Unverified Commit ff393932 authored by alexpott's avatar alexpott
Browse files

Issue #2983504 by ApacheEx, Lendude, Tessa Bakker: Add a way to easily set the...

Issue #2983504 by ApacheEx, Lendude, Tessa Bakker: Add a way to easily set the cookies in a request done using the Guzzle client
parent 17da1274
......@@ -6,7 +6,6 @@
use Drupal\editor\Entity\Editor;
use Drupal\filter\Entity\FilterFormat;
use Drupal\Tests\BrowserTestBase;
use GuzzleHttp\Cookie\CookieJar;
/**
* Tests XSS protection for content creators when using text editors.
......@@ -390,7 +389,7 @@ public function testSwitchingSecurity() {
// - switch to every other text format/editor
// - assert the XSS-filtered values that we get from the server
$this->drupalLogin($this->privilegedUser);
$cookies = $this->getCookies();
$cookies = $this->getSessionCookies();
foreach ($expected as $case) {
$this->drupalGet('node/' . $case['node_id'] . '/edit');
......@@ -451,18 +450,4 @@ public function testEditorXssFilterOverride() {
$this->assertIdentical(self::$sampleContent, $dom_node[0]->getText(), 'The value was filtered by the Insecure text editor XSS filter.');
}
/**
* Get session cookies from current session.
*
* @return \GuzzleHttp\Cookie\CookieJar
* A cookie jar with the current session.
*/
protected function getCookies() {
$domain = parse_url($this->getUrl(), PHP_URL_HOST);
$session_id = $this->getSession()->getCookie($this->getSessionName());
$cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
return $cookies;
}
}
......@@ -6,7 +6,6 @@
use Drupal\Core\EventSubscriber\MainContentViewSubscriber;
use Drupal\filter\Entity\FilterFormat;
use Drupal\Tests\BrowserTestBase;
use GuzzleHttp\Cookie\CookieJar;
/**
* Tests Quick Edit module integration endpoints.
......@@ -91,7 +90,7 @@ public function testUsersWithoutPermission() {
// return a different error message depending of the missing permission.
$response = $client->post($this->buildUrl('editor/node/1/body/en/full'), [
'query' => http_build_query([MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax']),
'cookies' => $this->getCookies(),
'cookies' => $this->getSessionCookies(),
'headers' => [
'Accept' => 'application/json',
'Content-Type' => 'application/x-www-form-urlencoded',
......@@ -125,7 +124,7 @@ public function testUserWithPermission() {
$client = $this->getHttpClient();
$response = $client->post($this->buildUrl('editor/node/1/body/en/full'), [
'query' => http_build_query([MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax']),
'cookies' => $this->getCookies(),
'cookies' => $this->getSessionCookies(),
'headers' => [
'Accept' => 'application/json',
'Content-Type' => 'application/x-www-form-urlencoded',
......@@ -140,17 +139,4 @@ public function testUserWithPermission() {
$this->assertIdentical('<p>Do you also love Drupal?</p><img src="druplicon.png" data-caption="Druplicon" />', $ajax_commands[0]['data'], 'The editorGetUntransformedText command contains the expected data.');
}
/**
* Get session cookies from current session.
*
* @return \GuzzleHttp\Cookie\CookieJar
*/
protected function getCookies() {
$domain = parse_url($this->getUrl(), PHP_URL_HOST);
$session_id = $this->getSession()->getCookie($this->getSessionName());
$cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
return $cookies;
}
}
......@@ -6,7 +6,6 @@
use Drupal\Core\Url;
use Drupal\Tests\BrowserTestBase;
use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
use GuzzleHttp\Cookie\CookieJar;
/**
* Tests the History endpoints.
......@@ -38,20 +37,6 @@ class HistoryTest extends BrowserTestBase {
*/
protected $testNode;
/**
* The cookie jar holding the testing session cookies for Guzzle requests.
*
* @var \GuzzleHttp\Client
*/
protected $client;
/**
* The Guzzle HTTP client.
*
* @var \GuzzleHttp\Cookie\CookieJar
*/
protected $cookies;
protected function setUp() {
parent::setUp();
......@@ -60,8 +45,6 @@ protected function setUp() {
$this->user = $this->drupalCreateUser(['create page content', 'access content']);
$this->drupalLogin($this->user);
$this->testNode = $this->drupalCreateNode(['type' => 'page', 'uid' => $this->user->id()]);
$this->client = $this->getHttpClient();
}
/**
......@@ -75,16 +58,14 @@ protected function setUp() {
*/
protected function getNodeReadTimestamps(array $node_ids) {
// Perform HTTP request.
