diff --git a/core/lib/Drupal/Core/PathProcessor/PathProcessorFront.php b/core/lib/Drupal/Core/PathProcessor/PathProcessorFront.php index 11c66fd..e8ac5d9 100644 --- a/core/lib/Drupal/Core/PathProcessor/PathProcessorFront.php +++ b/core/lib/Drupal/Core/PathProcessor/PathProcessorFront.php @@ -38,9 +38,6 @@ public function __construct(ConfigFactoryInterface $config) { public function processInbound($path, Request $request) { if (empty($path)) { $path = $this->config->get('system.site')->get('page.front'); - if (empty($path)) { - $path = 'user'; - } } return $path; } diff --git a/core/modules/config/src/Tests/ConfigSchemaTest.php b/core/modules/config/src/Tests/ConfigSchemaTest.php index fae3923..be7d824 100644 --- a/core/modules/config/src/Tests/ConfigSchemaTest.php +++ b/core/modules/config/src/Tests/ConfigSchemaTest.php @@ -270,7 +270,7 @@ function testSchemaData() { $property = $meta->get('page')->get('front'); $this->assertTrue($property instanceof StringInterface, 'Got the right wrapper fo the page.front property.'); - $this->assertEqual($property->getValue(), 'user', 'Got the right value for page.front data.'); + $this->assertEqual($property->getValue(), 'user/login', 'Got the right value for page.front data.'); $definition = $property->getDataDefinition(); $this->assertTrue(empty($definition['translatable']), 'Got the right translatability setting for page.front data.'); @@ -278,13 +278,13 @@ function testSchemaData() { $list = $meta->get('page'); $this->assertEqual(count($list), 3, 'Got a list with the right number of properties for site page data'); $this->assertTrue(isset($list['front']) && isset($list['403']) && isset($list['404']), 'Got a list with the right properties for site page data.'); - $this->assertEqual($list['front']->getValue(), 'user', 'Got the right value for page.front data from the list.'); + $this->assertEqual($list['front']->getValue(), 'user/login', 'Got the right value for page.front data from the list.'); // And test some ComplexDataInterface methods. $properties = $list->getProperties(); $this->assertTrue(count($properties) == 3 && $properties['front'] == $list['front'], 'Got the right properties for site page.'); $values = $list->toArray(); - $this->assertTrue(count($values) == 3 && $values['front'] == 'user', 'Got the right property values for site page.'); + $this->assertTrue(count($values) == 3 && $values['front'] == 'user/login', 'Got the right property values for site page.'); // Now let's try something more complex, with nested objects. $wrapper = \Drupal::service('config.typed')->get('image.style.large'); diff --git a/core/modules/simpletest/src/Tests/SimpleTestBrowserTest.php b/core/modules/simpletest/src/Tests/SimpleTestBrowserTest.php index 6cd695b..4ce179c 100644 --- a/core/modules/simpletest/src/Tests/SimpleTestBrowserTest.php +++ b/core/modules/simpletest/src/Tests/SimpleTestBrowserTest.php @@ -64,7 +64,7 @@ public function testInternalBrowser() { 'name' => $user->getUsername(), 'pass' => $user->pass_raw ); - $this->drupalPostForm('user', $edit, t('Log in'), array( + $this->drupalPostForm('user/login', $edit, t('Log in'), array( 'query' => array('destination' => 'user/logout'), )); $headers = $this->drupalGetHeaders(TRUE); @@ -86,9 +86,13 @@ public function testInternalBrowser() { */ public function testUserAgentValidation() { global $base_url; + + // Logout the user which was logged in during test-setup. + $this->drupalLogout(); + $system_path = $base_url . '/' . drupal_get_path('module', 'system'); - $HTTP_path = $system_path .'/tests/http.php?q=node'; - $https_path = $system_path .'/tests/https.php?q=node'; + $HTTP_path = $system_path .'/tests/http.php/user/login'; + $https_path = $system_path .'