route_ui-1.0.0-alpha2/tests/src/Functional/CustomActionLinksTest.php

tests/src/Functional/CustomActionLinksTest.php
route_ui
<?php

namespace Drupal\Tests\route_ui\Functional;

use Drupal\Component\Utility\Crypt;
use Drupal\Core\Site\Settings;
use Drupal\route_ui_csrf_tester\MetadataBag;
use Drupal\Tests\BrowserTestBase;

/**
 * Tests Custom Action Links functionality.
 *
 * @group route_ui
 */
class CustomActionLinksTest extends BrowserTestBase {

  /**
   * {@inheritdoc}
   */
  protected static $modules = ['route_ui', 'views_ui', 'block', 'node', 'route_ui_csrf_tester'];

  /**
   * {@inheritdoc}
   */
  protected $defaultTheme = 'stark';

  /**
   * {@inheritdoc}
   */
  protected function setUp(): void {
    parent::setUp();
    $this->createContentType(['type' => 'article']);
    $this->createContentType(['type' => 'page']);
  }

  /**
   * Tests the custom action links block.
   */
  public function testBlock() {
    $page = $this->getSession()->getPage();
    $assert = $this->assertSession();

    $block_admin_user = $this->createUser([], 'test-admin', TRUE);
    $this->drupalLogin($block_admin_user);
    $this->drupalget('admin/structure/block');
    $assert->elementExists('css', 'tr.region-title-content')->clickLink('Place block');
    $tr = $assert->elementExists('xpath', "//div[text()='Custom action links']")->getParent()->getParent();
    $tr->clickLink('Place block');
    $assert->pageTextContains('Custom action link 1 details');
    $page->fillField('settings[label]', 'This is a block title');
    $page->fillField('settings[custom_action_links][0][route_details][route_name]', 'node.add');
    $page->fillField('settings[custom_action_links][0][route_details][route_parameters]', 'node_type=article');
    $link_text = 'Add an article<strong>!!!</strong>';
    $page->fillField('settings[custom_action_links][0][route_details][link_title]', $link_text);
    $page->pressButton('Save block');
    $assert->pageTextContains('The block configuration has been saved.');

    // Add another action link.
    $assert->elementExists('css', 'tr[data-drupal-selector="edit-blocks-customactionlinks"]')->clickLink('Configure');
    $page->fillField('settings[custom_action_links][1][route_details][route_name]', 'node.add');
    $page->fillField('settings[custom_action_links][1][route_details][route_parameters]', 'node_type=page');
    $page->pressButton('Save block');
    $assert->pageTextContains('The text for link is required.');
    $page_link_text = 'Add page';
    $page->fillField('settings[custom_action_links][1][route_details][link_title]', $page_link_text);
    $page->pressButton('Save block');
    $assert->pageTextContains('The block configuration has been saved.');

    $this->drupalGet('');
    $assert->pageTextContains('This is a block title');
    $this->assertSession()->assertEscaped($link_text);
    $assert->linkExists($page_link_text);
    $page->clickLink($link_text);
    $assert->statusCodeEquals(200);
    $assert->addressEquals('node/add/article');

    // This user does not have the correct permissions.
    $this->drupalLogin($this->createUser([]));
    $this->drupalGet('');
    $assert->linkNotExists($link_text);
    $assert->linkNotExists($page_link_text);
    $assert->pageTextNotContains('This is a block title');

    // Login as a user who has the permissions to one of the action links.
    $this->drupalLogin($this->createUser(['create article content']));
    $assert->pageTextContains('This is a block title');
    $assert->linkNotExists($page_link_text);
    $this->assertSession()->assertEscaped($link_text);
    $page->clickLink($link_text);
    $assert->statusCodeEquals(200);
    $assert->addressEquals('node/add/article');

    // Anonymous has no access.
    $this->drupalLogout();
    $assert->linkNotExists($link_text);
    $assert->linkNotExists($page_link_text);
    $assert->pageTextNotContains('This is a block title');

    $this->drupalLogin($block_admin_user);
    $this->drupalget('admin/structure/block');
    $assert->elementExists('css', 'tr[data-drupal-selector="edit-blocks-customactionlinks"]')->clickLink('Configure');
    $page->fillField('settings[custom_action_links][0][route_details][route_parameters]', 'node_type="><script>alert(\'alert\')</script><a href="');
    $page->fillField('settings[custom_action_links][0][route_details][link_title]', '');
    $page->pressButton('Save block');
    $assert->pageTextContains('The text for link is required');
    $assert->pageTextContains('The route parameters are incorrect:');

