diff --git a/core/modules/basic_auth/src/Tests/BasicAuthTestTrait.php b/core/modules/basic_auth/src/Tests/BasicAuthTestTrait.php index ae27db5..2d04672 100644 --- a/core/modules/basic_auth/src/Tests/BasicAuthTestTrait.php +++ b/core/modules/basic_auth/src/Tests/BasicAuthTestTrait.php @@ -32,10 +32,7 @@ protected function basicAuthGet($path, $username, $password, array $options = [] } /** - * Executes a form submission. - * - * This uses the same format as WebTestBase::drupalPostForm(), but uses basic - * authentication. + * Executes a form submission using basic authentication. * * @param string $path * Location of the post form. diff --git a/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php b/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php index 493d7d2..1a67266 100644 --- a/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php +++ b/core/modules/system/src/Tests/Session/SessionAuthenticationTest.php @@ -28,20 +28,6 @@ class SessionAuthenticationTest extends WebTestBase { protected $user; /** - * The username of the test user. - * - * @var string - */ - protected $username; - - /** - * The password of the test user. - * - * @var string - */ - protected $password; - - /** * {@inheritdoc} */ public static $modules = ['basic_auth', 'session_test']; @@ -54,8 +40,6 @@ protected function setUp() { // Create a test administrator user. $this->user = $this->drupalCreateUser(['administer site configuration']); - $this->username = $this->user->getUsername(); - $this->password = $this->user->pass_raw; } /** @@ -76,7 +60,7 @@ public function testSessionFromBasicAuthenticationDoesNotLeak() { $this->assertResponse(401, 'An anonymous user cannot access a route protected with basic authentication.'); // We should be able to access the route with basic authentication. - $this->basicAuthGet($protected_url, $this->username, $this->password); + $this->basicAuthGet($protected_url, $this->user->getUsername(), $this->user->pass_raw); $this->assertResponse(200, 'A route protected with basic authentication can be accessed by an authenticated user.'); // Check that the correct user is logged in. @@ -95,43 +79,35 @@ public function testSessionFromBasicAuthenticationDoesNotLeak() { } /** - * Tests logging in using basic authentication. - */ - public function testLoginWithBasicAuthCredentials() { - // If we use basic authentication with valid credentials this results in a - // successful authentication. When we are already authenticated we should - // be denied access when submitting the login form. - $edit = ['name' => $this->username, 'pass' => $this->password]; - - $this->basicAuthPostForm('', $edit, t('Log in'), $this->username, $this->password); - $this->assertResponse(403); - - // Basic auth doesn't set a cookie, so if we do a subsequent request without - // using basic authentication we are no longer logged in. - $this->drupalGet($this->user->urlInfo()); - $this->assertResponse(403); - - // Let's send some basic_auth authentication headers, but that particular - // route does not have basic_auth authentications. - $this->basicAuthGet($this->user->urlInfo(), $this->username, $this->password); - $this->assertResponse(403); - } - - /** * Tests if a session can be initiated through basic authentication. */ public function testBasicAuthSession() { // Set a session value on a request through basic auth. - $test_session_value = 'alpaca'; - $this->basicAuthGet('session-test/set-session/' . $test_session_value, $this->user->getUsername(), $this->user->pass_raw); + $test_value = 'alpaca'; + $response = $this->basicAuthGet('session-test/set-session/' . $test_value, $this->user->getUsername(), $this->user->pass_raw); + $this->assertSessionData($response, $test_value); + $this->assertResponse(200, 'The request to set a session value was successful.'); // Test that on a subsequent request the session value is still present. - $result = $this->basicAuthGet('session-test/get-session', $this->username, $this->password); - $data = json_decode($result, TRUE); - $this->assertEqual(['test_value' => $test_session_value], $data['session']); + $response = $this->basicAuthGet('session-test/get-session', $this->user->getUsername(), $this->user->pass_raw); + $this->assertSessionData($response, $test_value); + $this->assertResponse(200, 'The request to get a session value was successful.'); + } + + /** + * Checks the session data returned by the session test routes. + * + * @param string $response + * A response object containing the session values and the user ID. + * @param string $expected + * The expected session value. + */ + protected function assertSessionData($response, $expected) { + $response = json_decode($response, TRUE); + $this->assertEqual(['test_value' => $expected], $response['session'], 'The session data matches the expected value.'); - // Check that we are still logged in as the same user. - $this->assertEqual($this->user->id(), $data['user']); + // Check that we are logged in as the correct user. + $this->assertEqual($this->user->id(), $response['user'], 'The correct user is logged in.'); } } diff --git a/core/modules/system/tests/modules/session_test/src/Controller/SessionTestController.php b/core/modules/system/tests/modules/session_test/src/Controller/SessionTestController.php index b5333ee..b17d9a0 100644 --- a/core/modules/system/tests/modules/session_test/src/Controller/SessionTestController.php +++ b/core/modules/system/tests/modules/session_test/src/Controller/SessionTestController.php @@ -189,8 +189,7 @@ public function getSession(Request $request) { public function setSession(Request $request, $test_value) { $session = $request->getSession(); $session->set('test_value', $test_value); - // Nothing to see here, just return 200 OK. - return new Response(); + return new JsonResponse(['session' => $session->all(), 'user' => $this->currentUser()->id()]); } }