->save(); $this->drupalGet('admin/people', [ // Sort the table by username so that we know reliably which user will be
// targeted with the blocking action.
'query' => ['order' => 'name', 'sort' => 'asc'], ]); $this->submitForm($edit, 'Apply to selected items'); $site_name = $this->config('system.site')->get('name'); $this->assertMailString('body', 'Your account on ' . $site_name . ' has been blocked.', 1, 'Blocked message found in the mail sent to user C.'); $user_storage->resetCache([$user_c->id()]); $account = $user_storage->load($user_c->id()); $this->assertTrue($account->isBlocked(), 'User C blocked');
// Test unblocking of a user from /admin/people page and sending of activation mail
$editunblock = []; $editunblock['action'] = 'user_unblock_user_action'; $editunblock['user_bulk_form[4]'] = TRUE;
// Test out different setting User Registration and Email Verification.
// Allow visitors to register with no email verification.
$config->set('register', UserInterface::REGISTER_VISITORS); $config->set('verify_mail', 0); $config->save(); $user = $this->registerUser('Palmer.Eldritch'); $this->assertFalse($user->isBlocked()); $this->assertNotEmpty($user->getPassword()); $email_count = count($this->drupalGetMails());
// Attempt to register without sending a password.
$response = $this->registerRequest('Rick.Deckard', FALSE); $this->assertResourceErrorResponse(422, "No password provided.", $response);
// Attempt to register with a password when e-mail verification is on.
$config->set('register', UserInterface::REGISTER_VISITORS);
// Test that the anonymous and administrators languages are equal to the
// site's default language.
$this->assertEquals('en', $anon->language()->getId()); $this->assertEquals('en', $admin->language()->getId());
// Test that the administrator is active.
$this->assertTrue($admin->isActive()); // Test that the anonymous user is blocked.
$this->assertTrue($anon->isBlocked()); }
}
classUnblockUserextends ActionBase {
/**
* {@inheritdoc}
*/ publicfunctionexecute($account = NULL){ // Skip unblocking user if they are already unblocked.
if($account !== FALSE && $account->isBlocked()){ $account->activate(); $account->save(); } }
// Ensure the user's langcode, preferred_langcode and
// preferred_admin_langcode are valid.
// $user->getPreferredLangcode() might fallback to default language if the
// user preferred language is not configured on the site. We just want to
// test if the value was imported correctly.
$language_manager = $this->container->get('language_manager'); $default_langcode = $language_manager->getDefaultLanguage()->getId(); if($prefered_langcode == ''){ $this->assertSame('en', $user->langcode->value); $this->assertSame($default_langcode, $user->preferred_langcode->value);
// Ensure the user's langcode, preferred_langcode and
// preferred_admin_langcode are valid.
// $user->getPreferredLangcode() might fallback to default language if the
// user preferred language is not configured on the site. We just want to
// test if the value was imported correctly.
$language_manager = $this->container->get('language_manager');
$this->submitForm([], 'Confirm'); $this->assertSession()->pageTextContains('A confirmation request to cancel your account has been sent to your email address.');
// Confirm that the confirmation message made it through to the end user.
$this->assertSession()->pageTextContains("Account {$account->getAccountName()} has been disabled."); }
/**
* Disable account and unpublish all content.
*/ publicfunctiontestUserBlockUnpublish(){ $node_storage = $this->container->get('entity_type.manager')->getStorage('node'); $this->config('user.settings')->set('cancel_method', 'user_cancel_block_unpublish')->save();
/**
* Tests if users that may not be edited, can not be edited in bulk.
*/ publicfunctiontestUserEditAccess(){ // Create an authenticated user.
$no_edit_user = $this->drupalCreateUser([], 'no_edit'); // Ensure this account is not blocked.
$this->assertFalse($no_edit_user->isBlocked(), 'The user is not blocked.');
// Log in as user admin.
$admin_user = $this->drupalCreateUser(['administer users']); $this->drupalLogin($admin_user);
// Block a user using the bulk form.
$this->assertTrue($account->isActive(), 'The user is not blocked.'); $this->assertSession()->pageTextContains($account->label()); $edit = [ 'user_bulk_form[1]' => TRUE, 'action' => 'user_block_user_action', ]; $this->submitForm($edit, 'Apply to selected items'); // Re-load the user and check their status.
$user_storage->resetCache([$account->id()]); $account = $user_storage->load($account->id()); $this->assertTrue($account->isBlocked(), 'The user is blocked.'); $this->assertSession()->pageTextNotContains($account->label());
// Remove the user status filter from the view.
$view = Views::getView('test_user_bulk_form'); $view->removeHandler('default', 'filter', 'status'); $view->storage->save();
/**
* Tests that the anonymous user cannot be activated.
*/ publicfunctiontestAnonymousActivate(){ $accountAnon = \Drupal::entityTypeManager()->getStorage('user')->load(0);
// Test that the anonymous user is blocked.
$this->assertTrue($accountAnon->isBlocked());
// Test that the anonymous user cannot be activated.
$this->expectException(\LogicException::class); $this->expectExceptionMessage('The anonymous user account should remain blocked at all times.'); $accountAnon->activate(); }
$this->assertNotNull($account, 'User is not deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method); $this->assertTrue($account->isBlocked(), 'User is blocked after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
$node_storage = $this->container->get('entity_type.manager')->getStorage('node'); $node_storage->resetCache([$node->id()]); $test_node = $node_storage->load($node->id()); $this->assertNotNull($test_node, 'Node of the user is not deleted.'); $this->assertTrue($test_node->isPublished(), 'Node of the user is published.'); $test_node = $node_storage->loadRevision($node->getRevisionId()); $this->assertTrue($test_node->isPublished(), 'Node revision of the user is published.'); }
/**
* Tests if JSON:API respects user.settings.cancel_method: user_cancel_block_unpublish.
*/
return$access; }
// User administrators should always have access to personal contact forms.
$permission_access = AccessResult::allowedIfHasPermission($account, 'administer users'); if($permission_access->isAllowed()){ return$access->orIf($permission_access); }
// If requested user has been blocked, do not allow users to contact them.
$access->addCacheableDependency($contact_account); if($contact_account->isBlocked()){ return$access; }
// Forbid access if the requested user has disabled their contact form.
$account_data = $this->userData->get('contact', $contact_account->id(), 'enabled'); if(isset($account_data) && !$account_data){ return$access; }
// If the requested user did not save a preference yet, deny access if the
// configured default is disabled.