse(200);
// Ensure we can't change 'uri_scheme' field settings while there are some
// entities with uploaded files.
......@@ -335,12 +335,12 @@ public function testPrivateFileComment() {
$url = $comment_file->createFileUrl();
$this->assertNotEqual($url, NULL, 'Confirmed that the URL is valid');
$this->drupalGet($comment_file->createFileUrl());
$this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
$this->assertResponse(200);
// Test anonymous file download.
// Ensure that the anonymous user cannot download the file.
$this->drupalLogout();
$this->drupalGet($comment_file->createFileUrl());
$this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
$this->assertResponse(403);
// Unpublishes node.
$this->drupalLogin($this->adminUser);
......@@ -350,7 +350,7 @@ public function testPrivateFileComment() {
// Ensures normal user can no longer download the file.
$this->drupalLogin($user);
$this->drupalGet($comment_file->createFileUrl());
$this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
$this->assertResponse(403);
}
/**
......@@ -512,7 +512,7 @@ protected function doTestTemporaryFileRemovalExploit(UserInterface $victim_user,
// Ensure the file can be downloaded.
$this->drupalGet($node_file->createFileUrl());
$this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
$this->assertResponse(200);
// "Click" the remove button (emulating either a nojs or js submission).
// In this POST request, the attacker "guesses" the fid of the victim's
......
......@@ -60,10 +60,11 @@ public function testPrivateFile() {
$this->assertRaw($node_file->getFilename(), 'File reference is displayed after attaching it');
// Ensure the file can be downloaded.
$this->drupalGet(file_create_url($node_file->getFileUri()));
$this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
$this->assertResponse(200);
$this->drupalLogOut();
// Ensure the file cannot be downloaded after logging out.
$this->drupalGet(file_create_url($node_file->getFileUri()));
$this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
$this->assertResponse(403);
// Create a field with no view access. See
// field_test_entity_field_access().
......@@ -79,7 +80,7 @@ public function testPrivateFile() {
// Ensure the file cannot be downloaded.
$file_url = file_create_url($node_file->getFileUri());
$this->drupalGet($file_url);
$this->assertResponse(403, 'Confirmed that access is denied for the file without view field access permission.');
$this->assertResponse(403);
// Attempt to reuse the file when editing a node.
$edit = [];