diff --git a/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php index 36c5f47..046b094 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php @@ -14,6 +14,24 @@ * Functional tests for user logins, including rate limiting of login attempts. */ class UserLoginTest extends WebTestBase { + + /** + * Modules to enable. + * + * @var array + */ + public static $modules = array('block'); + + /** + * User cases to use in tests. + * + * @var \Drupal\user\Plugin\Core\Entity\User + */ + protected $userCases; + + /** + * Implements getInfo(). + */ public static function getInfo() { return array( 'name' => 'User login', @@ -23,17 +41,97 @@ public static function getInfo() { } /** + * Implements setUp(). + */ + public function setUp() { + parent::setUp(); + + // The maximum password length is 128 characters. + $password_lengths = array( + 128 => 'valid', + 129 => 'invalid', + ); + + foreach ($password_lengths as $password_length => $password_case) { + $test_name = $this->randomName(); + $test_pass = user_password($password_length); + + // Create the base user, based on drupalCreateUser(). + $account = entity_create('user', array( + 'name' => $test_name, + 'mail' => $test_name . '@example.com', + 'pass' => $test_pass, + 'status' => 1, + )); + $account->save(); + $account->pass_raw = $test_pass; + $this->userCases[$password_case] = $account; + } + } + + /** + * Test log in with long password on user/login. + */ + public function testPasswordLengthPage() { + $user_with_valid_password_length = clone $this->userCases['valid']; + $auth = array( + 'name' => $user_with_valid_password_length->name, + 'pass' => $user_with_valid_password_length->pass_raw, + ); + + $this->drupalPost('user/login', $auth, t('Log in')); + $this->assertNoText(t('User login'), 'Logged in with 128 character long password.'); + $this->assertPattern('!!', 'Redirected to /user'); + $this->drupalLogout(); + + $user_with_invalid_password_length = clone $this->userCases['invalid']; + $auth = array( + 'name' => $user_with_invalid_password_length->name, + 'pass' => $user_with_invalid_password_length->pass_raw, + ); + + $this->drupalPost('user/login', $auth, t('Log in')); + $this->assertText(t('Log in'), 'Could not log in with 129 character long password via user/login.'); + $this->assertText('Password cannot be longer than', 'Error message appeared.'); + } + + /** + * Test log in with long password on login block. + */ + public function testPasswordLengthBlock() { + $user_with_valid_password_length = clone $this->userCases['valid']; + $auth = array( + 'name' => $user_with_valid_password_length->name, + 'pass' => $user_with_valid_password_length->pass_raw, + ); + + $this->drupalPlaceBlock('user_login_block'); + $this->drupalPost('filter/tips', $auth, t('Log in')); + $this->assertNoText(t('User login'), 'Logged in.'); + $this->drupalLogout(); + + $user_with_invalid_password_length = clone $this->userCases['invalid']; + $auth = array( + 'name' => $user_with_invalid_password_length->name, + 'pass' => $user_with_invalid_password_length->pass_raw, + ); + + $this->drupalPost('filter/tips', $auth, t('Log in')); + $this->assertText(t('User login'), 'Could not log in with 129 character long password via login block.'); + $this->assertText('Password cannot be longer than', 'Error message appeared.'); + } + + /** * Test the global login flood control. */ - function testGlobalLoginFloodControl() { + public function testGlobalLoginFloodControl() { config('user.flood') ->set('ip_limit', 10) // Set a high per-user limit out so that it is not relevant in the test. ->set('user_limit', 4000) ->save(); - $user1 = $this->drupalCreateUser(array()); - $incorrect_user1 = clone $user1; + $incorrect_user1 = clone $this->userCases['valid']; $incorrect_user1->pass_raw .= 'incorrect'; // Try 2 failed logins. @@ -62,18 +160,17 @@ function testGlobalLoginFloodControl() { /** * Test the per-user login flood control. */ - function testPerUserLoginFloodControl() { + public function testPerUserLoginFloodControl() { config('user.flood') // Set a high global limit out so that it is not relevant in the test. ->set('ip_limit', 4000) ->set('user_limit', 3) ->save(); - $user1 = $this->drupalCreateUser(array()); - $incorrect_user1 = clone $user1; + $incorrect_user1 = clone $this->userCases['valid']; $incorrect_user1->pass_raw .= 'incorrect'; - $user2 = $this->drupalCreateUser(array()); + $user2 = clone $this->userCases['valid']; // Try 2 failed logins. for ($i = 0; $i < 2; $i++) { @@ -102,19 +199,20 @@ function testPerUserLoginFloodControl() { /** * Test that user password is re-hashed upon login after changing $count_log2. */ - function testPasswordRehashOnLogin() { - // Determine default log2 for phpass hashing algoritm + public function testPasswordRehashOnLogin() { + // Determine default log2 for phpass hashing algoritm. $default_count_log2 = 16; - // Retrieve instance of password hashing algorithm + // Retrieve instance of password hashing algorithm. $password_hasher = drupal_container()->get('password'); // Create a new user and authenticate. - $account = $this->drupalCreateUser(array()); + $account = clone $this->userCases['valid']; $password = $account->pass_raw; $this->drupalLogin($account); $this->drupalLogout(); - // Load the stored user. The password hash should reflect $default_count_log2. + // Load the stored user. The password hash should reflect + // $default_count_log2. $account = user_load($account->uid); $this->assertIdentical($password_hasher->getCountLog2($account->pass), $default_count_log2); @@ -134,13 +232,13 @@ function testPasswordRehashOnLogin() { /** * Make an unsuccessful login attempt. * - * @param $account + * @param object $account * A user object with name and pass_raw attributes for the login attempt. - * @param $flood_trigger + * @param string $flood_trigger * Whether or not to expect that the flood control mechanism will be * triggered. */ - function assertFailedLogin($account, $flood_trigger = NULL) { + protected function assertFailedLogin($account, $flood_trigger = NULL) { $edit = array( 'name' => $account->name, 'pass' => $account->pass_raw,