summaryrefslogtreecommitdiff
path: root/modules/simpletest/tests
diff options
context:
space:
mode:
Diffstat (limited to 'modules/simpletest/tests')
-rw-r--r--modules/simpletest/tests/http.php33
-rw-r--r--modules/simpletest/tests/https.php24
-rw-r--r--modules/simpletest/tests/session.test61
-rw-r--r--modules/simpletest/tests/upgrade/upgrade.test5
4 files changed, 106 insertions, 17 deletions
diff --git a/modules/simpletest/tests/http.php b/modules/simpletest/tests/http.php
new file mode 100644
index 000000000..0c5f1eb78
--- /dev/null
+++ b/modules/simpletest/tests/http.php
@@ -0,0 +1,33 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * Fake an HTTP request, for use during testing.
+ */
+
+// Set a global variable to indicate a mock HTTP request.
+$is_http_mock = !empty($_SERVER['HTTPS']);
+
+// Change to HTTP.
+$_SERVER['HTTPS'] = NULL;
+ini_set('session.cookie_secure', FALSE);
+foreach ($_SERVER as $key => $value) {
+ $_SERVER[$key] = str_replace('modules/simpletest/tests/http.php', 'index.php', $value);
+ $_SERVER[$key] = str_replace('https://', 'http://', $_SERVER[$key]);
+}
+
+// Change current directory to the Drupal root.
+chdir('../../..');
+define('DRUPAL_ROOT', getcwd());
+require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
+
+// Make sure this file can only be used by simpletest.
+drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION);
+if (!drupal_valid_test_ua()) {
+ header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+ exit;
+}
+
+drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
+menu_execute_active_handler();
diff --git a/modules/simpletest/tests/https.php b/modules/simpletest/tests/https.php
index 121e4ee17..ba618c151 100644
--- a/modules/simpletest/tests/https.php
+++ b/modules/simpletest/tests/https.php
@@ -6,23 +6,27 @@
* Fake an https request, for use during testing.
*/
-// Negated copy of the condition in _drupal_bootstrap(). If the user agent is
-// not from simpletest then disallow access.
-if (!(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], "simpletest") !== FALSE))) {
- exit;
-}
-
// Set a global variable to indicate a mock HTTPS request.
$is_https_mock = empty($_SERVER['HTTPS']);
// Change to https.
$_SERVER['HTTPS'] = 'on';
-
-// Change to index.php.
-chdir('../../..');
foreach ($_SERVER as $key => $value) {
$_SERVER[$key] = str_replace('modules/simpletest/tests/https.php', 'index.php', $value);
$_SERVER[$key] = str_replace('http://', 'https://', $_SERVER[$key]);
}
-require_once 'index.php';
+// Change current directory to the Drupal root.
+chdir('../../..');
+define('DRUPAL_ROOT', getcwd());
+require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
+
+// Make sure this file can only be used by simpletest.
+drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION);
+if (!drupal_valid_test_ua()) {
+ header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+ exit;
+}
+
+drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
+menu_execute_active_handler();
diff --git a/modules/simpletest/tests/session.test b/modules/simpletest/tests/session.test
index 88931a8eb..f02cbef40 100644
--- a/modules/simpletest/tests/session.test
+++ b/modules/simpletest/tests/session.test
@@ -316,7 +316,7 @@ class SessionHttpsTestCase extends DrupalWebTestCase {
// Check insecure cookie is not set.
$this->assertFalse(isset($this->cookies[$insecure_session_name]));
$ssid = $this->cookies[$secure_session_name]['value'];
- $this->assertSessionIds('', $ssid, 'Session has NULL for SID and a correct secure SID.');
+ $this->assertSessionIds($ssid, $ssid, 'Session has a non-empty SID and a correct secure SID.');
$cookie = $secure_session_name . '=' . $ssid;
// Verify that user is logged in on secure URL.
