RestRegisterUserTest.php 5.88 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119
<?php

namespace Drupal\user\Tests;

use Drupal\rest\Tests\RESTTestBase;
use Drupal\user\Entity\Role;
use Drupal\user\RoleInterface;

/**
 * Tests user registration via REST resource.
 *
 * @group user
 */
class RestRegisterUserTest extends RESTTestBase {

  /**
   * {@inheritdoc}
   */
  public static $modules = ['hal'];

  /**
   * {@inheritdoc}
   */
  public function setUp() {
    parent::setUp();

    $this->enableService('user_registration', 'POST', 'hal_json');

    Role::load(RoleInterface::ANONYMOUS_ID)
      ->grantPermission('restful post user_registration')
      ->save();

    Role::load(RoleInterface::AUTHENTICATED_ID)
      ->grantPermission('restful post user_registration')
      ->save();
  }

  /**
   * Tests that only anonymous users can register users.
   */
  public function testRegisterUser() {
    // Verify that an authenticated user cannot register a new user, despite
    // being granted permission to do so because only anonymous users can
    // register themselves, authenticated users with the necessary permissions
    // can POST a new user to the "user" REST resource.
    $user = $this->createUser();
    $this->drupalLogin($user);
    $this->registerRequest('palmer.eldritch');
    $this->assertResponse('403', 'Only anonymous users can register users.');
    $this->drupalLogout();

    $user_settings = $this->config('user.settings');

    // Test out different setting User Registration and Email Verification.
    // Allow visitors to register with no email verification.
    $user_settings->set('register', USER_REGISTER_VISITORS);
    $user_settings->set('verify_mail', 0);
    $user_settings->save();
    $user = $this->registerUser('Palmer.Eldritch');
    $this->assertFalse($user->isBlocked());
    $this->assertFalse(empty($user->getPassword()));
    $email_count = count($this->drupalGetMails());
    $this->assertEqual(0, $email_count);

    // Attempt to register without sending a password.
    $this->registerRequest('Rick.Deckard', FALSE);
    $this->assertResponse('422', 'No password provided');

    // Allow visitors to register with email verification.
    $user_settings->set('register', USER_REGISTER_VISITORS);
    $user_settings->set('verify_mail', 1);
    $user_settings->save();
    $user = $this->registerUser('Jason.Taverner', FALSE);
    $this->assertTrue(empty($user->getPassword()));
    $this->assertTrue($user->isBlocked());
    $this->assertMailString('body', 'You may now log in by clicking this link', 1);

    // Attempt to register with a password when e-mail verification is on.
    $this->registerRequest('Estraven', TRUE);
    $this->assertResponse('422', 'A Password cannot be specified. It will be generated on login.');

    // Allow visitors to register with Admin approval and e-mail verification.
    $user_settings->set('register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
    $user_settings->set('verify_mail', 1);
    $user_settings->save();
    $user = $this->registerUser('Bob.Arctor', FALSE);
    $this->assertTrue(empty($user->getPassword()));
    $this->assertTrue($user->isBlocked());
    $this->assertMailString('body', 'Your application for an account is', 2);
    $this->assertMailString('body', 'Bob.Arctor has applied for an account', 2);

    // Attempt to register with a password when e-mail verification is on.
    $this->registerRequest('Ursula', TRUE);
    $this->assertResponse('422', 'A Password cannot be specified. It will be generated on login.');

    // Allow visitors to register with Admin approval and no email verification.
    $user_settings->set('register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
    $user_settings->set('verify_mail', 0);
    $user_settings->save();
    $user = $this->registerUser('Argaven');
    $this->assertFalse(empty($user->getPassword()));
    $this->assertTrue($user->isBlocked());
    $this->assertMailString('body', 'Your application for an account is', 2);
    $this->assertMailString('body', 'Argaven has applied for an account', 2);

    // Attempt to register without sending a password.
    $this->registerRequest('Tibe', FALSE);
    $this->assertResponse('422', 'No password provided');
  }

  /**
   * Creates serialize user values.
   *
   * @param string $name
   *   The name of the user. Use only valid values for emails.
   *
   * @param bool $include_password
   *   Whether to include a password in the user values.
   *
120
   * @return string
121 122 123 124 125 126
   *   Serialized user values.
   */
  protected function createSerializedUser($name, $include_password = TRUE) {
    global $base_url;
    // New user info to be serialized.
    $data = [
127 128 129 130
      "_links" => ["type" => ["href" => $base_url . "/rest/type/user/user"]],
      "langcode" => [["value" => "en"]],
      "name" => [["value" => $name]],
      "mail" => [["value" => "$name@example.com"]],
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172
    ];
    if ($include_password) {
      $data['pass']['value'] = 'SuperSecretPassword';
    }

    // Create a HAL+JSON version for the user entity we want to create.
    $serialized = $this->container->get('serializer')
      ->serialize($data, 'hal_json');
    return $serialized;
  }

  /**
   * Registers a user via REST resource.
   *
   * @param $name
   *   User name.
   *
   * @param bool $include_password
   *
   * @return bool|\Drupal\user\Entity\User
   */
  protected function registerUser($name, $include_password = TRUE) {
    // Verify that an anonymous user can register.
    $this->registerRequest($name, $include_password);
    $this->assertResponse('200', 'HTTP response code is correct.');
    $user = user_load_by_name($name);
    $this->assertFalse(empty($user), 'User was create as expected');
    return $user;
  }

  /**
   * Make a REST user registration request.
   *
   * @param $name
   * @param $include_password
   */
  protected function registerRequest($name, $include_password = TRUE) {
    $serialized = $this->createSerializedUser($name, $include_password);
    $this->httpRequest('/user/register', 'POST', $serialized, 'application/hal+json');
  }

}