diff --git a/core/modules/basic_auth/src/Tests/BasicAuthTestTrait.php b/core/modules/basic_auth/src/Tests/BasicAuthTestTrait.php new file mode 100644 index 0000000..7c8c4eb --- /dev/null +++ b/core/modules/basic_auth/src/Tests/BasicAuthTestTrait.php @@ -0,0 +1,35 @@ +getRawContent(). + */ + protected function basicAuthGet($path, array $options = array()) { + // Set up Curl to use basic authentication with the test user's credentials. + $headers = [ + 'Authorization: Basic ' . base64_encode($this->user->getUsername() . ':' . $this->user->pass_raw), + ]; + + return $this->drupalGet($path, $options, $headers); + } + +} diff --git a/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php b/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php index 5d31a61..3ded489 100644 --- a/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php +++ b/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php @@ -8,6 +8,7 @@ namespace Drupal\system\Tests\Session; use Drupal\Core\Url; +use Drupal\basic_auth\Tests\BasicAuthTestTrait; use Drupal\simpletest\WebTestBase; /** @@ -17,6 +18,8 @@ */ class SessionAuthenticationTest extends WebTestBase { + use BasicAuthTestTrait; + /** * A test user. * @@ -36,7 +39,7 @@ protected function setUp() { parent::setUp(); // Create a test administrator user. - $this->user = $this->drupalCreateUser(array('administer site configuration')); + $this->user = $this->drupalCreateUser(['administer site configuration']); } /** @@ -44,12 +47,10 @@ protected function setUp() { * * Regression test for a bug that caused a session initiated by basic * authentication to persist over subsequent unauthorized requests. - * - * @see https://www.drupal.org/node/2468873 */ public function testSessionFromBasicAuthenticationDoesNotLeak() { // This route is authorized through basic_auth only, not cookie. - $protected_url = Url::fromRoute('session_test.get_session'); + $protected_url = Url::fromRoute('session_test.get_session_basic_auth'); // This route is not protected. $unprotected_url = Url::fromRoute('session_test.get_session_no_auth'); @@ -77,25 +78,4 @@ public function testSessionFromBasicAuthenticationDoesNotLeak() { $this->assertResponse(401, 'A subsequent request to the same route without basic authentication is not authorized.'); } - /** - * Retrieves a Drupal path or an absolute path using basic authentication. - * - * @param \Drupal\Core\Url|string $path - * Drupal path or URL to load into the internal browser. - * @param array $options - * Options to be forwarded to the url generator. - * - * @return string - * The retrieved HTML string, also available as $this->getRawContent(). - */ - protected function basicAuthGet($path, array $options = array()) { - // Set up Curl to use basic authentication with the test user's credentials. - $headers = [ - 'Accept: */*', - 'Authorization: Basic ' . base64_encode($this->user->getUsername() . ':' . $this->user->pass_raw), - ]; - - return $this->drupalGet($path, $options, $headers); - } - } diff --git a/core/modules/system/tests/modules/session_test/session_test.routing.yml b/core/modules/system/tests/modules/session_test/session_test.routing.yml index ea59385..0cedf4f 100644 --- a/core/modules/system/tests/modules/session_test/session_test.routing.yml +++ b/core/modules/system/tests/modules/session_test/session_test.routing.yml @@ -90,7 +90,7 @@ session_test.trace_handler: requirements: _access: 'TRUE' -session_test.get_session: +session_test.get_session_basic_auth: path: '/session-test/get-session' defaults: _title: 'Get session information using basic authentication'