opdavies/drupalcampbristol
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

composer update

Browse source
This commit is contained in:
Oliver Davies 2019-01-24 08:00:03 +00:00
parent f6abc3dce2
commit 71dfaca858
1753 changed files with 45274 additions and 14619 deletions
Download patch file Download diff file Expand all files Collapse all files

173
web/core/modules/user/src/Tests/RestRegisterUserTest.php
View file

@ -1,173 +0,0 @@
<?php
namespace Drupal\user\Tests;
use Drupal\Core\Url;
use Drupal\rest\Tests\RESTTestBase;
use Drupal\user\Entity\Role;
use Drupal\user\RoleInterface;
/**
* Tests user registration via REST resource.
*
* @group user
*/
class RestRegisterUserTest extends RESTTestBase {
/**
* {@inheritdoc}
*/
public static $modules = ['hal'];
/**
* {@inheritdoc}
*/
public function setUp() {
parent::setUp();
$this->enableService('user_registration', 'POST', 'hal_json');
Role::load(RoleInterface::ANONYMOUS_ID)
->grantPermission('restful post user_registration')
->save();
Role::load(RoleInterface::AUTHENTICATED_ID)
->grantPermission('restful post user_registration')
->save();
}
/**
* Tests that only anonymous users can register users.
*/
public function testRegisterUser() {
// Verify that an authenticated user cannot register a new user, despite
// being granted permission to do so because only anonymous users can
// register themselves, authenticated users with the necessary permissions
// can POST a new user to the "user" REST resource.
$user = $this->createUser();
$this->drupalLogin($user);
$this->registerRequest('palmer.eldritch');
$this->assertResponse('403', 'Only anonymous users can register users.');
$this->drupalLogout();
$user_settings = $this->config('user.settings');
// Test out different setting User Registration and Email Verification.
// Allow visitors to register with no email verification.
$user_settings->set('register', USER_REGISTER_VISITORS);
$user_settings->set('verify_mail', 0);
$user_settings->save();
$user = $this->registerUser('Palmer.Eldritch');
$this->assertFalse($user->isBlocked());
$this->assertFalse(empty($user->getPassword()));
$email_count = count($this->drupalGetMails());
$this->assertEqual(0, $email_count);
// Attempt to register without sending a password.
$this->registerRequest('Rick.Deckard', FALSE);
$this->assertResponse('422', 'No password provided');
// Allow visitors to register with email verification.
$user_settings->set('register', USER_REGISTER_VISITORS);
$user_settings->set('verify_mail', 1);
$user_settings->save();
$user = $this->registerUser('Jason.Taverner', FALSE);
$this->assertTrue(empty($user->getPassword()));
$this->assertTrue($user->isBlocked());
$this->assertMailString('body', 'You may now log in by clicking this link', 1);
// Attempt to register with a password when e-mail verification is on.
$this->registerRequest('Estraven', TRUE);
$this->assertResponse('422', 'A Password cannot be specified. It will be generated on login.');
// Allow visitors to register with Admin approval and e-mail verification.
$user_settings->set('register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
$user_settings->set('verify_mail', 1);
$user_settings->save();
$user = $this->registerUser('Bob.Arctor', FALSE);
$this->assertTrue(empty($user->getPassword()));
$this->assertTrue($user->isBlocked());
$this->assertMailString('body', 'Your application for an account is', 2);
$this->assertMailString('body', 'Bob.Arctor has applied for an account', 2);
// Attempt to register with a password when e-mail verification is on.
$this->registerRequest('Ursula', TRUE);
$this->assertResponse('422', 'A Password cannot be specified. It will be generated on login.');
// Allow visitors to register with Admin approval and no email verification.
$user_settings->set('register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
$user_settings->set('verify_mail', 0);
$user_settings->save();
$user = $this->registerUser('Argaven');
$this->assertFalse(empty($user->getPassword()));
$this->assertTrue($user->isBlocked());
$this->assertMailString('body', 'Your application for an account is', 2);
$this->assertMailString('body', 'Argaven has applied for an account', 2);
// Attempt to register without sending a password.
$this->registerRequest('Tibe', FALSE);
$this->assertResponse('422', 'No password provided');
}
/**
* Creates serialize user values.
*
* @param string $name
* The name of the user. Use only valid values for emails.
*
* @param bool $include_password
* Whether to include a password in the user values.
*
* @return string
* Serialized user values.
*/
protected function createSerializedUser($name, $include_password = TRUE) {
global $base_url;
// New user info to be serialized.
$data = [
"_links" => ["type" => ["href" => $base_url . "/rest/type/user/user"]],
"langcode" => [["value" => "en"]],
"name" => [["value" => $name]],
"mail" => [["value" => "$name@example.com"]],
];
if ($include_password) {
$data['pass']['value'] = 'SuperSecretPassword';
}
// Create a HAL+JSON version for the user entity we want to create.
$serialized = $this->container->get('serializer')
->serialize($data, 'hal_json');
return $serialized;
}
/**
* Registers a user via REST resource.
*
* @param $name
* User name.
*
* @param bool $include_password
*
* @return bool|\Drupal\user\Entity\User
*/
protected function registerUser($name, $include_password = TRUE) {
// Verify that an anonymous user can register.
$this->registerRequest($name, $include_password);
$this->assertResponse('200', 'HTTP response code is correct.');
$user = user_load_by_name($name);
$this->assertFalse(empty($user), 'User was create as expected');
return $user;
}
/**
* Make a REST user registration request.
*
* @param $name
* @param $include_password
*/
protected function registerRequest($name, $include_password = TRUE) {
$serialized = $this->createSerializedUser($name, $include_password);
$this->httpRequest(Url::fromRoute('rest.user_registration.POST', ['_format' => 'hal_json']), 'POST', $serialized, 'application/hal+json');
}
}