    // Test redirect checkbox.
    $this->drupalget('admin/structure/block');
    $assert->elementExists('css', 'tr[data-drupal-selector="edit-blocks-customactionlinks"]')->clickLink('Configure');
    $page->checkField('settings[custom_action_links][0][route_details][add_destination]');
    $page->pressButton('Save block');
    $assert->pageTextContains('The block configuration has been saved.');
    $this->drupalGet('');
    $assert->pageTextContains('This is a block title');
    $this->assertStringEndsWith('?destination=' . parse_url($this->getSession()->getCurrentUrl(), PHP_URL_PATH), $page->findLink($link_text)->getAttribute('href'));
    $this->assertStringNotContainsString('destination', $page->findLink($page_link_text)->getAttribute('href'));
  }

  /**
   * Tests the custom action links views area.
   */
  public function testViewsArea() {
    $page = $this->getSession()->getPage();
    $assert = $this->assertSession();

    $views_admin = $this->createUser(['administer views']);
    $this->drupalLogin($views_admin);
    $this->drupalGet('admin/structure/views/add');
    $page->fillField('label', 'test_view');
    $page->checkField('page[create]');
    $page->pressButton('Save and edit');
    $page->fillField('id', 'test_view');
    $page->fillField('page[title]', 'Test view');
    $page->fillField('page[path]', '/test-view');
    $page->pressButton('Save and edit');
    $page->clickLink('views-add-header');
    $page->checkField('name[route_ui.custom_action_links]');
    $page->pressButton('Add and configure header');
    $page->checkField('options[empty]');
    $page->fillField('options[custom_action_links][0][route_details][route_name]', 'node.add');
    $page->fillField('options[custom_action_links][0][route_details][route_parameters]', 'node_type=article');
    $link_text = 'Add a page<strong>!!!</strong>';
    $page->fillField('options[custom_action_links][0][route_details][link_title]', $link_text);
    $page->pressButton('Apply');
    $page->pressButton('Save');

    // This user does not have the correct permissions.
    $this->drupalGet('test-view');
    $assert->linkNotExists($link_text);

    // Login as a user who has the permissions.
    $editor = $this->createUser(['create article content']);
    $this->drupalLogin($editor);
    $this->drupalGet('test-view');
    $this->assertSession()->assertEscaped($link_text);
    $page->clickLink($link_text);
    $assert->statusCodeEquals(200);
    $assert->addressEquals('node/add/article');

    // Anonymous has no access.
    $this->drupalLogout();
    $this->drupalGet('test-view');
    $assert->linkNotExists($link_text);

    // Disable displaying link if the view is empty.
    $this->drupalLogin($views_admin);
    $this->drupalGet('admin/structure/views/view/test_view');
    $this->clickLink('Global: Custom action links (Global: Custom action links)');
    $page->uncheckField('options[empty]');
    $page->pressButton('Apply');
    $page->pressButton('Save');

    $editor = $this->createUser(['create article content']);
    $this->drupalLogin($editor);
    $this->drupalGet('test-view');
    $assert->linkNotExists($link_text);
    $this->drupalGet('node/add/article');
    $page->fillField('title[0][value]', $this->getRandomGenerator()->sentences(3));
    $page->pressButton('Save');
    $this->drupalGet('test-view');
    $assert->linkExists($link_text);
  }

  /**
   * Tests the security of the autocomplete route.
   */
  public function testAutocompleteSecurity() {
    $assert = $this->assertSession();
    // Use the ability of the test module to set a CSRF static seed.
    \Drupal::state()->set(MetadataBag::STATE_KEY, Crypt::randomBytesBase64());

    // Not logged in. Valid user token and CSRF token.
    $user_token = Crypt::hmacBase64('0', Settings::getHashSalt() . \Drupal::service('private_key')->get());
    $url = "custom-access-links/routes/$user_token";
    $this->drupalGet($url, ['query' => ['q' => 'node', 'token' => \Drupal::service('csrf_token')->get($url)]]);
    $assert->statusCodeEquals(403);

    $user = $this->createUser([]);
    $this->drupalLogin($user);

    // Invalid user token. Valid CSRF token.
    $user_token = Crypt::randomBytesBase64();
    $url = "custom-access-links/routes/$user_token";
    $this->drupalGet($url, ['query' => ['q' => 'node', 'token' => \Drupal::service('csrf_token')->get($url)]]);
    $assert->statusCodeEquals(403);

    // Valid user token. Invalid CSRF token.
    $user_token = Crypt::hmacBase64($user->id(), Settings::getHashSalt() . \Drupal::service('private_key')->get());
    $url = "custom-access-links/routes/$user_token";
    $this->drupalGet($url, ['query' => ['q' => 'node', 'token' => 'this-is-not-valid']]);
    $assert->statusCodeEquals(403);

    // Valid user token and CSRF token.
    $this->drupalGet($url, ['query' => ['q' => 'node', 'token' => \Drupal::service('csrf_token')->get($url)]]);
    $assert->statusCodeEquals(200);
    // Assert a couple of route names are present. A full test would require
    // a WebDriverTestBase test.
    $assert->responseContains('node.add_page');
    $assert->responseContains('node.configure_rebuild_confirm');
  }

}

Главная | Обратная связь

drupal hosting | друпал хостинг | it patrol .inc