getAnonymousUser example

    $this->drupalLogin($attacker_user);

    // Perform tests using the newly created users.     $this->doTestTemporaryFileRemovalExploit($victim_user$attacker_user);
  }

  /** * Tests exploiting the temporary file removal for anonymous users using fid. */
  public function testTemporaryFileRemovalExploitAnonymous() {
    // Set up an anonymous victim user.     $victim_user = User::getAnonymousUser();

    // Set up an anonymous attacker user.     $attacker_user = User::getAnonymousUser();

    // Set up permissions for anonymous attacker user.     user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
      'access content' => TRUE,
      'create article content' => TRUE,
      'edit any article content' => TRUE,
    ]);

    
$dblog = $this->database->query('SELECT [w].*, [u].[uid] FROM {watchdog} [w] LEFT JOIN {users} [u] ON [u].[uid] = [w].[uid] WHERE [w].[wid] = :id', [':id' => $event_id])->fetchObject();

    if (empty($dblog)) {
      throw new NotFoundHttpException();
    }

    $build = [];
    $severity = RfcLogLevel::getLevels();
    $message = $this->formatMessage($dblog);
    $username = [
      '#theme' => 'username',
      '#account' => $dblog->uid ? $this->userStorage->load($dblog->uid) : User::getAnonymousUser(),
    ];
    $rows = [
      [
        ['data' => $this->t('Type'), 'header' => TRUE],
        $this->t($dblog->type),
      ],
      [
        ['data' => $this->t('Date'), 'header' => TRUE],
        $this->dateFormatter->format($dblog->timestamp, 'long'),
      ],
      [
        [
$this->submitForm(['action' => 'node_assign_owner_action'], 'Create');

    // Get the autocomplete URL of the owner_uid textfield.     $autocomplete_field = $this->getSession()->getPage()->findField('owner_uid');
    $autocomplete_url = $this->getAbsoluteUrl($autocomplete_field->getAttribute('data-autocomplete-path'));

    // Make sure that autocomplete works.     $user = $this->drupalCreateUser();
    $data = Json::decode($this->drupalGet($autocomplete_url['query' => ['q' => $user->getDisplayName(), '_format' => 'json']]));
    $this->assertNotEmpty($data);

    $anonymous = User::getAnonymousUser();
    // Ensure that the anonymous user exists.     $this->assertNotNull($anonymous);
    // Make sure the autocomplete does not show the anonymous user.     $data = Json::decode($this->drupalGet($autocomplete_url['query' => ['q' => $anonymous->getDisplayName(), '_format' => 'json']]));
    $this->assertEmpty($data);

  }

}
// Confirm account cancellation.     $timestamp = time();
    $this->submitForm([], 'Confirm');
    $this->assertSession()->pageTextContains('A confirmation request to cancel your account has been sent to your email address.');

    // Confirm account cancellation request.     $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account$timestamp));
    $user_storage->resetCache([$account->id()]);
    $this->assertNull($user_storage->load($account->id()), 'User is not found in the database.');

    // Confirm that user's content has been attributed to anonymous user.     $anonymous_user = User::getAnonymousUser();
    $node_storage->resetCache([$node->id()]);
    $test_node = $node_storage->load($node->id());
    $this->assertEquals(0, $test_node->getOwnerId(), 'Node of the user has been attributed to anonymous user.');
    $this->assertTrue($test_node->isPublished());
    $test_node = $node_storage->loadRevision($revision);
    $this->assertEquals(0, $test_node->getRevisionUser()->id(), 'Node revision of the user has been attributed to anonymous user.');
    $this->assertTrue($test_node->isPublished());
    $node_storage->resetCache([$revision_node->id()]);
    $test_node = $node_storage->load($revision_node->id());
    $this->assertNotEquals(0, $test_node->getOwnerId(), "Current revision of the user's node was not attributed to anonymous user.");
    $this->assertTrue($test_node->isPublished());

    

  public function testFileCacheability() {
    $file = File::create([
      'filename' => 'green-scarf',
      'uri' => 'private://green-scarf',
      'filemime' => 'text/plain',
    ]);
    $file->setPermanent();
    $file->save();
    \Drupal::service('session')->set('anonymous_allowed_file_ids', [$file->id() => $file->id()]);

    $account = User::getAnonymousUser();
    $file->setOwnerId($account->id())->save();
    $this->assertSame(['session', 'user']$file->access('view', $account, TRUE)->getCacheContexts());
    $this->assertSame(['session', 'user']$file->access('download', $account, TRUE)->getCacheContexts());

    $account = $this->createUser();
    $file->setOwnerId($account->id())->save();
    $this->assertSame(['user']$file->access('view', $account, TRUE)->getCacheContexts());
    $this->assertSame(['user']$file->access('download', $account, TRUE)->getCacheContexts());
  }

}
$this->nodeStorage->resetCache([$node->id()]);
    $node = $this->nodeStorage->load($node->id());
    $uid = $node->getOwnerId();
    // Most SQL database drivers stringify fetches but entities are not     // necessarily stored in a SQL database. At the same time, NULL/FALSE/""     // won't do.     $this->assertTrue($uid === 0 || $uid === '0', 'Node authored by anonymous user.');

    // Go back to the edit form and check that the correct value is displayed     // in the author widget.     $this->drupalGet('node/' . $node->id() . '/edit');
    $anonymous_user = User::getAnonymousUser();
    $expected = $anonymous_user->label() . ' (' . $anonymous_user->id() . ')';
    $this->assertSession()->fieldValueEquals($form_element_name$expected);

    // Change the authored by field to another user's name (that is not     // logged in).     $edit[$form_element_name] = $this->webUser->getAccountName();
    $this->submitForm($edit, 'Save');
    $this->nodeStorage->resetCache([$node->id()]);
    $node = $this->nodeStorage->load($node->id());
    $this->assertSame($this->webUser->id()$node->getOwnerId(), 'Node authored by normal user.');
  }

}
$fields = \Drupal::service('entity_field.manager')->getFieldStorageDefinitions($values['entity_type']);
      $values['comment_type'] = $fields[$values['field_name']]->getSetting('comment_type');
    }
  }

  /** * {@inheritdoc} */
  public function getOwner() {
    $user = $this->get('uid')->entity;
    if (!$user || $user->isAnonymous()) {
      $user = User::getAnonymousUser();
      $user->name = $this->getAuthorName();
      $user->homepage = $this->getHomepage();
    }
    return $user;
  }

  /** * Get the comment type ID for this comment. * * @return string * The ID of the comment type. */
'name' => 'test name',
    ]);
    $user->save();

    $result = $user->{$this->fieldName}->view(['type' => 'user_name']);
    $this->assertEquals('username', $result[0]['#theme']);
    $this->assertEquals(spl_object_hash($user)spl_object_hash($result[0]['#account']));

    $result = $user->{$this->fieldName}->view(['type' => 'user_name', 'settings' => ['link_to_entity' => FALSE]]);
    $this->assertEquals($user->getDisplayName()$result[0]['#markup']);

    $user = User::getAnonymousUser();

    $result = $user->{$this->fieldName}->view(['type' => 'user_name']);
    $this->assertEquals('username', $result[0]['#theme']);
    $this->assertEquals(spl_object_hash($user)spl_object_hash($result[0]['#account']));

    $result = $user->{$this->fieldName}->view(['type' => 'user_name', 'settings' => ['link_to_entity' => FALSE]]);
    $this->assertEquals($user->getDisplayName()$result[0]['#markup']);
    $this->assertEquals($this->config('user.settings')->get('anonymous')$result[0]['#markup']);
  }

}
$this->assertEquals($object->access($op$account)$result$message);
    }
  }

  /** * Ensures user labels are accessible for everyone. */
  public function testUserLabelAccess() {
    // Set up a non-admin user.     \Drupal::currentUser()->setAccount($this->createUser([], NULL, FALSE, ['uid' => 2]));

    $anonymous_user = User::getAnonymousUser();
    $user = $this->createUser();

    // The current user is allowed to view the anonymous user label.     $this->assertEntityAccess([
      'create' => FALSE,
      'update' => FALSE,
      'delete' => FALSE,
      'view' => FALSE,
      'view label' => TRUE,
    ]$anonymous_user);

    
Home | Imprint | This part of the site doesn't use cookies.