270
web/core/modules/user/tests/src/Functional/RestRegisterUserTest.php Normal file
View file

@ -0,0 +1,270 @@
<?php
namespace Drupal\Tests\user\Functional;
use Drupal\Core\Url;
use Drupal\Tests\rest\Functional\CookieResourceTestTrait;
use Drupal\Tests\rest\Functional\ResourceTestBase;
use GuzzleHttp\RequestOptions;
use Drupal\Core\Test\AssertMailTrait;
/**
* Tests user registration via REST resource.
*
* @group user
*/
class RestRegisterUserTest extends ResourceTestBase {
use CookieResourceTestTrait;
use AssertMailTrait {
getMails as drupalGetMails;
}
/**
* {@inheritdoc}
*/
protected static $format = 'hal_json';
/**
* {@inheritdoc}
*/
protected static $mimeType = 'application/hal+json';
/**
* {@inheritdoc}
*/
protected static $auth = 'cookie';
/**
* {@inheritdoc}
*/
protected static $resourceConfigId = 'user_registration';
/**
* {@inheritdoc}
*/
public static $modules = ['hal', 'user'];
const USER_EMAIL_DOMAIN = '@example.com';
const TEST_EMAIL_DOMAIN = 'simpletest@example.com';
/**
* {@inheritdoc}
*/
public function setUp() {
parent::setUp();
$auth = isset(static::$auth) ? [static::$auth] : [];
$this->provisionResource([static::$format], $auth);
$this->setUpAuthorization('POST');
}
/**
* Tests that only anonymous users can register users.
*/
public function testRegisterUser() {
$config = $this->config('user.settings');
// Test out different setting User Registration and Email Verification.
// Allow visitors to register with no email verification.
$config->set('register', USER_REGISTER_VISITORS);
$config->set('verify_mail', 0);
$config->save();
$user = $this->registerUser('Palmer.Eldritch');
$this->assertFalse($user->isBlocked());
$this->assertFalse(empty($user->getPassword()));
$email_count = count($this->drupalGetMails());
$this->assertEquals($email_count, 0);
// Attempt to register without sending a password.
$response = $this->registerRequest('Rick.Deckard', FALSE);
$this->assertResourceErrorResponse(422, "No password provided.", $response);
// Attempt to register with a password when e-mail verification is on.
$config->set('register', USER_REGISTER_VISITORS);
$config->set('verify_mail', 1);
$config->save();
$response = $this->registerRequest('Estraven', TRUE);
$this->assertResourceErrorResponse(422, 'A Password cannot be specified. It will be generated on login.', $response);
// Allow visitors to register with email verification.
$config->set('register', USER_REGISTER_VISITORS);
$config->set('verify_mail', 1);
$config->save();
$name = 'Jason.Taverner';
$user = $this->registerUser($name, FALSE);
$this->assertTrue(empty($user->getPassword()));
$this->assertTrue($user->isBlocked());
$this->resetAll();
$this->assertMailString('body', 'You may now log in by clicking this link', 1);
// Allow visitors to register with Admin approval and no email verification.
$config->set('register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
$config->set('verify_mail', 0);
$config->save();
$name = 'Argaven';
$user = $this->registerUser($name);
$this->resetAll();
$this->assertFalse(empty($user->getPassword()));
$this->assertTrue($user->isBlocked());
$this->assertMailString('body', 'Your application for an account is', 2);
$this->assertMailString('body', 'Argaven has applied for an account', 2);
// Allow visitors to register with Admin approval and e-mail verification.
$config->set('register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
$config->set('verify_mail', 1);
$config->save();
$name = 'Bob.Arctor';
$user = $this->registerUser($name, FALSE);
$this->resetAll();
$this->assertTrue(empty($user->getPassword()));
$this->assertTrue($user->isBlocked());
$this->assertMailString('body', 'Your application for an account is', 2);
$this->assertMailString('body', 'Bob.Arctor has applied for an account', 2);
// Verify that an authenticated user cannot register a new user, despite
// being granted permission to do so because only anonymous users can
// register themselves, authenticated users with the necessary permissions
// can POST a new user to the "user" REST resource.
$this->initAuthentication();
$response = $this->registerRequest($this->account->getAccountName());
$this->assertResourceErrorResponse(403, "Only anonymous users can register a user.", $response);
}
/**
* Create the request body.
*
* @param string $name
* Name.
* @param bool $include_password
* Include Password.
* @param bool $include_email
* Include Email.
*
* @return array
* Return the request body.
*/
protected function createRequestBody($name, $include_password = TRUE, $include_email = TRUE) {
global $base_url;
$request_body = [
'_links' => ['type' => ["href" => $base_url . "/rest/type/user/user"]],
'langcode' => [['value' => 'en']],
'name' => [['value' => $name]],
];
if ($include_email) {
$request_body['mail'] = [['value' => $name . self::USER_EMAIL_DOMAIN]];
}
if ($include_password) {
$request_body['pass']['value'] = 'SuperSecretPassword';
}
return $request_body;
}
/**
* Helper function to generate the request body.
*
* @param array $request_body
* The request body array.
*
* @return array
* Return the request options.
*/
protected function createRequestOptions(array $request_body) {
$request_options = $this->getAuthenticationRequestOptions('POST');
$request_options[RequestOptions::BODY] = $this->serializer->encode($request_body, static::$format);
$request_options[RequestOptions::HEADERS]['Content-Type'] = static::$mimeType;
return $request_options;
}
/**
* Registers a user via REST resource.
*
* @param string $name
* User name.
* @param bool $include_password
* Include the password.
* @param bool $include_email
* Include the email?
*
* @return bool|\Drupal\user\Entity\User
* Return bool or the user.
*/
protected function registerUser($name, $include_password = TRUE, $include_email = TRUE) {
// Verify that an anonymous user can register.
$response = $this->registerRequest($name, $include_password, $include_email);
$this->assertResourceResponse(200, FALSE, $response);
$user = user_load_by_name($name);
$this->assertFalse(empty($user), 'User was create as expected');
return $user;
}
/**
* Make a REST user registration request.
*
* @param string $name
* The name.
* @param bool $include_password
* Include the password?
* @param bool $include_email
* Include the email?
*
* @return \Psr\Http\Message\ResponseInterface
* Return the Response.
*/
protected function registerRequest($name, $include_password = TRUE, $include_email = TRUE) {
$user_register_url = Url::fromRoute('user.register')
->setRouteParameter('_format', static::$format);
$request_body = $this->createRequestBody($name, $include_password, $include_email);
$request_options = $this->createRequestOptions($request_body);
$response = $this->request('POST', $user_register_url, $request_options);
return $response;
}
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method) {
switch ($method) {
case 'POST':
$this->grantPermissionsToAuthenticatedRole(['restful post user_registration']);
$this->grantPermissionsToAnonymousRole(['restful post user_registration']);
break;
default:
throw new \UnexpectedValueException();
}
}
/**
* {@inheritdoc}
*/
protected function assertNormalizationEdgeCases($method, Url $url, array $request_options) {}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {}
/**
* {@inheritdoc}
*/
protected function getExpectedBcUnauthorizedAccessMessage($method) {}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability() {}
}

12
web/core/modules/user/user.api.php
View file

@ -110,7 +110,8 @@ function hook_user_cancel_methods_alter(&$methods) {
*
* Called by $account->getDisplayName() to allow modules to alter the username
* that is displayed. Can be used to ensure user privacy in situations where
* $account->getDisplayName() is too revealing.
* $account->getDisplayName() is too revealing. This hook is invoked both for
* user entities and the anonymous user session object.
*
* @param string|Drupal\Component\Render\MarkupInterface $name
* The username that is displayed for a user. If a hook implementation changes
@ -118,7 +119,14 @@ function hook_user_cancel_methods_alter(&$methods) {
* the implementation to ensure the user's name is escaped properly. String
* values will be autoescaped.
* @param \Drupal\Core\Session\AccountInterface $account
* The user object on which the operation is being performed.
* The object on which the operation is being performed. This object may be a
* user entity. If the object is an implementation of UserInterface you can
* use instanceof operator before accessing user entity methods. For example:
* @code
* if ($account instanceof UserInterface) {
* // Access user entity methods.
* }
* @endcode
*
* @see \Drupal\Core\Session\AccountInterface::getDisplayName()
* @see sanitization