'Protected node global password feature', 'description' => "This tests global features in case of global password protection", 'group' => 'Protected Node', ); } /** * {@inheritdoc} */ public function setUp() { parent::setUp(); // Generate random password. $this->global_password = $this->randomName(10); // Log in an Admin. $this->drupalLogin($this->adminUser); // Submit the configuration form. $protected_node_settings = array( 'protected_node_use_global_password' => PROTECTED_NODE_GLOBAL_PASSWORD, 'protected_node_global_password_field[pass1]' => $this->global_password, 'protected_node_global_password_field[pass2]' => $this->global_password, ); $this->drupalPost('admin/config/content/protected_node', $protected_node_settings, t('Save configuration')); } /** * Test that the password is well hashed when stored. */ public function testHash() { $hashed_global_password = hash('sha256', $this->global_password); $stored_global_password = variable_get('protected_node_global_password'); $this->assertEqual($stored_global_password, $hashed_global_password, "The global password is stored hashed and the value correspond to the global password.", $this->group); } /** * Test function. * * Test that a node protected with global protection can be seen with the * right password. */ public function testAllowedView() { // Log in as Admin. $this->drupalLogin($this->adminUser); // Create a new page node. $node = $this->createProtectedNode(); // Once the node created logout the user. $this->drupalLogout(); // An authenticated user sees the node. $this->drupalLogin($this->normalAccessAllowedUser); $form = array('password' => $this->global_password); $this->drupalPost('node/' . $node->nid, $form, t('OK')); $text = $node->body[LANGUAGE_NONE][0]['value']; $this->assertText($text, "User with right permission can access a protected node with right password", $this->group); } /** * Test function. * * Test that a node protected with global protection can't be seen with the * wrong password. */ public function testAllowedViewWrongPassword() { // Log in as Admin. $this->drupalLogin($this->adminUser); // Create a new page node. $node = $this->createProtectedNode(); // Once the node created logout the user. $this->drupalLogout(); // An authenticated user sees the node. $this->drupalLogin($this->normalAccessAllowedUser); $another_password = $this->randomName(12); $form = array('password' => $another_password); $this->drupalPost('node/' . $node->nid, $form, t('OK')); $text = $node->body[LANGUAGE_NONE][0]['value']; $this->assertNoText($text, "User with right permission can't access a protected node with wrong password", $this->group); } /** * Test function. * * Test that a node protected with global protection can't be seen by an * authenticated but not allowed user. */ public function testAuthenticatedNonAllowedView() { // Log in as Admin. $this->drupalLogin($this->adminUser); // Create a new page node. $node = $this->createProtectedNode(); // Once the node created logout the user. $this->drupalLogout(); // User that can see published content sees the node. $this->drupalLogin($this->normalNonAccessAllowedUser); $this->drupalGet('node/' . $node->nid); $this->assertResponse(403, "User with no access permission is not allowed to access a protected node"); } /** * Helper method to create a protected node. * * Please make sure the user has the permission to create the node before * calling the method. * * @return object * A node object. */ public function createProtectedNode() { // Add a new page node that is protected. $node_title = $this->randomName(8); $node_data = array( 'title' => $node_title, 'body[und][0][value]' => $this->randomName(32), 'protected_node_is_protected' => TRUE, ); $this->drupalPost('node/add/page', $node_data, t('Save')); return $this->drupalGetNodeByTitle($node_title); } }