$http_client = $this->getHttpClient();
$url = Url::fromRoute('history.get_last_node_view')
->setAbsolute()
->toString();
return $this->client->post($url, [
'body' => http_build_query(['node_ids' => $node_ids]),
'cookies' => $this->cookies,
'headers' => [
'Accept' => 'application/json',
'Content-Type' => 'application/x-www-form-urlencoded',
],
return $http_client->request('POST', $url, [
'form_params' => ['node_ids' => $node_ids],
'cookies' => $this->getSessionCookies(),
'http_errors' => FALSE,
]);
}
......@@ -99,12 +80,11 @@ protected function getNodeReadTimestamps(array $node_ids) {
* The response body.
*/
protected function markNodeAsRead($node_id) {
$http_client = $this->getHttpClient();
$url = Url::fromRoute('history.read_node', ['node' => $node_id], ['absolute' => TRUE])->toString();
return $this->client->post($url, [
'cookies' => $this->cookies,
'headers' => [
'Accept' => 'application/json',
],
return $http_client->request('POST', $url, [
'cookies' => $this->getSessionCookies(),
'http_errors' => FALSE,
]);
}
......@@ -156,19 +136,4 @@ public function testHistory() {
$this->assertEquals(403, $response->getStatusCode());
}
/**
* Obtain the HTTP client and set the cookies.
*
* @return \GuzzleHttp\Client
* The client with BrowserTestBase configuration.
*/
protected function getHttpClient() {
// Similar code is also employed to test CSRF tokens.
// @see \Drupal\Tests\system\Functional\CsrfRequestHeaderTest::testRouteAccess()
$domain = parse_url($this->getUrl(), PHP_URL_HOST);
$session_id = $this->getSession()->getCookie($this->getSessionName());
$this->cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
return $this->getSession()->getDriver()->getClient()->getClient();
}
}
......@@ -4,7 +4,6 @@
use Drupal\Core\Url;
use Drupal\Tests\BrowserTestBase;
use GuzzleHttp\Cookie\CookieJar;
/**
* Tests protecting routes by requiring CSRF token in the request header.
......@@ -27,7 +26,7 @@ class CsrfRequestHeaderTest extends BrowserTestBase {
* uses the deprecated _access_rest_csrf.
*/
public function testRouteAccess() {
$client = \Drupal::httpClient();
$client = $this->getHttpClient();
$csrf_token_paths = ['deprecated/session/token', 'session/token'];
// Test using the both the current path and a test path that returns
// a token using the deprecated 'rest' value.
......@@ -44,11 +43,6 @@ public function testRouteAccess() {
$url = Url::fromRoute($route_name)
->setAbsolute(TRUE)
->toString();
$domain = parse_url($url, PHP_URL_HOST);
$session_id = $this->getSession()->getCookie($this->getSessionName());
/** @var \GuzzleHttp\Cookie\CookieJar $cookies */
$cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
$post_options = [
'headers' => ['Accept' => 'text/plain'],
'http_errors' => FALSE,
......@@ -60,7 +54,7 @@ public function testRouteAccess() {
// Add cookies to POST options so that all other requests are for the
// authenticated user.
$post_options['cookies'] = $cookies;
$post_options['cookies'] = $this->getSessionCookies();
// Test that access is denied with no token in header.
$result = $client->post($url, $post_options);
......
......@@ -17,6 +17,7 @@
use Drupal\Tests\node\Traits\ContentTypeCreationTrait;
use Drupal\Tests\node\Traits\NodeCreationTrait;
use Drupal\Tests\user\Traits\UserCreationTrait;
use GuzzleHttp\Cookie\CookieJar;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;
......@@ -489,6 +490,20 @@ public function getSession($name = NULL) {
return $this->mink->getSession($name);
}
/**
* Get session cookies from current session.
*
* @return \GuzzleHttp\Cookie\CookieJar
* A cookie jar with the current session.
*/
protected function getSessionCookies() {
$domain = parse_url($this->getUrl(), PHP_URL_HOST);
$session_id = $this->getSession()->getCookie($this->getSessionName());
$cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
return $cookies;
}
/**
* Obtain the HTTP client for the system under test.
*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment