CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
getSessionCookies example
$this->drupalGet('session-test/get');
$this->assertSession()->statusCodeEquals(200);
}
/** * Assert whether the test browser sent a session cookie. * * @internal */
public function assertSessionCookie(bool $sent): void {
if ($sent) {
$this->assertNotEmpty($this->getSessionCookies()->count(), 'Session cookie was sent.');
}
else {
$this->assertEmpty($this->getSessionCookies()->count(), 'Session cookie was not sent.');
}
}
/** * Assert whether $_SESSION is empty at the beginning of the request. * * @internal */
$this->assertSession()->statusCodeEquals(200);
}
/** * Assert whether the test browser sent a session cookie. * * @internal */
public function assertSessionCookie(bool $sent): void {
if ($sent) {
$this->assertNotEmpty($this->getSessionCookies()->count(), 'Session cookie was sent.');
}
else {
$this->assertEmpty($this->getSessionCookies()->count(), 'Session cookie was not sent.');
}
}
/** * Assert whether $_SESSION is empty at the beginning of the request. * * @internal */
$post_options = [
'headers' => ['Accept' => 'text/plain'],
'http_errors' => FALSE,
];
// Test that access is allowed for anonymous user with no token in header. $result = $client->post($url, $post_options);
$this->assertEquals(200, $result->getStatusCode());
// Add cookies to POST options so that all other requests are for the // authenticated user. $post_options['cookies'] = $this->getSessionCookies();
// Test that access is denied with no token in header. $result = $client->post($url, $post_options);
$this->assertEquals(403, $result->getStatusCode());
// Test that access is allowed with correct token in header. $post_options['headers']['X-CSRF-Token'] = $csrf_token;
$result = $client->post($url, $post_options);
$this->assertEquals(200, $result->getStatusCode());
// Test that access is denied with incorrect token in header.
'headers' => ['Accept' => 'text/plain'],
'http_errors' => FALSE,
];
// Test that access is allowed for anonymous user with no token in header. $result = $client->post($url, $post_options);
$this->assertEquals(200, $result->getStatusCode());
// Add cookies to POST options so that all other requests are for the // authenticated user. $post_options['cookies'] = $this->getSessionCookies();
// Test that access is denied with no token in header. $result = $client->post($url, $post_options);
$this->assertEquals(403, $result->getStatusCode());
// Test that access is allowed with correct token in header. $post_options['headers']['X-CSRF-Token'] = $csrf_token;
$result = $client->post($url, $post_options);
$this->assertEquals(200, $result->getStatusCode());
// Test that access is denied with incorrect token in header.
// filters: resulting content when viewed was already vulnerable, so
// it must be intentional.
'unrestricted_without_editor' => FALSE,
],
],
];
// Log in as the privileged user, and for every sample, do the following: // - switch to every other text format/editor // - assert the XSS-filtered values that we get from the server $this->drupalLogin($this->privilegedUser);
$cookies = $this->getSessionCookies();
foreach ($expected as $case) {
$this->drupalGet('node/' . $case['node_id'] . '/edit');
// Verify data- attributes. $body = $this->assertSession()->fieldExists('edit-body-0-value');
$this->assertSame(self::$sampleContent, $body->getAttribute('data-editor-value-original'), 'The data-editor-value-original attribute is correctly set.');
$this->assertSame('false', (string) $body->getAttribute('data-editor-value-is-changed'), 'The data-editor-value-is-changed attribute is correctly set.');
// Switch to every other text format/editor and verify the results. foreach ($case['switch_to'] as $format => $expected_filtered_value) {
],
],
];
// Log in as the privileged user, and for every sample, do the following: // - switch to every other text format/editor // - assert the XSS-filtered values that we get from the server $this->drupalLogin($this->privilegedUser);
$cookies = $this->getSessionCookies();
foreach ($expected as $case) {
$this->drupalGet('node/' . $case['node_id'] . '/edit');
// Verify data- attributes. $body = $this->assertSession()->fieldExists('edit-body-0-value');
$this->assertSame(self::$sampleContent, $body->getAttribute('data-editor-value-original'), 'The data-editor-value-original attribute is correctly set.');
$this->assertSame('false', (string) $body->getAttribute('data-editor-value-is-changed'), 'The data-editor-value-is-changed attribute is correctly set.');
// Switch to every other text format/editor and verify the results. foreach ($case['switch_to'] as $format => $expected_filtered_value) {
$this->assertContextualLinkPlaceHolder($id);
$http_client = $this->getHttpClient();
$url = Url::fromRoute('contextual.render', [], [
'query' => [
'_format' => 'json',
'destination' => 'node',
],
])->setAbsolute()->toString();
$response = $http_client->request('POST', $url, [
'cookies' => $this->getSessionCookies(),
'form_params' => ['ids' => [$id], 'tokens' => []],
'http_errors' => FALSE,
]);
$this->assertEquals('400', $response->getStatusCode());
$this->assertStringContainsString('No contextual ID tokens specified.', (string) $response->getBody());
$response = $http_client->request('POST', $url, [
'cookies' => $this->getSessionCookies(),
'form_params' => ['ids' => [$id], 'tokens' => ['wrong_token']],
'http_errors' => FALSE,
]);
$http_client = $this->getHttpClient();
$url = Url::fromRoute('contextual.render', [], [
'query' => [
'_format' => 'json',
'destination' => 'node',
],
])->setAbsolute()->toString();
$response = $http_client->request('POST', $url, [
'cookies' => $this->getSessionCookies(),
'form_params' => ['ids' => [$id], 'tokens' => []],
'http_errors' => FALSE,
]);
$this->assertEquals('400', $response->getStatusCode());
$this->assertStringContainsString('No contextual ID tokens specified.', (string) $response->getBody());
$response = $http_client->request('POST', $url, [
'cookies' => $this->getSessionCookies(),
'form_params' => ['ids' => [$id], 'tokens' => ['wrong_token']],
'http_errors' => FALSE,
]);
protected $defaultTheme = 'stark';
/** * Tests a request. */
public function testRequest() {
$options['query'][MainContentViewSubscriber::WRAPPER_FORMAT] = 'drupal_ajax';
$headers[] = 'X-Requested-With: XMLHttpRequest';
$actual_trace = json_decode($this->drupalGet('session-test/trace-handler', $options, $headers));
$sessionId = $this->getSessionCookies()->getCookieByName($this->getSessionName())->getValue();
$expect_trace = [
['BEGIN', 'test_argument', 'open'],
['BEGIN', NULL, 'open'],
['END', NULL, 'open'],
['END', 'test_argument', 'open'],
['BEGIN', 'test_argument', 'read', $sessionId],
['BEGIN', NULL, 'read', $sessionId],
['END', NULL, 'read', $sessionId],
['END', 'test_argument', 'read', $sessionId],
['BEGIN', 'test_argument', 'write', $sessionId],
['BEGIN', NULL, 'write', $sessionId],
[
protected function getNodeReadTimestamps(array $node_ids) {
// Perform HTTP request. $http_client = $this->getHttpClient();
$url = Url::fromRoute('history.get_last_node_view')
->setAbsolute()
->toString();
return $http_client->request('POST', $url, [
'form_params' => ['node_ids' => $node_ids],
'cookies' => $this->getSessionCookies(),
'http_errors' => FALSE,
]);
}
/** * Mark a node as read for the current user. * * @param int $node_id * A node ID. * * @return \Psr\Http\Message\ResponseInterface * The response body. */
// A route that is authorized through basic_auth only, not cookie.
$no_cookie_url = Url::fromRoute('session_test.get_session_basic_auth');
// A route that is authorized with standard cookie authentication. $cookie_url = 'user/login';
// If we authenticate with a third party authentication system then no // session cookie should be set, the third party system is responsible for // sustaining the session. $this->basicAuthGet($no_cookie_url, $this->user->getAccountName(), $this->user->passRaw);
$this->assertSession()->statusCodeEquals(200);
$this->assertEmpty($this->getSessionCookies());
// Mink stores some information in the session that breaks the next check if // not reset. $this->getSession()->restart();
// On the other hand, authenticating using Cookie sets a cookie. $this->drupalGet($cookie_url);
$this->assertEmpty($this->getSessionCookies());
$edit = ['name' => $this->user->getAccountName(), 'pass' => $this->user->passRaw];
$this->drupalGet($cookie_url);
$this->submitForm($edit, 'Log in');
$this->assertNotEmpty($this->getSessionCookies());
}
// A route that is authorized with standard cookie authentication. $cookie_url = 'user/login';
// If we authenticate with a third party authentication system then no // session cookie should be set, the third party system is responsible for // sustaining the session. $this->basicAuthGet($no_cookie_url, $this->user->getAccountName(), $this->user->passRaw);
$this->assertSession()->statusCodeEquals(200);
$this->assertEmpty($this->getSessionCookies());
// Mink stores some information in the session that breaks the next check if // not reset. $this->getSession()->restart();
// On the other hand, authenticating using Cookie sets a cookie. $this->drupalGet($cookie_url);
$this->assertEmpty($this->getSessionCookies());
$edit = ['name' => $this->user->getAccountName(), 'pass' => $this->user->passRaw];
$this->drupalGet($cookie_url);
$this->submitForm($edit, 'Log in');
$this->assertNotEmpty($this->getSessionCookies());
}
[
'name' => 'op',
'contents' => 'Submit',
],
[
'name' => 'files[file_test_upload]',
'contents' => 'Test content',
'filename' => $filename,
],
],
'cookies' => $this->getSessionCookies(),
'http_errors' => FALSE,
];
$this->assertFileDoesNotExist('temporary://' . $filename);
// Use Guzzle's HTTP client directly so we can POST files without having to // write them to disk. Not all filesystem support writing files with invalid // UTF-8 filenames. $response = $this->getHttpClient()->request('POST', Url::fromUri('base:file-test/upload')->setAbsolute()->toString(), $data);
$content = (string) $response->getBody();
$this->htmlOutput($content);
protected function renderNewCommentsNodeLinks(array $node_ids) {
$client = $this->getHttpClient();
$url = Url::fromRoute('comment.new_comments_node_links');
return $client->request('POST', $this->buildUrl($url), [
'cookies' => $this->getSessionCookies(),
'http_errors' => FALSE,
'form_params' => [
'node_ids' => $node_ids,
'field_name' => 'comment',
],
]);
}
/** * Tests new comment marker. */