function BasicAuthTest::testBasicAuth

Same name in other branches
  1. 9 core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php \Drupal\Tests\basic_auth\Functional\BasicAuthTest::testBasicAuth()
  2. 8.9.x core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php \Drupal\Tests\basic_auth\Functional\BasicAuthTest::testBasicAuth()
  3. 11.x core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php \Drupal\Tests\basic_auth\Functional\BasicAuthTest::testBasicAuth()

Tests http basic authentication.

File

core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php, line 42

Class

BasicAuthTest
Tests for BasicAuth authentication provider.

Namespace

Drupal\Tests\basic_auth\Functional

Code

public function testBasicAuth() : void {
    // Enable page caching.
    $config = $this->config('system.performance');
    $config->set('cache.page.max_age', 300);
    $config->save();
    $account = $this->drupalCreateUser();
    $url = Url::fromRoute('router_test.11');
    // Ensure we can log in with valid authentication details.
    $this->basicAuthGet($url, $account->getAccountName(), $account->pass_raw);
    $this->assertSession()
        ->pageTextContains($account->getAccountName());
    $this->assertSession()
        ->statusCodeEquals(200);
    $this->mink
        ->resetSessions();
    $this->assertSession()
        ->responseHeaderDoesNotExist('X-Drupal-Cache');
    // Check that Cache-Control is not set to public.
    $this->assertSession()
        ->responseHeaderNotContains('Cache-Control', 'public');
    // Ensure that invalid authentication details give access denied.
    $this->basicAuthGet($url, $account->getAccountName(), $this->randomMachineName());
    $this->assertSession()
        ->pageTextNotContains($account->getAccountName());
    $this->assertSession()
        ->statusCodeEquals(403);
    $this->mink
        ->resetSessions();
    // Ensure that the user is prompted to authenticate if they are not yet
    // authenticated and the route only allows basic auth.
    $this->drupalGet($url);
    $this->assertSession()
        ->responseHeaderEquals('WWW-Authenticate', 'Basic realm="' . \Drupal::config('system.site')->get('name') . '"');
    $this->assertSession()
        ->statusCodeEquals(401);
    // Ensure that a route without basic auth defined doesn't prompt for auth.
    $this->drupalGet('admin');
    $this->assertSession()
        ->statusCodeEquals(403);
    $account = $this->drupalCreateUser([
        'access administration pages',
    ]);
    // Ensure that a route without basic auth defined doesn't allow login.
    $this->basicAuthGet(Url::fromRoute('system.admin'), $account->getAccountName(), $account->pass_raw);
    $this->assertSession()
        ->linkNotExists('Log out', 'User is not logged in');
    $this->assertSession()
        ->statusCodeEquals(403);
    $this->mink
        ->resetSessions();
    // Ensure that pages already in the page cache aren't returned from page
    // cache if basic auth credentials are provided.
    $url = Url::fromRoute('router_test.10');
    $this->drupalGet($url);
    $this->assertSession()
        ->responseHeaderEquals('X-Drupal-Cache', 'MISS');
    $this->basicAuthGet($url, $account->getAccountName(), $account->pass_raw);
    $this->assertSession()
        ->responseHeaderDoesNotExist('X-Drupal-Cache');
    // Check that Cache-Control is not set to public.
    $this->assertSession()
        ->responseHeaderNotContains('Cache-Control', 'public');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.