Problem/Motivation

In #2990511: Add comprehensive test coverage for update status for security releases, we added more robust test coverage for the update module security release tests. In #2804155: If the next minor version of core has a security release, status still says "Security update required!" even if the site is on an equivalent, secure release already, there is a change to improve those tests to allow it to check for three messages (No update, update available, or security update required) rather than just a boolean for whether or not it says "update available". However, this is out of scope for the bug being fixed.

Proposed resolution

Add the new test functionality first based on #2804155: If the next minor version of core has a security release, status still says "Security update required!" even if the site is on an equivalent, secure release already.

Remaining tasks

  1. +++ b/core/modules/update/tests/src/Functional/UpdateContribTest.php
@@ -445,14 +445,14 @@ public function testHookUpdateStatusAlter() {
    *   The module version the site is using.
    * @param string[] $expected_security_releases
    *   The security releases, if any, that the status report should recommend.
-   * @param bool $update_available
-   *   Whether an update should be available.
+   * @param string $expected_update_message_type
+   *   The type of update message expected.
    * @param string $fixture
    *   The fixture file to use.
    *
    * @dataProvider securityUpdateAvailabilityProvider
    */
-  public function testSecurityUpdateAvailability($module_version, array $expected_security_releases, $update_available, $fixture) {
+  public function testSecurityUpdateAvailability($module_version, array $expected_security_releases, $expected_update_message_type, $fixture) {
     $system_info = [
       '#all' => [
         'version' => '8.0.0',
@@ -465,7 +465,7 @@ public function testSecurityUpdateAvailability($module_version, array $expected_

@@ -465,7 +465,7 @@ public function testSecurityUpdateAvailability($module_version, array $expected_
     ];
     $this->config('update_test.settings')->set('system_info', $system_info)->save();
     $this->refreshUpdateStatus(['drupal' => '0.0', 'aaa_update_test' => $fixture]);
-    $this->assertSecurityUpdates('aaa_update_test', $expected_security_releases, $update_available, 'table.update:nth-of-type(2)');
+    $this->assertSecurityUpdates('aaa_update_test', $expected_security_releases, $expected_update_message_type, 'table.update:nth-of-type(2)');
   }

    These changes can be included in the new issue. 

  2. +++ b/core/modules/update/tests/src/Functional/UpdateContribTest.php
@@ -505,7 +505,7 @@ public function securityUpdateAvailabilityProvider() {
-        'update_available' => FALSE,
+        'expected_update_message_type' => static::SECURITY_UPDATE_REQUIRED,

    Changes like these should be included in the new issue. 

  3. +++ b/core/modules/update/tests/src/Functional/UpdateContribTest.php
@@ -545,9 +545,17 @@ public function securityUpdateAvailabilityProvider() {
+      // On latest security release for module major release 1.
+      // Security release also available for next major.
+      '8.x-1.2, 8.x-1.2 8.x-2.2' => [
+        'module_patch_version' => '8.x-1.2',
+        'expected_security_release' => [],
+        'expected_update_message_type' => static::UPDATE_NONE,
+        'fixture' => 'sec.8.x-1.2_8.x-2.2',
+      ],

    New test cases like this should not be included in the new issue. 

  4. +++ b/core/modules/update/tests/src/Functional/UpdateCoreTest.php
@@ -165,17 +165,17 @@ public function testMajorUpdateAvailable() {
-   * @param bool $update_available
-   *   Whether an update is available.
+   * @param string $expected_update_message_type
+   *   The type of update message expected.
    * @param string $fixture
    *   The test fixture that contains the test XML.
    *
    * @dataProvider securityUpdateAvailabilityProvider
    */
-  public function testSecurityUpdateAvailability($site_patch_version, array $expected_security_releases, $update_available, $fixture) {
+  public function testSecurityUpdateAvailability($site_patch_version, array $expected_security_releases, $expected_update_message_type, $fixture) {
     $this->setSystemInfo("8.$site_patch_version");
     $this->refreshUpdateStatus(['drupal' => $fixture]);
-    $this->assertSecurityUpdates('drupal-8', $expected_security_releases, $update_available, 'table.update');
+    $this->assertSecurityUpdates('drupal-8', $expected_security_releases, $expected_update_message_type, 'table.update');
   }

    These changes should be included in the new issue. 

  5. +++ b/core/modules/update/tests/src/Functional/UpdateTestBase.php
@@ -25,6 +25,21 @@
  */
 abstract class UpdateTestBase extends BrowserTestBase {
 
+  /**
+   * Denotes a security update will be required in the test case.
+   */
+  const SECURITY_UPDATE_REQUIRED = 'SECURITY_UPDATE_REQUIRED';
+
+  /**
+   * Denotes an update will be available in the test case.
+   */
+  const UPDATE_AVAILABLE = 'UPDATE_AVAILABLE';
+
+  /**
+   * Denotes no update will be available in the test case.
+   */
+  const UPDATE_NONE = 'UPDATE_NONE';
+
   protected function setUp() {
     parent::setUp();
 
@@ -84,14 +99,16 @@ protected function standardTests() {

@@ -84,14 +99,16 @@ protected function standardTests() {
   /**
    * Asserts the expected security updates are displayed correctly on the page.
    *
+   * @param string $project_path_part
+   *   The project path part needed for the download and release links.
    * @param string[] $expected_security_releases
    *   The security releases, if any, that the status report should recommend.
-   * @param bool $update_available
-   *   Whether an update should be available.
-   * @param $update_element_css_locator
+   * @param string $expected_update_message_type
+   *   The type of update message expected.
+   * @param string $update_element_css_locator
    *   The CSS locator for the page element that contains the security updates.
    */
-  protected function assertSecurityUpdates($project, array $expected_security_releases, $update_available, $update_element_css_locator) {
+  protected function assertSecurityUpdates($project_path_part, array $expected_security_releases, $expected_update_message_type, $update_element_css_locator) {
     $assert_session = $this->assertSession();
     $page = $this->getSession()->getPage();
     $this->standardTests();
@@ -105,13 +122,20 @@ protected function assertSecurityUpdates($project, array $expected_security_rele

@@ -105,13 +122,20 @@ protected function assertSecurityUpdates($project, array $expected_security_rele
     if ($expected_security_releases) {
       $expected_download_urls = [];
       $expected_release_urls = [];
-      foreach ($expected_security_releases as $expected_security_release) {
-        $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Up to date');
+      if ($expected_update_message_type === static::SECURITY_UPDATE_REQUIRED) {
         $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Update available');
         $assert_session->elementTextContains('css', $update_element_css_locator, 'Security update required!');
+        $assert_session->responseContains('error.svg', 'Error icon was found.');
+      }
+      else {
+        $assert_session->elementTextContains('css', $update_element_css_locator, 'Update available');
+        $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Security update required!');
+      }
+      $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Up to date');
+      foreach ($expected_security_releases as $expected_security_release) {
         $expected_url_version = str_replace('.', '-', $expected_security_release);
-        $release_url = "http://example.com/$project-$expected_url_version-release";
-        $download_url = "http://example.com/$project-$expected_url_version.tar.gz";
+        $release_url = "http://example.com/$project_path_part-$expected_url_version-release";
+        $download_url = "http://example.com/$project_path_part-$expected_url_version.tar.gz";
         $expected_release_urls[] = $release_url;
         $expected_download_urls[] = $download_url;
         // Ensure the expected links are security links.
@@ -119,7 +143,6 @@ protected function assertSecurityUpdates($project, array $expected_security_rele

@@ -119,7 +143,6 @@ protected function assertSecurityUpdates($project, array $expected_security_rele
         $this->assertTrue(in_array($download_url, $all_security_download_urls), "Release $download_url is a security download link.");
         $assert_session->linkByHrefExists($release_url);
         $assert_session->linkByHrefExists($download_url);
-        $assert_session->responseContains('error.svg', 'Error icon was found.');
       }
       // Ensure no other links are shown as security releases.
       $this->assertEquals([], array_diff($all_security_release_urls, $expected_release_urls));
@@ -130,14 +153,17 @@ protected function assertSecurityUpdates($project, array $expected_security_rele

@@ -130,14 +153,17 @@ protected function assertSecurityUpdates($project, array $expected_security_rele
       $this->assertEquals([], $all_security_release_urls);
       $this->assertEquals([], $all_security_download_urls);
       $assert_session->pageTextNotContains('Security update required!');
-      if ($update_available) {
+      if ($expected_update_message_type === static::UPDATE_AVAILABLE) {
         $assert_session->elementTextContains('css', $update_element_css_locator, 'Update available');
         $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Up to date');
       }
-      else {
+      elseif ($expected_update_message_type === static::UPDATE_NONE) {
         $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Update available');
         $assert_session->elementTextContains('css', $update_element_css_locator, 'Up to date');
       }
+      else {
+        $this->fail('Unexpected value for $expected_update_message_type: ' . $expected_update_message_type);
+      }
     }
   }

    All of these changes should be included in the new issue.

User interface changes

API changes

Data model changes

CommentFileSizeAuthor
#23 interdiff.2995076.15-23.txt837 bytesmikelutz
#23 2995076-23.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch14.31 KBmikelutz
#15 interdiff.2995076.12-15.txt1.07 KBmikelutz
#15 2995076-15.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch14.31 KBmikelutz
#12 interdiff.2995076.10-12.txt2.11 KBmikelutz
#12 interdiff.2995076.5-10.txt9.59 KBmikelutz
#12 2995076-12.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch14.38 KBmikelutz
#10 2995076-10.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch15.33 KBmikelutz
#8 interdiff-2804155-2995076-1.txt7.25 KBmradcliffe
#5 2995076-1.patch23.22 KBbenjamindamron

Comments

xjm created an issue. See original summary.

xjm’s picture

xjm
she/her
Primary language English
commented
Issue tags: +MWDS2018
benjamindamron’s picture

benjamindamron commented

Still working on this.

benjamindamron’s picture

benjamindamron commented

I believe I have everything but the rename of files isn't working:

diff --git a/core/modules/update/tests/modules/update_test/drupal.sec.0.2-rc2-b.xml b/core/modules/update/tests/modules/update_test/drupal.sec.2.0-rc2-b.xml
similarity index 100%
rename from core/modules/update/tests/modules/update_test/drupal.sec.0.2-rc2-b.xml
rename to core/modules/update/tests/modules/update_test/drupal.sec.2.0-rc2-b.xml
diff --git a/core/modules/update/tests/modules/update_test/drupal.sec.0.2-rc2.xml b/core/modules/update/tests/modules/update_test/drupal.sec.2.0-rc2.xml
similarity index 100%
rename from core/modules/update/tests/modules/update_test/drupal.sec.0.2-rc2.xml
rename to core/modules/update/tests/modules/update_test/drupal.sec.2.0-rc2.xml

Will keep looking.

benjamindamron’s picture

benjamindamron commented
Status: Active » Needs work
StatusFileSize
new 2995076-1.patch23.22 KB

What I have so far. The rename doesn't work for me. Can someone try it out?

xjm’s picture

xjm
she/her
Primary language English
commented

Thanks @benjamindamron!

mradcliffe’s picture

mradcliffe
he/him
Primary language English
commented
Status: Needs work » Needs review

The patch applied for me and I saw the new 2.0 files renamed.

I don't have time to review the patch. It is a pretty big patch to review to compare the things that @xjm mentioned in the issue summary to confirm that those and only those are in the patch as compared to #2804155: If the next minor version of core has a security release, status still says "Security update required!" even if the site is on an equivalent, secure release already. I'll flip this to Needs review to see what the test bot makes of it and for anyone who wants to review the patch.

mradcliffe’s picture

mradcliffe
he/him
Primary language English
commented
StatusFileSize
new interdiff-2804155-2995076-1.txt7.25 KB

But what I can do is run an interdiff between the patch in #90 by @tedmow of #2804155: If the next minor version of core has a security release, status still says "Security update required!" even if the site is on an equivalent, secure release already and the patch in #5.

xjm’s picture

xjm
she/her
Primary language English
commented
Issue summary: View changes
Status: Needs review » Needs work

Thanks, this is really close! There are a few more changes in this patch than we actually need for this issue. The following changes don't need to be included:

  1. index 0000000000..8665e46b36
--- /dev/null

--- /dev/null
+++ b/core/modules/update/tests/modules/update_test/drupal.sec.1.2_secure.xml

    (Whole file) This text fixture is for tests for the other issue, so we don't need to add it here. 

  2. +++ b/core/modules/update/tests/modules/update_test/drupal.sec.1.2_secure.xml
similarity index 100%
rename from core/modules/update/tests/modules/update_test/drupal.sec.0.2-rc2-b.xml

rename from core/modules/update/tests/modules/update_test/drupal.sec.0.2-rc2-b.xml
rename to core/modules/update/tests/modules/update_test/drupal.sec.2.0-rc2-b.xml

rename to core/modules/update/tests/modules/update_test/drupal.sec.2.0-rc2-b.xml
diff --git a/core/modules/update/tests/modules/update_test/drupal.sec.0.2-rc2.xml b/core/modules/update/tests/modules/update_test/drupal.sec.2.0-rc2.xml

diff --git a/core/modules/update/tests/modules/update_test/drupal.sec.0.2-rc2.xml b/core/modules/update/tests/modules/update_test/drupal.sec.2.0-rc2.xml
similarity index 100%

similarity index 100%
rename from core/modules/update/tests/modules/update_test/drupal.sec.0.2-rc2.xml

rename from core/modules/update/tests/modules/update_test/drupal.sec.0.2-rc2.xml
rename to core/modules/update/tests/modules/update_test/drupal.sec.2.0-rc2.xml

    Oops! I didn't mean for these renames to be included in the scope for this issue. That was a copy/paste mistake on my part in the IS. I will update the summary and let's take these changes out of the patch. 

  3. +++ b/core/modules/update/tests/src/Functional/UpdateContribTest.php
@@ -545,9 +545,17 @@ public function securityUpdateAvailabilityProvider() {
+      // On latest security release for module major release 1.
+      // Security release also available for next major.
+//      '8.x-1.2, 8.x-1.2 8.x-2.2' => [
+//        'module_patch_version' => '8.x-1.2',
+//        'expected_security_release' => [],
+//        'expected_update_message_type' => static::UPDATE_NONE,
+//        'fixture' => 'sec.8.x-1.2_8.x-2.2',
+//      ],

+++ b/core/modules/update/tests/src/Functional/UpdateCoreTest.php
@@ -264,34 +279,45 @@ public function securityUpdateAvailabilityProvider() {
-        'update_available' => FALSE,
-        // @todo Change to use fixture 'sec.0.2-rc2' in
-        // https://www.drupal.org/node/2804155. Currently this case would fail
-        // because 8.2.0-rc2 would be the recommend security release.
-        'fixture' => 'sec.0.2-rc2-b',
+        'expected_update_message_type' => static::UPDATE_NONE,
+        'fixture' => 'sec.2.0-rc2',
...
+      // All releases for minor 0 are secure.
+      // Security release available for next minor.
+      '0.0, 1.2, secure' => [
+        'site_patch_version' => '0.0',
+        'expected_security_release' => ['1.2'],
+        'expected_update_message_type' => static::UPDATE_AVAILABLE,
+        'fixture' => 'sec.1.2_secure',
+      ],
+      '0.2, 1.2, secure' => [
+        'site_patch_version' => '0.2',
+        'expected_security_release' => ['1.2'],
+        'expected_update_message_type' => static::UPDATE_AVAILABLE,
+        'fixture' => 'sec.1.2_secure',
+      ],

    These added hunks are added test coverage that is a part of fixing the other issue #2804155: If the next minor version of core has a security release, status still says "Security update required!" even if the site is on an equivalent, secure release already and should not be included here. So we can just remove these hunks from the patch. 