@@ -326,12 +326,36 @@ class SessionHttpsTestCase extends DrupalWebTestCase {
$this->assertResponse(200);
// Verify that user is not logged in on non-secure URL.
- if (!$is_https) {
- $this->curlClose();
- $this->drupalGet('admin/config', array(), array('Cookie: ' . $cookie));
- $this->assertNoText(t('Configuration'));
- $this->assertResponse(403);
- }
+ $this->curlClose();
+ $this->drupalGet($this->httpUrl('admin/config'), array(), array('Cookie: ' . $cookie));
+ $this->assertNoText(t('Configuration'));
+ $this->assertResponse(403);
+
+ // Verify that empty SID cannot be used on the non-secure site.
+ $this->curlClose();
+ $cookie = $insecure_session_name . '=';
+ $this->drupalGet($this->httpUrl('admin/config'), array(), array('Cookie: ' . $cookie));
+ $this->assertResponse(403);
+
+ // Test HTTP session handling by altering the form action to submit the
+ // login form through http.php, which creates a mock HTTP request on HTTPS
+ // test environments.
+ $this->curlClose();
+ $this->drupalGet('user');
+ $form = $this->xpath('//form[@id="user-login"]');
+ $form[0]['action'] = $this->httpUrl('user');
+ $edit = array('name' => $user->name, 'pass' => $user->pass_raw);
+ $this->drupalPost(NULL, $edit, t('Log in'));
+ $this->drupalGet($this->httpUrl('admin/config'));
+ $this->assertResponse(200);
+ $sid = $this->cookies[$insecure_session_name]['value'];
+ $this->assertSessionIds($sid, '', 'Session has the correct SID and an empty secure SID.');
+
+ // Verify that empty secure SID cannot be used on the secure site.
+ $this->curlClose();
+ $cookie = $secure_session_name . '=';
+ $this->drupalGet($this->httpsUrl('admin/config'), array(), array('Cookie: ' . $cookie));
+ $this->assertResponse(403);
// Clear browser cookie jar.
$this->cookies = array();
@@ -458,9 +482,32 @@ class SessionHttpsTestCase extends DrupalWebTestCase {
return $this->assertTrue(db_query('SELECT timestamp FROM {sessions} WHERE sid = :sid AND ssid = :ssid', $args)->fetchField(), $assertion_text);
}
+ /**
+ * Builds a URL for submitting a mock HTTPS request to HTTP test environments.
+ *
+ * @param $url
+ * A Drupal path such as 'user'.
+ *
+ * @return
+ * An absolute URL.
+ */
protected function httpsUrl($url) {
global $base_url;
return $base_url . '/modules/simpletest/tests/https.php?q=' . $url;
}
+
+ /**
+ * Builds a URL for submitting a mock HTTP request to HTTPS test environments.
+ *
+ * @param $url
+ * A Drupal path such as 'user'.
+ *
+ * @return
+ * An absolute URL.
+ */
+ protected function httpUrl($url) {
+ global $base_url;
+ return $base_url . '/modules/simpletest/tests/http.php?q=' . $url;
+ }
}
diff --git a/modules/simpletest/tests/upgrade/upgrade.test b/modules/simpletest/tests/upgrade/upgrade.test
index 4220faebb..8ea93deba 100644
--- a/modules/simpletest/tests/upgrade/upgrade.test
+++ b/modules/simpletest/tests/upgrade/upgrade.test
@@ -113,7 +113,12 @@ abstract class UpgradePathTestCase extends DrupalWebTestCase {
// Force our way into the session of the child site.
drupal_save_session(TRUE);
+ // A session cannot be written without the ssid column which is missing on
+ // Drupal 6 sites.
+ db_add_field('sessions', 'ssid', array('description' => "Secure session ID. The value is generated by Drupal's session handlers.", 'type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''));
_drupal_session_write($sid, '');
+ // Remove the temporarily added ssid column.
+ db_drop_field('sessions', 'ssid');
drupal_save_session(FALSE);
// Restore necessary variables.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 07:57:36 +0000