diff --git a/core/modules/serialization/src/EventSubscriber/UserRouteAlterSubscriber.php b/core/modules/serialization/src/EventSubscriber/UserRouteAlterSubscriber.php index d8002d2..a8b71c7 100644 --- a/core/modules/serialization/src/EventSubscriber/UserRouteAlterSubscriber.php +++ b/core/modules/serialization/src/EventSubscriber/UserRouteAlterSubscriber.php @@ -2,7 +2,6 @@ namespace Drupal\serialization\EventSubscriber; - use Drupal\Core\Routing\RouteBuildEvent; use Drupal\Core\Routing\RoutingEvents; use Symfony\Component\EventDispatcher\EventSubscriberInterface; diff --git a/core/modules/user/src/Controller/UserAuthenticationController.php b/core/modules/user/src/Controller/UserAuthenticationController.php index e5a960e..4e7d784 100644 --- a/core/modules/user/src/Controller/UserAuthenticationController.php +++ b/core/modules/user/src/Controller/UserAuthenticationController.php @@ -166,13 +166,13 @@ public function login(Request $request) { // Send basic metadata about the logged in user. $response_data = []; - if ($user->get('uid')->access('view')) { + if ($user->get('uid')->access('view', $user)) { $response_data['current_user']['uid'] = $user->id(); } - if ($user->get('roles')->access('view')) { + if ($user->get('roles')->access('view', $user)) { $response_data['current_user']['roles'] = $user->getRoles(); } - if ($user->get('name')->access('view')) { + if ($user->get('name')->access('view', $user)) { $response_data['current_user']['name'] = $user->getAccountName(); } $response_data['csrf_token'] = $this->csrfToken->get('rest'); diff --git a/core/modules/user/tests/src/Functional/UserLoginHttpTest.php b/core/modules/user/tests/src/Functional/UserLoginHttpTest.php index 6d4b020..8bd1e5a 100644 --- a/core/modules/user/tests/src/Functional/UserLoginHttpTest.php +++ b/core/modules/user/tests/src/Functional/UserLoginHttpTest.php @@ -70,7 +70,7 @@ protected function loginRequest($name, $pass, $format = 'json') { } $result = \Drupal::httpClient()->post($user_login_url->toString(), [ - 'body' => $this->encode($request_body, $format), + 'body' => $this->serializer->encode($request_body, $format), 'headers' => [ 'Accept' => "application/$format", ], @@ -88,7 +88,7 @@ public function testLogin() { foreach ([FALSE, TRUE] as $serialization_enabled_option) { if ($serialization_enabled_option) { /** @var \Drupal\Core\Extension\ModuleInstaller $module_installer */ - $module_installer = \Drupal::service('module_installer'); + $module_installer = $this->container->get('module_installer'); $module_installer->install(['serialization']); $formats = ['json', 'xml']; } @@ -98,7 +98,9 @@ public function testLogin() { } foreach ($formats as $format) { // Create new user for each iteration to reset flood. - $account = $this->drupalCreateUser(); + // Grant the user administer users permissions to they can see the + // 'roles' field. + $account = $this->drupalCreateUser(['administer users']); $name = $account->getUsername(); $pass = $account->passRaw; @@ -107,7 +109,7 @@ public function testLogin() { $user_login_status_url->setAbsolute(); $response = $client->get($user_login_status_url->toString()); - $this->assertResponse($response, 200, UserAuthenticationController::LOGGED_OUT); + $this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_OUT); // Flooded. $this->config('user.flood') @@ -115,16 +117,16 @@ public function testLogin() { ->save(); $response = $this->loginRequest($name, 'wrong-pass', $format); - $this->assertResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); + $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); $response = $this->loginRequest($name, 'wrong-pass', $format); - $this->assertResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); + $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); $response = $this->loginRequest($name, 'wrong-pass', $format); - $this->assertResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); + $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); $response = $this->loginRequest($name, 'wrong-pass', $format); - $this->assertResponseWithMessage($response, 403, 'Too many failed login attempts from your IP address. This IP address is temporarily blocked.', $format); + $this->assertHttpResponseWithMessage($response, 403, 'Too many failed login attempts from your IP address. This IP address is temporarily blocked.', $format); // After testing the flood control we can increase the limit. $this->config('user.flood') @@ -132,13 +134,13 @@ public function testLogin() { ->save(); $response = $this->loginRequest(NULL, NULL, $format); - $this->assertResponseWithMessage($response, 400, 'Missing credentials.', $format); + $this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.', $format); $response = $this->loginRequest(NULL, $pass, $format); - $this->assertResponseWithMessage($response, 400, 'Missing credentials.name.', $format); + $this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.name.', $format); $response = $this->loginRequest($name, NULL, $format); - $this->assertResponseWithMessage($response, 400, 'Missing credentials.pass.', $format); + $this->assertHttpResponseWithMessage($response, 400, 'Missing credentials.pass.', $format); // Blocked. $account @@ -146,22 +148,24 @@ public function testLogin() { ->save(); $response = $this->loginRequest($name, $pass, $format); - $this->assertResponseWithMessage($response, 400, 'The user has not been activated or is blocked.', $format); + $this->assertHttpResponseWithMessage($response, 400, 'The user has not been activated or is blocked.', $format); $account ->activate() ->save(); $response = $this->loginRequest($name, 'garbage', $format); - $this->assertResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); + $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); $response = $this->loginRequest('garbage', $pass, $format); - $this->assertResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); + $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.', $format); $response = $this->loginRequest($name, $pass, $format); $this->assertEquals(200, $response->getStatusCode()); - $result_data = $this->decode($response->getBody(), $format); + $result_data = $this->serializer->decode($response->getBody(), $format); $this->assertEquals($name, $result_data['current_user']['name']); + $this->assertEquals($account->id(), $result_data['current_user']['uid']); + $this->assertEquals($account->getRoles(), $result_data['current_user']['roles']); $response = $client->get($user_login_status_url->toString(), ['cookies' => $this->cookies]); $this->assertEquals(200, $response->getStatusCode()); @@ -171,7 +175,7 @@ public function testLogin() { $this->assertEquals(204, $response->getStatusCode()); $response = $client->get($user_login_status_url->toString(), ['cookies' => $this->cookies]); - $this->assertResponse($response, 200, UserAuthenticationController::LOGGED_OUT); + $this->assertHttpResponse($response, 200, UserAuthenticationController::LOGGED_OUT); $this->resetFlood(); } @@ -179,36 +183,6 @@ public function testLogin() { } /** - * Encodes data for a request into a given format. - * - * @param mixed $data - * The data to be encoded. - * @param string $format - * The format to be encoded into. - * - * @return mixed - * Encoded data. - */ - protected function encode($data, $format) { - return $this->serializer->encode($data, $format); - } - - /** - * Decodes data for a request from a given format. - * - * @param mixed $data - * The data to be decoded. - * @param string $format - * The format to be decoded from. - * - * @return mixed - * Decoded data. - */ - protected function decode($data, $format) { - return $this->serializer->decode($data, $format); - } - - /** * Gets a value for a given key from the response. * * @param \Psr\Http\Message\ResponseInterface $response @@ -222,7 +196,7 @@ protected function decode($data, $format) { * The value for the key. */ protected function getResultValue(ResponseInterface $response, $key, $format) { - $decoded = $this->decode((string) $response->getBody(), $format); + $decoded = $this->serializer->decode((string) $response->getBody(), $format); if (is_array($decoded)) { return $decoded[$key]; } @@ -235,7 +209,7 @@ protected function getResultValue(ResponseInterface $response, $key, $format) { * Resets all flood entries. */ protected function resetFlood() { - \Drupal::database()->delete(DatabaseBackend::TABLE_NAME)->execute(); + $this->container->get('database')->delete(DatabaseBackend::TABLE_NAME)->execute(); } /** @@ -251,7 +225,7 @@ public function testGlobalLoginFloodControl() { ->set('user_limit', 4000) ->save(); - $user = $this->drupalCreateUser(array()); + $user = $this->drupalCreateUser([]); $incorrect_user = clone $user; $incorrect_user->passRaw .= 'incorrect'; @@ -263,20 +237,7 @@ public function testGlobalLoginFloodControl() { // IP limit has reached to its limit. Even valid user credentials will fail. $response = $this->loginRequest($user->getUsername(), $user->passRaw); - $this->assertResponseWithMessage($response, '403', 'Access is blocked because of IP based flood prevention.'); - } - - /** - * Returns an immutable configuration object for a given name. - * - * @param string $config_name - * The configuration name. - * - * @return \Drupal\Core\Config\Config - * The editable configuration object. - */ - protected function config($config_name) { - return \Drupal::configFactory()->getEditable($config_name); + $this->assertHttpResponseWithMessage($response, '403', 'Access is blocked because of IP based flood prevention.'); } /** @@ -289,7 +250,7 @@ protected function config($config_name) { * @param mixed $expected_body * The expected response body. */ - protected function assertResponse(ResponseInterface $response, $expected_code, $expected_body) { + protected function assertHttpResponse(ResponseInterface $response, $expected_code, $expected_body) { $this->assertEquals($expected_code, $response->getStatusCode()); $this->assertEquals($expected_body, (string) $response->getBody()); } @@ -306,7 +267,7 @@ protected function assertResponse(ResponseInterface $response, $expected_code, $ * @param string $format * The format that the response is encoded in. */ - protected function assertResponseWithMessage(ResponseInterface $response, $expected_code, $expected_message, $format = 'json') { + protected function assertHttpResponseWithMessage(ResponseInterface $response, $expected_code, $expected_message, $format = 'json') { $this->assertEquals($expected_code, $response->getStatusCode()); $this->assertEquals($expected_message, $this->getResultValue($response, 'message', $format)); } @@ -326,16 +287,16 @@ public function testPerUserLoginFloodControl() { ->set('uid_only', $uid_only_setting) ->save(); - $user1 = $this->drupalCreateUser(array()); + $user1 = $this->drupalCreateUser([]); $incorrect_user1 = clone $user1; $incorrect_user1->passRaw .= 'incorrect'; - $user2 = $this->drupalCreateUser(array()); + $user2 = $this->drupalCreateUser([]); // Try 2 failed logins. for ($i = 0; $i < 2; $i++) { $response = $this->loginRequest($incorrect_user1->getUsername(), $incorrect_user1->passRaw); - $this->assertResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.'); + $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.'); } // A successful login will reset the per-user flood control count. @@ -345,7 +306,7 @@ public function testPerUserLoginFloodControl() { // Try 3 failed logins for user 1, they will not trigger flood control. for ($i = 0; $i < 3; $i++) { $response = $this->loginRequest($incorrect_user1->getUsername(), $incorrect_user1->passRaw); - $this->assertResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.'); + $this->assertHttpResponseWithMessage($response, 400, 'Sorry, unrecognized username or password.'); } // Try one successful attempt for user 2, it should not trigger any @@ -363,7 +324,7 @@ public function testPerUserLoginFloodControl() { else { $excepted_message = 'Too many failed login attempts from your IP address. This IP address is temporarily blocked.'; } - $this->assertResponseWithMessage($response, 403, $excepted_message); + $this->assertHttpResponseWithMessage($response, 403, $excepted_message); } } @@ -378,7 +339,7 @@ public function testPerUserLoginFloodControl() { * The HTTP response. */ protected function logoutRequest($format = 'json') { - $client = \Drupal::httpClient(); + $client = $this->container->get('http_client'); $user_logout_url = Url::fromRoute('user.logout.http') ->setRouteParameter('_format', $format) ->setAbsolute();