  4. +++ b/core/modules/update/tests/src/Functional/UpdateCoreTest.php
@@ -191,7 +191,7 @@ public function testSecurityUpdateAvailability($site_patch_version, array $expec
    *   - 8.0.1 Insecure
    *   - 8.0.0 Insecure
-   * - drupal.sec.0.2-rc2.xml
+   * - drupal.sec.2.0-rc2.xml
    *   - 8.2.0-rc2 Security update
    *   - 8.2.0-rc1 Insecure
    *   - 8.2.0-beta2 Insecure
@@ -218,7 +218,7 @@ public function testSecurityUpdateAvailability($site_patch_version, array $expec

@@ -218,7 +218,7 @@ public function testSecurityUpdateAvailability($site_patch_version, array $expec
    *   - 8.0.2 Insecure
    *   - 8.0.1 Insecure
    *   - 8.0.0 Insecure
-   * - drupal.sec.0.2-rc2-b.xml
+   * - drupal.sec.2.0-rc2-b.xml
    *   - 8.2.0-rc2
    *   - 8.2.0-rc1
    *   - 8.2.0-beta2
@@ -231,6 +231,13 @@ public function testSecurityUpdateAvailability($site_patch_version, array $expec

@@ -231,6 +231,13 @@ public function testSecurityUpdateAvailability($site_patch_version, array $expec
    *   - 8.0.2 Security update
    *   - 8.0.1 Insecure
    *   - 8.0.0 Insecure
+   * - drupal.sec.1.2_secure.xml
+   *   - 8.1.2 Security update
+   *   - 8.1.1 Insecure
+   *   - 8.1.0 Insecure
+   *   - 8.0.2 Insecure
+   *   - 8.0.1 Insecure
+   *   - 8.0.0 Insecure

    These docs fixes are either related to the misnamed fixtures or the bugfix for #2804155: If the next minor version of core has a security release, status still says "Security update required!" even if the site is on an equivalent, secure release already, so these hunks can be removed from the patch as well.

So let's just take out those few parts.

mikelutz’s picture

mikelutz
He/Him
Primary language English
Location Michigan, USA
commented
StatusFileSize
new 2995076-10.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch15.33 KB

I was partially paying attention to the issue at camp. I don't fully understand it, but I can remove hunks pretty easily if this helps.

xjm’s picture

xjm
she/her
Primary language English
commented

Thanks @mikelutz!

  1. +++ b/core/modules/update/tests/src/Functional/UpdateCoreTest.php
@@ -239,16 +239,24 @@ public function securityUpdateAvailabilityProvider() {
+      // Site on latest security release available for site minor release 0.
+      // Minor release 1 also has a security release.
+      '0.2, 0.2' => [
+        'site_patch_version' => '0.2',
+        'expected_security_release' => ['1.2', '2.0-rc2'],
+        'expected_update_message_type' => static::UPDATE_AVAILABLE,
+        'fixture' => 'sec.2.0-rc2',
+      ],

@@ -310,16 +318,16 @@ public function securityUpdateAvailabilityProvider() {
     // @todo In https://www.drupal.org/node/2865920 add test cases:
     //   - For all pre-releases for 8.2.0 except 8.2.0-rc2 using the
-    //     'sec.0.2-rc2' fixture to ensure that 8.2.0-rc2 is the only security
+    //     'sec.2.0-rc2' fixture to ensure that 8.2.0-rc2 is the only security
     //     update.
-    //   - For 8.1.0 using fixture 'sec.0.2-rc2' to ensure that only security
+    //   - For 8.1.0 using fixture 'sec.2.0-rc2' to ensure that only security
     //     updates are 8.1.2 and 8.2.0-rc2.
     return $test_cases;

    These two bits should be removed as well. 

  2. +++ b/core/modules/update/tests/src/Functional/UpdateCoreTest.php
@@ -264,15 +272,15 @@ public function securityUpdateAvailabilityProvider() {
-        'fixture' => 'sec.0.2-rc2',
...
+        'fixture' => 'sec.2.0-rc2',

@@ -310,16 +318,16 @@ public function securityUpdateAvailabilityProvider() {
-        'update_available' => $pre_release === '2.0-rc2' ? FALSE : TRUE,
-        'fixture' => 'sec.0.2-rc2-b',
+        'expected_update_message_type' => $pre_release === '2.0-rc2' ? static::UPDATE_NONE : static::UPDATE_AVAILABLE,
+        'fixture' => 'sec.2.0-rc2-b',

    These lines should also remove the rename (of 0.2 to 2.0).

mikelutz’s picture

mikelutz
He/Him
Primary language English
Location Michigan, USA
commented
StatusFileSize
new 2995076-12.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch14.38 KB
new interdiff.2995076.5-10.txt9.59 KB
new interdiff.2995076.10-12.txt2.11 KB
xjm’s picture

xjm
she/her
Primary language English
commented
Status: Needs work » Needs review

Thanks @mikelutz!

xjm’s picture

xjm
she/her
Primary language English
commented 
  1. +++ b/core/modules/update/tests/src/Functional/UpdateCoreTest.php
@@ -264,15 +264,15 @@ public function securityUpdateAvailabilityProvider() {
-        'fixture' => 'sec.0.2-rc2',
...
+        'fixture' => 'sec.2.0-rc2',

    Ah just two more bits of the old patch here. Since that's a small fix I think I can make it and still be eligible to be the reviewer. :) 

  2. +++ b/core/modules/update/tests/src/Functional/UpdateCoreTest.php
@@ -283,15 +283,15 @@ public function securityUpdateAvailabilityProvider() {
-        'fixture' => 'sec.0.2-rc2',
...
+        'fixture' => 'sec.2.0-rc2',

    One more bit here. :)

mikelutz’s picture

mikelutz
He/Him
Primary language English
Location Michigan, USA
commented
StatusFileSize
new 2995076-15.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch14.31 KB
new interdiff.2995076.12-15.txt1.07 KB

I'm just removing what I'm told, I wasn't involved to know exactly what to look for. :-)

The last submitted patch, 10: 2995076-10.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch, failed testing. View results

mradcliffe’s picture

mradcliffe
he/him
Primary language English
commented

Thanks, @mikelutz. I looked at the patch in #15, and confirmed that @xjm's comments in #14 were addressed. I did not find any 'fixture' => 'sec.2.0 strings in the patch. I also went through #1, #2, #3 #4 and #5 in the issue summary are applied in the patch. Let's see if #15 passes. :-)

The last submitted patch, 12: 2995076-12.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch, failed testing. View results

Status: Needs review » Needs work

The last submitted patch, 15: 2995076-15.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch, failed testing. View results

xjm’s picture

xjm
she/her
Primary language English
commented
Status: Needs work » Needs review
StatusFileSize
new update-2995076-15.patch14.31 KB
new update-interdiff-15.txt837 bytes

Ah I think I know what needs to fix here. In this one ternary it's the name of the release rather than the fixture. This is why we'll want to rename the fixture eventually, very confusing. :P

Anyway this should pass I think. Thanks @mradcliffe and @mikelutz for finishing this up! Let's just make sure my small change fixes the fail.

xjm credited tedbow.

xjm’s picture

xjm
she/her
Primary language English
commented

Adding credit for Ted as he wrote this test addition originally.

mikelutz’s picture

mikelutz
He/Him
Primary language English
Location Michigan, USA
commented
StatusFileSize
new 2995076-23.drupal.Let-UpdateTestBase-check-for-multiple-status-messages.patch14.31 KB
new interdiff.2995076.15-23.txt837 bytes

I think I change a 2.0 to 0.2 that I shouldn't have. Try this.

mikelutz’s picture

mikelutz
He/Him
Primary language English
Location Michigan, USA
commented

Actually, you beat me to it, lol.

