Commit 39877809 authored by Dries's avatar Dries

- Patch #477038 by Damien Tournoud, chx: add security and session token...

- Patch #477038 by Damien Tournoud, chx: add security and session token support to DrupalWebTestCase.
parent 0a5715cf
...@@ -591,6 +591,16 @@ class DrupalWebTestCase extends DrupalTestCase { ...@@ -591,6 +591,16 @@ class DrupalWebTestCase extends DrupalTestCase {
*/ */
protected $httpauth_credentials = NULL; protected $httpauth_credentials = NULL;
/**
* The current session name, if available.
*/
protected $session_name = NULL;
/**
* The current session ID, if available.
*/
protected $session_id = NULL;
/** /**
* Constructor for DrupalWebTestCase. * Constructor for DrupalWebTestCase.
*/ */
...@@ -913,6 +923,14 @@ protected function drupalLogin(stdClass $user) { ...@@ -913,6 +923,14 @@ protected function drupalLogin(stdClass $user) {
} }
} }
/**
* Generate a token for the currently logged in user.
*/
protected function drupalGetToken($value = '') {
$private_key = drupal_get_private_key();
return md5($this->session_id . $value . $private_key);
}
/* /*
* Logs a user out of the internal browser, then check the login page to confirm logout. * Logs a user out of the internal browser, then check the login page to confirm logout.
*/ */
...@@ -1121,6 +1139,9 @@ protected function curlInitialize() { ...@@ -1121,6 +1139,9 @@ protected function curlInitialize() {
$curl_options[CURLOPT_USERPWD] = $this->httpauth_credentials; $curl_options[CURLOPT_USERPWD] = $this->httpauth_credentials;
} }
curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options); curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options);
// By default, the child session name should be the same as the parent.
$this->session_name = session_name();
} }
} }
...@@ -1144,7 +1165,11 @@ protected function curlExec($curl_options) { ...@@ -1144,7 +1165,11 @@ protected function curlExec($curl_options) {
$curl_options[CURLOPT_HTTPHEADER][] = 'Expect:'; $curl_options[CURLOPT_HTTPHEADER][] = 'Expect:';
} }
curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options); curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options);
// Reset headers and the session ID.
$this->session_id = NULL;
$this->headers = array(); $this->headers = array();
$this->drupalSetContent(curl_exec($this->curlHandle), curl_getinfo($this->curlHandle, CURLINFO_EFFECTIVE_URL)); $this->drupalSetContent(curl_exec($this->curlHandle), curl_getinfo($this->curlHandle, CURLINFO_EFFECTIVE_URL));
$message_vars = array( $message_vars = array(
'!method' => !empty($curl_options[CURLOPT_NOBODY]) ? 'HEAD' : (empty($curl_options[CURLOPT_POSTFIELDS]) ? 'GET' : 'POST'), '!method' => !empty($curl_options[CURLOPT_NOBODY]) ? 'HEAD' : (empty($curl_options[CURLOPT_POSTFIELDS]) ? 'GET' : 'POST'),
...@@ -1169,6 +1194,7 @@ protected function curlExec($curl_options) { ...@@ -1169,6 +1194,7 @@ protected function curlExec($curl_options) {
*/ */
protected function curlHeaderCallback($curlHandler, $header) { protected function curlHeaderCallback($curlHandler, $header) {
$this->headers[] = $header; $this->headers[] = $header;
// Errors are being sent via X-Drupal-Assertion-* headers, // Errors are being sent via X-Drupal-Assertion-* headers,
// generated by _drupal_log_error() in the exact form required // generated by _drupal_log_error() in the exact form required
// by DrupalWebTestCase::error(). // by DrupalWebTestCase::error().
...@@ -1176,6 +1202,17 @@ protected function curlHeaderCallback($curlHandler, $header) { ...@@ -1176,6 +1202,17 @@ protected function curlHeaderCallback($curlHandler, $header) {
// Call DrupalWebTestCase::error() with the parameters from the header. // Call DrupalWebTestCase::error() with the parameters from the header.
call_user_func_array(array(&$this, 'error'), unserialize(urldecode($matches[1]))); call_user_func_array(array(&$this, 'error'), unserialize(urldecode($matches[1])));
} }
// Save the session cookie, if set.
if (preg_match('/^Set-Cookie: ' . preg_quote($this->session_name) . '=([a-z90-9]+)/', $header, $matches)) {
if ($matches[1] != 'deleted') {
$this->session_id = $matches[1];
}
else {
$this->session_id = NULL;
}
}
// This is required by cURL. // This is required by cURL.
return strlen($header); return strlen($header);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment