diff --git a/protected_node.info b/protected_node.info index a27bb46..79b9f81 100644 --- a/protected_node.info +++ b/protected_node.info @@ -3,11 +3,12 @@ core = 7.x version = 7.x-dev package = Access configure = admin/config/content/protected_node recommends[] = tokens recommends[] = upload files[] = tests/protected_node.test files[] = tests/protected_node.per_node.test files[] = tests/protected_node.per_type.test +files[] = tests/protected_node.global.test files[] = tests/protected_node.mail.test \ No newline at end of file diff --git a/protected_node.redirect.inc b/protected_node.redirect.inc index 2175eb6..05ae30b 100644 --- a/protected_node.redirect.inc +++ b/protected_node.redirect.inc @@ -154,23 +154,20 @@ $protected_node_nid = $form_state['values']['protected_node_nid']; $nid = db_select('protected_nodes') ->fields('protected_nodes', array('nid')) ->condition('protected_node_passwd', $passwd) ->condition('nid', $protected_node_nid) ->execute() ->fetchField(); $node = node_load($protected_node_nid); if (empty($nid)) { // Global content type password exists ? - $global_content_type_password = variable_get('protected_node_node_type_password_' . $node->type, ''); - if ($global_content_type_password != '') { - if ($global_content_type_password != $passwd) { switch (variable_get('protected_node_use_global_password', PROTECTED_NODE_PER_NODE_PASSWORD)) { case PROTECTED_NODE_PER_NODE_AND_GLOBAL_PASSWORD: case PROTECTED_NODE_GLOBAL_PASSWORD: $global_passwd = variable_get('protected_node_global_password', ''); if ($global_passwd == $passwd) { $_SESSION['has_entered_global_password'] = 1; $nid = 1; } else { // This comes last so we avoid loading the node if another password @@ -191,26 +188,20 @@ ->condition('nid', $protected_node_nid) ->condition('uid', 0) ->execute() ->fetchField(); if ($created) { $nid = FALSE; } } break; } - } - // The global content type password match. - else { - $nid = $protected_node_nid; - } - } if (empty($nid)) { form_set_error('password', t('Incorrect password!')); } } } /** * Allow the user to see this node. */ diff --git a/tests/protected_node.global.test b/tests/protected_node.global.test new file mode 100644 index 0000000..2c9ea1b --- /dev/null +++ b/tests/protected_node.global.test @@ -0,0 +1,134 @@ + 'Protected node global password feature', + 'description' => "This tests global features in case of global password protection", + 'group' => 'Protected Node', + ); + } + + /** + * {@inheritdoc} + */ + public function setUp() { + parent::setUp(); + // Generate random password. + $this->global_password = $this->randomName(10); + + // Log in an Admin. + $this->drupalLogin($this->adminUser); + // Submit the configuration form. + $protected_node_settings = array( + 'protected_node_use_global_password' => PROTECTED_NODE_GLOBAL_PASSWORD, + 'protected_node_global_password_field[pass1]' => $this->global_password, + 'protected_node_global_password_field[pass2]' => $this->global_password, + ); + $this->drupalPost('admin/config/content/protected_node', $protected_node_settings, t('Save configuration')); + } + + /** + * Test that the password is well hashed when stored. + */ + public function testHash() { + $hashed_global_password = sha1($this->global_password); + $stored_global_password = variable_get('protected_node_global_password'); + + $this->assertEqual($stored_global_password, $hashed_global_password, "The global password is stored hashed and the value correspond to the global password.", $this->group); + } + + /** + * Test that a node protected with global protection can be seen with the + * right password. + */ + public function testAllowedView() { + // Log in as Admin. + $this->drupalLogin($this->adminUser); + // Create a new page node. + $node = $this->createProtectedNode(); + // Once the node created logout the User. + $this->drupalLogout(); + + // An authenticated user see the node. + $this->drupalLogin($this->normalAccessAllowedUser); + $form = array('password' => $this->global_password); + $this->drupalPost('node/' . $node->nid, $form, t('OK')); + + $text = $node->body['und'][0]['value']; + $this->assertText($text, "User with right permission can access a protected node with right password", $this->group); + } + + /** + * Test that a node protected with global protection can't be seen with the + * wrong password. + */ + public function testAllowedViewWrongPassword() { + // Log in as Admin. + $this->drupalLogin($this->adminUser); + // Create a new page node. + $node = $this->createProtectedNode(); + // Once the node created logout the User. + $this->drupalLogout(); + + // An authenticated user see the node. + $this->drupalLogin($this->normalAccessAllowedUser); + $another_password = $this->randomName(12); + $form = array('password' => $another_password); + $this->drupalPost('node/' . $node->nid, $form, t('OK')); + + $text = $node->body['und'][0]['value']; + $this->assertNoText($text, "User with right permission can't access a protected node with wrong password", $this->group); + } + + /** + * Test that a node protected with global protection can't be seen by an + * authenticated but not allowed user. + */ + public function testAuthenticatedNonAllowedView() { + // Log in as Admin. + $this->drupalLogin($this->adminUser); + // Create a new page node. + $node = $this->createProtectedNode(); + // Once the node created logout the User. + $this->drupalLogout(); + + // User that can see published content see the node. + $this->drupalLogin($this->normalNonAccessAllowedUser); + $this->drupalGet('node/' . $node->nid); + $this->assertResponse(403, "User with no access permission is not allowed to access a protected node"); + } + + /** + * Helper method to create a protected node. + * + * Please make sure the user has the permission to create the node before + * calling the method. + * + * @return node object. + */ + public function createProtectedNode() { + // Add a new page node that is protected. + $node_title = $this->randomName(8); + $node_data = array( + 'title' => $node_title, + 'body[und][0][value]' => $this->randomName(32), + 'protected_node_is_protected' => TRUE, + ); + $this->drupalPost('node/add/page', $node_data, t('Save')); + + return $this->drupalGetNodeByTitle($node_title); + } + +}