The last submitted patch, , failed testing. View results

xjm’s picture

xjm
she/her
Primary language English
commented

Great minds think alike!

samuel.mortenson’s picture

samuel.mortenson
he/him
Primary language English
commented
Status: Needs review » Reviewed & tested by the community

LGTM.

xjm’s picture

xjm
she/her
Primary language English
commented

I posted #2995367: Fix update module test fixture names for 8.2.0-rc2 sample data for the fixture name issue.

xjm’s picture

xjm
she/her
Primary language English
commented
Status: Reviewed & tested by the community » Needs review 
+++ b/core/modules/update/tests/src/Functional/UpdateCoreTest.php
@@ -264,7 +264,7 @@ public function securityUpdateAvailabilityProvider() {
-        'update_available' => TRUE,
+        'expected_update_message_type' => static::SECURITY_UPDATE_REQUIRED,

This case is interesting because it was a TRUE before instead of FALSE. That was a bug. The only reason it passed was that the "update available" block was checked in an else block for the condition:

    if ($expected_security_releases) {

This makes me wonder if we should remove the outer else, because otherwise we aren't testing everything we think we are. Thoughts?

mikelutz’s picture

mikelutz
He/Him
Primary language English
Location Michigan, USA
commented 
       // Security release available for site minor release 0.
@@ -264,7 +264,7 @@ public function securityUpdateAvailabilityProvider() {
       '0.0, 0.2 1.2' => [
         'site_patch_version' => '0.0',
         'expected_security_releases' => ['0.2', '1.2', '2.0-rc2'],
-        'update_available' => TRUE,
+        'expected_update_message_type' => static::SECURITY_UPDATE_REQUIRED,
         'fixture' => 'sec.0.2-rc2',
       ],

I only have a cursory understanding of this one, but if you are on 0.0 and there is a 0.2 and a 1.2, should it not be update_available => TRUE?

$expected_security_releases is true for this one, so the else block shouldn't come into play, unless I'm reading it wrong. Before, there should have been an update available because the update is on the same minor branch, and now it's specifically a security update on the same minor.

I may be completely off, again, I've only started on this today, and from what I overheard at #MWDS

xjm’s picture

xjm
she/her
Primary language English
commented

There are two different messages that are displayed -- "Security update required!" and "Update available". They should not both appear at the same time as far as I know. So when there's a security update required, there shouldn't be any "update available" message, so the previous test was bugged and not actually testing what it seemed to be.

xjm’s picture

xjm
she/her
Primary language English
commented

This is the diff I'm thinking (plus appropriate reindentation):

diff --git a/core/modules/update/tests/src/Functional/UpdateTestBase.php b/core/modules/update/tests/src/Functional/UpdateTestBase.php
index 1daa8801e0..aaa56bb8d1 100644
--- a/core/modules/update/tests/src/Functional/UpdateTestBase.php
+++ b/core/modules/update/tests/src/Functional/UpdateTestBase.php
@@ -153,6 +153,7 @@ protected function assertSecurityUpdates($project_path_part, array $expected_sec
       $this->assertEquals([], $all_security_release_urls);
       $this->assertEquals([], $all_security_download_urls);
       $assert_session->pageTextNotContains('Security update required!');
+    }
       if ($expected_update_message_type === static::UPDATE_AVAILABLE) {
         $assert_session->elementTextContains('css', $update_element_css_locator, 'Update available');
         $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Up to date');
@@ -165,6 +166,5 @@ protected function assertSecurityUpdates($project_path_part, array $expected_sec
         $this->fail('Unexpected value for $expected_update_message_type: ' . $expected_update_message_type);
       }
     }
-  }
 
 }

That way we run the tests for any expected message regardless of their order in the test, and can't accidentally create a test scenario that doesn't test what it's supposed to. Thoughts?

mikelutz’s picture

mikelutz
He/Him
Primary language English
Location Michigan, USA
commented

Nevermind, I see it. I think that while the logic was iffy before, with this update, it rather fixes itself.

Prior to this, updates_available in the data set was ignored if there were security updates available, but it still checked for the proper showing of 'Security update required' and !'Update Available'. Whether update_available should have been FALSE and not TRUE in the data set could be debatable. There WAS technically an update available, but the page still shouldn't show "Update available" and ultimately the test itself tested for the right text by ignoring that key because the security update trumped it.

It's still testing for the right text now, but the 'expected_update_message_type' is used whether there is a higher security version or not, so I don't see a reason to refactor the else.

The only thing I might say is that we have 

      if ($expected_update_message_type === static::SECURITY_UPDATE_REQUIRED) {
        $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Update available');
        $assert_session->elementTextContains('css', $update_element_css_locator, 'Security update required!');
        $assert_session->responseContains('error.svg', 'Error icon was found.');
      }
      else {
        $assert_session->elementTextContains('css', $update_element_css_locator, 'Update available');
        $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Security update required!');
      }
      $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Up to date');

If there are security releases and 

      if ($expected_update_message_type === static::UPDATE_AVAILABLE) {
        $assert_session->elementTextContains('css', $update_element_css_locator, 'Update available');
        $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Up to date');
      }
      elseif ($expected_update_message_type === static::UPDATE_NONE) {
        $assert_session->elementTextNotContains('css', $update_element_css_locator, 'Update available');
        $assert_session->elementTextContains('css', $update_element_css_locator, 'Up to date');
      }
      else {
        $this->fail('Unexpected value for $expected_update_message_type: ' . $expected_update_message_type);
      }

if there aren't. Since the only two acceptable messages if there are security releases higher than what we are on is UPDATE_AVAILABLE or SECURITY_UPDATE_REQUIRED, we could make the top block look like the bottom and fail if we got anything other than those two in the top block, but that is testing the test, not the code, so I don't know how important it is.

mikelutz’s picture

mikelutz
He/Him
Primary language English
Location Michigan, USA
commented

I think with that diff, you would hit the fail $this->fail('Unexpected value for $expected_update_message_type: ' . $expected_update_message_type); on $expected_update_message_type == SECURITY_UPDATE_REQUIRED, right?

You already check for the UPDATE_AVAILABLE text in the block above now.

xjm’s picture

xjm
she/her
Primary language English
commented
Status: Needs review » Reviewed & tested by the community

Ah, good catch! Thanks @mikelutz for the review.

Setting back to RTBC since I think this sufficiently addresses my questions. I'll commit this shortly.

  • xjm committed cd9f5a7 on 8.7.x 
    Issue #2995076 by mikelutz, benjamindamron, mradcliffe, xjm, samuel....

  • xjm committed 3811094 on 8.6.x 
    Issue #2995076 by mikelutz, benjamindamron, mradcliffe, xjm, samuel....

  • xjm committed 243176c on 8.5.x 
    Issue #2995076 by mikelutz, benjamindamron, mradcliffe, xjm, samuel....
xjm’s picture

xjm
she/her
Primary language English
commented
Version: 8.6.x-dev » 8.5.x-dev
Status: Reviewed & tested by the community » Fixed

Alright, committed and pushed to 8.7.x, 8.6.x, and 8.5.x (as testing support for fixes we will also need to backport to 8.5.x for #2909665: [plan] Extend security support to cover the previous minor version of Drupal).

Thanks everyone for the quick turnaround on this issue!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.