/tests/https.php/user/login'; // Generate a valid simpletest User-Agent to pass validation. $this->assertTrue(preg_match('/simpletest\d+/', $this->databasePrefix, $matches), 'Database prefix contains simpletest prefix.'); $test_ua = drupal_generate_test_ua($matches[0]); diff --git a/core/modules/simpletest/src/WebTestBase.php b/core/modules/simpletest/src/WebTestBase.php index e7c1875..d274ab8 100644 --- a/core/modules/simpletest/src/WebTestBase.php +++ b/core/modules/simpletest/src/WebTestBase.php @@ -709,7 +709,7 @@ protected function drupalLogin(AccountInterface $account) { 'name' => $account->getUsername(), 'pass' => $account->pass_raw ); - $this->drupalPostForm('user', $edit, t('Log in')); + $this->drupalPostForm('user/login', $edit, t('Log in')); // @see WebTestBase::drupalUserIsLoggedIn() if (isset($this->session_id)) { @@ -746,7 +746,7 @@ protected function drupalLogout() { // Make a request to the logout page, and redirect to the user page, the // idea being if you were properly logged out you should be seeing a login // screen. - $this->drupalGet('user/logout', array('query' => array('destination' => 'user'))); + $this->drupalGet('user/logout', array('query' => array('destination' => 'user/login'))); $this->assertResponse(200, 'User was logged out.'); $pass = $this->assertField('name', 'Username field found.', 'Logout'); $pass = $pass && $this->assertField('pass', 'Password field found.', 'Logout'); diff --git a/core/modules/system/config/install/system.site.yml b/core/modules/system/config/install/system.site.yml index 4be7ae6..10e2be2 100644 --- a/core/modules/system/config/install/system.site.yml +++ b/core/modules/system/config/install/system.site.yml @@ -5,7 +5,7 @@ slogan: '' page: 403: '' 404: '' - front: user + front: user/login admin_compact_mode: false weight_select_max: 100 langcode: en diff --git a/core/modules/system/src/Form/SiteInformationForm.php b/core/modules/system/src/Form/SiteInformationForm.php index fea627f..7f868cd 100644 --- a/core/modules/system/src/Form/SiteInformationForm.php +++ b/core/modules/system/src/Form/SiteInformationForm.php @@ -95,7 +95,7 @@ public function buildForm(array $form, FormStateInterface $form_state) { '#title' => t('Front page'), '#open' => TRUE, ); - $front_page = $site_config->get('page.front') != 'user' ? $this->aliasManager->getAliasByPath($site_config->get('page.front')) : ''; + $front_page = $site_config->get('page.front') != 'user/login' ? $this->aliasManager->getAliasByPath($site_config->get('page.front')) : ''; $form['front_page']['site_frontpage'] = array( '#type' => 'textfield', '#title' => t('Default front page'), @@ -135,8 +135,8 @@ public function buildForm(array $form, FormStateInterface $form_state) { public function validateForm(array &$form, FormStateInterface $form_state) { // Check for empty front page path. if ($form_state->isValueEmpty('site_frontpage')) { - // Set to default "user". - form_set_value($form['front_page']['site_frontpage'], 'user', $form_state); + // Set to default "user/login". + form_set_value($form['front_page']['site_frontpage'], 'user/login', $form_state); } else { // Get the normal path of the front page. diff --git a/core/modules/system/src/Tests/Session/SessionHttpsTest.php b/core/modules/system/src/Tests/Session/SessionHttpsTest.php index c8a7f9b..99c14af 100644 --- a/core/modules/system/src/Tests/Session/SessionHttpsTest.php +++ b/core/modules/system/src/Tests/Session/SessionHttpsTest.php @@ -46,17 +46,17 @@ protected function testHttpsSession() { // Test HTTPS session handling by altering the form action to submit the // login form through https.php, which creates a mock HTTPS request. - $this->drupalGet('user'); + $this->drupalGet('user/login'); $form = $this->xpath('//form[@id="user-login-form"]'); - $form[0]['action'] = $this->httpsUrl('user'); + $form[0]['action'] = $this->httpsUrl('user/login'); $edit = array('name' => $user->getUsername(), 'pass' => $user->pass_raw); $this->drupalPostForm(NULL, $edit, t('Log in')); // Test a second concurrent session. $this->curlClose(); - $this->drupalGet('user'); + $this->drupalGet('user/login'); $form = $this->xpath('//form[@id="user-login-form"]'); - $form[0]['action'] = $this->httpsUrl('user'); + $form[0]['action'] = $this->httpsUrl('user/login'); $this->drupalPostForm(NULL, $edit, t('Log in')); // Check secure cookie on secure page. @@ -89,9 +89,9 @@ protected function testHttpsSession() { // login form through http.php, which creates a mock HTTP request on HTTPS // test environments. $this->curlClose(); - $this->drupalGet('user'); + $this->drupalGet('user/login'); $form = $this->xpath('//form[@id="user-login-form"]'); - $form[0]['action'] = $this->httpUrl('user'); + $form[0]['action'] = $this->httpUrl('user/login'); $edit = array('name' => $user->getUsername(), 'pass' => $user->pass_raw); $this->drupalPostForm(NULL, $edit, t('Log in')); $this->drupalGet($this->httpUrl('admin/config')); @@ -150,13 +150,13 @@ protected function testMixedModeSslSession() { $this->drupalGet('user/password'); $form = $this->xpath('//form[@id="user-pass"]'); $this->assertNotEqual(substr($form[0]['action'], 0, 6), 'https:', 'Password request form action is not secure'); - $form[0]['action'] = $this->httpsUrl('user'); + $form[0]['action'] = $this->httpsUrl('user/login'); // Check that user login form action is secure. - $this->drupalGet('user'); + $this->drupalGet('user/login'); $form = $this->xpath('//form[@id="user-login-form"]'); $this->assertEqual(substr($form[0]['action'], 0, 6), 'https:', 'Login form action is secure'); - $form[0]['action'] = $this->httpsUrl('user'); + $form[0]['action'] = $this->httpsUrl('user/login'); $edit = array( 'name' => $user->getUsername(), @@ -210,9 +210,9 @@ protected function testMixedModeSslSession() { $this->drupalGet($this->httpsUrl('session-test/set/1')); // Mock a login to the secure site using the secure session cookie. - $this->drupalGet('user'); + $this->drupalGet('user/login'); $form = $this->xpath('//form[@id="user-login-form"]'); - $form[0]['action'] = $this->httpsUrl('user'); + $form[0]['action'] = $this->httpsUrl('user/login'); $this->drupalPostForm(NULL, $edit, t('Log in')); // Test that the user is also authenticated on the insecure site. @@ -245,9 +245,9 @@ protected function testCsrfTokenWithMixedModeSsl() { $user = $this->drupalCreateUser(array('access administration pages')); // Login using the HTTPS user-login form. - $this->drupalGet('user'); + $this->drupalGet('user/login'); $form = $this->xpath('//form[@id="user-login-form"]'); - $form[0]['action'] = $this->httpsUrl('user'); + $form[0]['action'] = $this->httpsUrl('user/login'); $edit = array('name' => $user->getUsername(), 'pass' => $user->pass_raw); $this->drupalPostForm(NULL, $edit, t('Log in')); @@ -315,7 +315,7 @@ protected function assertSessionIds($sid, $ssid, $assertion_text) { * Builds a URL for submitting a mock HTTPS request to HTTP test environments. * * @param $url - * A Drupal path such as 'user'. + * A Drupal path such as 'user/login'. * * @return * An absolute URL. @@ -330,7 +330,7 @@ protected function httpsUrl($url) { * Builds a URL for submitting a mock HTTP request to HTTPS test environments. * * @param $url - * A Drupal path such as 'user'. + * A Drupal path such as 'user/login'. * * @return * An absolute URL. diff --git a/core/modules/system/src/Tests/Session/SessionTest.php b/core/modules/system/src/Tests/Session/SessionTest.php index 9e24fd1..ae7fa8d 100644 --- a/core/modules/system/src/Tests/Session/SessionTest.php +++ b/core/modules/system/src/Tests/Session/SessionTest.php @@ -61,7 +61,7 @@ function testSessionSaveRegenerate() { 'name' => $user->getUsername(), 'pass' => $user->pass_raw ); - $this->drupalPostForm('user', $edit, t('Log in')); + $this->drupalPostForm('user/login', $edit, t('Log in')); $this->drupalGet('user'); $pass = $this->assertText($user->getUsername(), format_string('Found name: %name', array('%name' => $user->getUsername())), 'User login'); $this->_logged_in = $pass; diff --git a/core/modules/system/src/Tests/System/AccessDeniedTest.php b/core/modules/system/src/Tests/System/AccessDeniedTest.php index 91e68ef..12f7cdc 100644 --- a/core/modules/system/src/Tests/System/AccessDeniedTest.php +++ b/core/modules/system/src/Tests/System/AccessDeniedTest.php @@ -70,9 +70,9 @@ function testAccessDenied() { $this->assertResponse(403); $this->assertText(t('Username'), 'Blocks are shown on the default 403 page'); - // Log back in, set the custom 403 page to /user and remove the block + // Log back in, set the custom 403 page to /user/login and remove the block $this->drupalLogin($this->admin_user); - \Drupal::config('system.site')->set('page.403', 'user')->save(); + \Drupal::config('system.site')->set('page.403', 'user/login')->save(); $edit = array( 'region' => -1, ); diff --git a/core/modules/system/src/Tests/System/AdminTest.php b/core/modules/system/src/Tests/System/AdminTest.php index 546b62c..fee3cd9 100644 --- a/core/modules/system/src/Tests/System/AdminTest.php +++ b/core/modules/system/src/Tests/System/AdminTest.php @@ -149,8 +149,9 @@ protected function getTopLevelMenuLinks() { * Test compact mode. */ function testCompactMode() { - // The front page defaults to 'user', which redirects to 'user/{user}'. We - // cannot use '', since this does not match the redirected url. + // The front page defaults to 'user/login', which redirects to 'user/{user}' + // for authenticated users. We cannot use '', since this does not + // match the redirected url. $frontpage_url = 'user/' . $this->admin_user->id(); $this->drupalGet('admin/compact/on'); diff --git a/core/modules/user/src/Controller/UserController.php b/core/modules/user/src/Controller/UserController.php index 7ce404d..dc81b4b 100644 --- a/core/modules/user/src/Controller/UserController.php +++ b/core/modules/user/src/Controller/UserController.php @@ -135,20 +135,11 @@ public function resetPass($uid, $timestamp, $hash) { * @param \Symfony\Component\HttpFoundation\Request $request * The current request. * - * @return \Symfony\Component\HttpFoundation\RedirectResponse|array - * Returns either a redirect to the user page or the render - * array of the login form. + * @return \Symfony\Component\HttpFoundation\RedirectResponse + * Returns either a redirect to the user page or the to the user login form. */ public function userPage(Request $request) { - $user = $this->currentUser(); - if ($user->id()) { - $response = $this->redirect('entity.user.canonical', array('user' => $user->id())); - } - else { - $form_builder = $this->formBuilder(); - $response = $form_builder->getForm('Drupal\user\Form\UserLoginForm'); - } - return $response; + return $this->redirect('entity.user.canonical', array('user' => $this->currentUser()->id())); } /** diff --git a/core/modules/user/src/EventSubscriber/AccessDeniedSubscriber.php b/core/modules/user/src/EventSubscriber/AccessDeniedSubscriber.php new file mode 100644 index 0000000..3297c2f --- /dev/null +++ b/core/modules/user/src/EventSubscriber/AccessDeniedSubscriber.php @@ -0,0 +1,95 @@ +account = $account; + $this->urlGenerator = $url_generator; + } + + /** + * Redirects anonymous users from user.page to user.login. + * + * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event + * The event to process. + */ + public function onException(GetResponseForExceptionEvent $event) { + $exception = $event->getException(); + if ($exception instanceof AccessDeniedHttpException) { + $route_name = RouteMatch::createFromRequest($event->getRequest())->getRouteName(); + if ($route_name == 'user.page' && !$this->account->isAuthenticated()) { + $event->setResponse($this->redirect('user.login')); + } + } + } + + /** + * Returns a redirect response object for the specified route. + * + * @param string $route_name + * The name of the route to which to redirect. + * @param array $route_parameters + * Parameters for the route. + * @param int $status + * The HTTP redirect status code for the redirect. The default is 303 See + * Other. + * + * @return \Symfony\Component\HttpFoundation\RedirectResponse + * A redirect response object. + */ + public function redirect($route_name, array $route_parameters = [], $status = RESPONSE::HTTP_SEE_OTHER) { + $url = $this->urlGenerator->generateFromRoute($route_name, $route_parameters, ['absolute' => TRUE]); + return new RedirectResponse($url, $status); + } + + /** + * {@inheritdoc} + */ + public static function getSubscribedEvents() { + $events[KernelEvents::EXCEPTION][] = ['onException']; + return $events; + } + +} diff --git a/core/modules/user/src/EventSubscriber/MaintenanceModeSubscriber.php b/core/modules/user/src/EventSubscriber/MaintenanceModeSubscriber.php index f6aee69..410e222 100644 --- a/core/modules/user/src/EventSubscriber/MaintenanceModeSubscriber.php +++ b/core/modules/user/src/EventSubscriber/MaintenanceModeSubscriber.php @@ -65,17 +65,11 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) { $event->setResponse(new RedirectResponse(url('', array('absolute' => TRUE)))); return; } - - if ($this->account->isAnonymous() && $path == 'user') { - // Forward anonymous user to login page. - $event->setResponse(new RedirectResponse(url('user/login', array('absolute' => TRUE)))); - return; - } } if ($this->account->isAuthenticated()) { if ($path == 'user/login') { // If user is logged in, redirect to 'user' instead of giving 403. - $event->setResponse(new RedirectResponse(url('user', array('absolute' => TRUE)))); + $event->setResponse(new RedirectResponse(url('user/' . $this->account->id(), array('absolute' => TRUE)))); return; } if ($path == 'user/register') { diff --git a/core/modules/user/src/Plugin/Menu/MyAccountMenuLink.php b/core/modules/user/src/Plugin/Menu/MyAccountMenuLink.php deleted file mode 100644 index 0ab054a..0000000 --- a/core/modules/user/src/Plugin/Menu/MyAccountMenuLink.php +++ /dev/null @@ -1,37 +0,0 @@ -pluginDefinition['enabled'] && !\Drupal::currentUser()->isAnonymous(); - } - - /** - * {@inheritdoc} - */ - public function isCacheable() { - return FALSE; - } - -} diff --git a/core/modules/user/src/Tests/UserAccountLinksTests.php b/core/modules/user/src/Tests/UserAccountLinksTests.php index 4ad246b..99abe99 100644 --- a/core/modules/user/src/Tests/UserAccountLinksTests.php +++ b/core/modules/user/src/Tests/UserAccountLinksTests.php @@ -68,9 +68,7 @@ function testSecondaryMenu() { array('callable' => 'menu.default_tree_manipulators:checkAccess'), ); $tree = $menu_tree->transform($tree, $manipulators); - $this->assertEqual(count($tree), 1, 'The secondary links menu contains only one menu link.'); - $element = reset($tree); - $this->assertFalse($element->link->isEnabled(), 'The menu link is disabled.'); + $this->assertEqual(count($tree), 0, 'The secondary links menu contains no menu link.'); } /** diff --git a/core/modules/user/src/Tests/UserLoginTest.php b/core/modules/user/src/Tests/UserLoginTest.php index 15fd7ce..2445085 100644 --- a/core/modules/user/src/Tests/UserLoginTest.php +++ b/core/modules/user/src/Tests/UserLoginTest.php @@ -21,7 +21,7 @@ class UserLoginTest extends WebTestBase { */ function testLoginDestination() { $user = $this->drupalCreateUser(array()); - $this->drupalGet('user', array('query' => array('destination' => 'foo'))); + $this->drupalGet('user/login', array('query' => array('destination' => 'foo'))); $edit = array('name' => $user->getUserName(), 'pass' => $user->pass_raw); $this->drupalPostForm(NULL, $edit, t('Log in')); $expected = url('foo', array('absolute' => TRUE)); @@ -152,7 +152,7 @@ function assertFailedLogin($account, $flood_trigger = NULL) { 'name' => $account->getUsername(), 'pass' => $account->pass_raw, ); - $this->drupalPostForm('user', $edit, t('Log in')); + $this->drupalPostForm('user/login', $edit, t('Log in')); $this->assertNoFieldByXPath("//input[@name='pass' and @value!='']", NULL, 'Password value attribute is blank.'); if (isset($flood_trigger)) { if ($flood_trigger == 'user') { diff --git a/core/modules/user/src/Tests/UserPasswordResetTest.php b/core/modules/user/src/Tests/UserPasswordResetTest.php index 0ea06c0..54f72bb 100644 --- a/core/modules/user/src/Tests/UserPasswordResetTest.php +++ b/core/modules/user/src/Tests/UserPasswordResetTest.php @@ -137,7 +137,7 @@ public function testUserResetPasswordTextboxFilled() { 'name' => $this->randomMachineName(), 'pass' => $this->randomMachineName(), ); - $this->drupalPostForm('user', $edit, t('Log in')); + $this->drupalPostForm('user/login', $edit, t('Log in')); $this->assertRaw(t('Sorry, unrecognized username or password. Have you forgotten your password?', array('@password' => url('user/password', array('query' => array('name' => $edit['name'])))))); unset($edit['pass']); diff --git a/core/modules/user/user.links.menu.yml b/core/modules/user/user.links.menu.yml index 8e60115..62cfe51 100644 --- a/core/modules/user/user.links.menu.yml +++ b/core/modules/user/user.links.menu.yml @@ -3,7 +3,6 @@ user.page: weight: -10 route_name: user.page menu_name: account - class: Drupal\user\Plugin\Menu\MyAccountMenuLink user.logout: title: 'Log out' route_name: user.logout diff --git a/core/modules/user/user.routing.yml b/core/modules/user/user.routing.yml index a036d4b..2a31da2 100644 --- a/core/modules/user/user.routing.yml +++ b/core/modules/user/user.routing.yml @@ -129,9 +129,9 @@ user.page: path: '/user' defaults: _content: '\Drupal\user\Controller\UserController::userPage' - _title: 'Log in' + _title: 'My account' requirements: - _access: 'TRUE' + _user_is_logged_in: 'TRUE' entity.user.canonical: path: '/user/{user}' diff --git a/core/modules/user/user.services.yml b/core/modules/user/user.services.yml index 7ccd7be..558364c 100644 --- a/core/modules/user/user.services.yml +++ b/core/modules/user/user.services.yml @@ -43,6 +43,11 @@ services: arguments: ['@maintenance_mode', '@current_user'] tags: - { name: event_subscriber } + user_access_denied_subscriber: + class: Drupal\user\EventSubscriber\AccessDeniedSubscriber + arguments: ['@current_user', '@url_generator'] + tags: + - { name: event_subscriber } theme.negotiator.admin_theme: class: Drupal\user\Theme\AdminNegotiator arguments: ['@current_user', '@config.factory', '@entity.manager', '@router.admin_context'] diff --git a/core/tests/Drupal/Tests/Core/PathProcessor/PathProcessorTest.php b/core/tests/Drupal/Tests/Core/PathProcessor/PathProcessorTest.php index b39995f..ef7d3ee 100644 --- a/core/tests/Drupal/Tests/Core/PathProcessor/PathProcessorTest.php +++ b/core/tests/Drupal/Tests/Core/PathProcessor/PathProcessorTest.php @@ -98,7 +98,7 @@ function testProcessInbound() { // Passing in anything else should return the same string. array('fr/foo', NULL, 'fr/foo'), array('fr', NULL, 'fr'), - array('user', NULL, 'user'), + array('user/login', NULL, 'user/login'), ); $alias_manager->expects($this->any()) @@ -110,7 +110,7 @@ function testProcessInbound() { $config_factory_stub = $this->getConfigFactoryStub( array( 'system.site' => array( - 'page.front' => 'user' + 'page.front' => 'user/login' ), 'language.negotiation' => array( 'url' => array( @@ -188,7 +188,7 @@ function testProcessInbound() { $test_path = 'fr'; $request = Request::create($test_path); $processed = $processor_manager->processInbound($test_path, $request); - $this->assertEquals('user', $processed, 'Processing in the correct order resolves the system path from the empty path.'); + $this->assertEquals('user/login', $processed, 'Processing in the correct order resolves the system path from the empty path.'); // Test resolving an existing alias using the correct processor order. $test_path = 'fr/foo';