Commit 9dfbd47a authored by xjm's avatar xjm

Issue #2886198 by acbramley: Refactor \UserLoginHttpTest::testLogin() to use a...

Issue #2886198 by acbramley: Refactor \UserLoginHttpTest::testLogin() to use a protected method and remove the nested loops
parent 9fa529de
...@@ -92,99 +92,102 @@ protected function loginRequest($name, $pass, $format = 'json') { ...@@ -92,99 +92,102 @@ protected function loginRequest($name, $pass, $format = 'json') {
* Tests user session life cycle. * Tests user session life cycle.
*/ */
public function testLogin() { public function testLogin() {
// Without the serialization module only JSON is supported.
$this->doTestLogin('json');
// Enable serialization so we have access to additional formats.
$this->container->get('module_installer')->install(['serialization']);
$this->doTestLogin('json');
$this->doTestLogin('xml');
$this->doTestLogin('hal_json');
}
/**
* Do login testing for a given serialization format.
*
* @param string $format
* Serialization format.
*/
protected function doTestLogin($format) {
$client = \Drupal::httpClient(); $client = \Drupal::httpClient();
foreach ([FALSE, TRUE] as $serialization_enabled_option) { // Create new user for each iteration to reset flood.
if ($serialization_enabled_option) { // Grant the user administer users permissions to they can see the
/** @var \Drupal\Core\Extension\ModuleInstaller $module_installer */ // 'roles' field.
$module_installer = $this->container->get('module_installer'); $account = $this->drupalCreateUser(['administer users']);
$module_installer->install(['serialization']); $name = $account->getUsername();
$formats = ['json', 'xml', 'hal_json']; $pass = $account->passRaw;
}
else {
// Without the serialization module only JSON is supported.
$formats = ['json'];
}
foreach ($formats as $format) {
// Create new user for each iteration to reset flood.
// Grant the user administer users permissions to they can see the
// 'roles' field.
$account = $this->drupalCreateUser(['administer users']);
$name = $account->getUsername();
$pass = $account->passRaw;
$login_status_url = $this->getLoginStatusUrlString($format); $login_status_url = $this->getLoginStatusUrlString($format);
$response = $client->get($login_status_url); $response = $client->get($login_status_url);
$this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_OUT); $this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_OUT);
// Flooded. // Flooded.
$this->config('user.flood') $this->config('user.flood')
->set('user_limit', 3) ->set('user_limit', 3)
->save(); ->save();
$response = $this->loginRequest($name, 'wrong-pass', $format); $response = $this->loginRequest($name, 'wrong-pass', $format);
$this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
$response = $this->loginRequest($name, 'wrong-pass', $format); $response = $this->loginRequest($name, 'wrong-pass', $format);
$this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
$response = $this->loginRequest($name, 'wrong-pass', $format); $response = $this->loginRequest($name, 'wrong-pass', $format);
$this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
$response = $this->loginRequest($name, 'wrong-pass', $format); $response = $this->loginRequest($name, 'wrong-pass', $format);
$this->assertHttpResponseWithMessage($response, 403, 'Too many failed login attempts from your IP address. This IP address is temporarily blocked.', $format); $this->assertHttpResponseWithMessage($response, 403, 'Too many failed login attempts from your IP address. This IP address is temporarily blocked.', $format);
// After testing the flood control we can increase the limit. // After testing the flood control we can increase the limit.
$this->config('user.flood') $this->config('user.flood')
->set('user_limit', 100) ->set('user_limit', 100)
->save(); ->save();
$response = $this->loginRequest(NULL, NULL, $format); $response = $this->loginRequest(NULL, NULL, $format);
$this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.', $format); $this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.', $format);
$response = $this->loginRequest(NULL, $pass, $format); $response = $this->loginRequest(NULL, $pass, $format);
$this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.name.', $format); $this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.name.', $format);
$response = $this->loginRequest($name, NULL, $format); $response = $this->loginRequest($name, NULL, $format);
$this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.pass.', $format); $this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.pass.', $format);
// Blocked. // Blocked.
$account $account
->block() ->block()
->save(); ->save();
$response = $this->loginRequest($name, $pass, $format); $response = $this->loginRequest($name, $pass, $format);
$this->assertHttpResponseWithMessage($response, 400, 'The user has not been activated or is blocked.', $format); $this->assertHttpResponseWithMessage($response, 400, 'The user has not been activated or is blocked.', $format);
$account $account
->activate() ->activate()
->save(); ->save();
$response = $this->loginRequest($name, 'garbage', $format); $response = $this->loginRequest($name, 'garbage', $format);
$this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
$response = $this->loginRequest('garbage', $pass, $format); $response = $this->loginRequest('garbage', $pass, $format);
$this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format);
$response = $this->loginRequest($name, $pass, $format); $response = $this->loginRequest($name, $pass, $format);
$this->assertEquals(200, $response->getStatusCode()); $this->assertEquals(200, $response->getStatusCode());
$result_data = $this->serializer->decode($response->getBody(), $format); $result_data = $this->serializer->decode($response->getBody(), $format);
$this->assertEquals($name, $result_data['current_user']['name']); $this->assertEquals($name, $result_data['current_user']['name']);
$this->assertEquals($account->id(), $result_data['current_user']['uid']); $this->assertEquals($account->id(), $result_data['current_user']['uid']);
$this->assertEquals($account->getRoles(), $result_data['current_user']['roles']); $this->assertEquals($account->getRoles(), $result_data['current_user']['roles']);
$logout_token = $result_data['logout_token']; $logout_token = $result_data['logout_token'];
$response = $client->get($login_status_url, ['cookies' => $this->cookies]); $response = $client->get($login_status_url, ['cookies' => $this->cookies]);
$this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_IN); $this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_IN);
$response = $this->logoutRequest($format, $logout_token); $response = $this->logoutRequest($format, $logout_token);
$this->assertEquals(204, $response->getStatusCode()); $this->assertEquals(204, $response->getStatusCode());
$response = $client->get($login_status_url, ['cookies' => $this->cookies]); $response = $client->get($login_status_url, ['cookies' => $this->cookies]);
$this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_OUT); $this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_OUT);
$this->resetFlood(); $this->resetFlood();
}
}
} }
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment