corpus_parole: cms/drupal/modules/simpletest/tests/session.test@25f3d28f51b2 (annotated)

541 e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	1	<?php
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	2
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	3	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	4	* @file
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	5	* Provides SimpleTests for core session handling functionality.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	6	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	7
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	8	class SessionTestCase extends DrupalWebTestCase {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	9	public static function getInfo() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	10	return array(
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	11	'name' => 'Session tests',
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	12	'description' => 'Drupal session handling tests.',
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	13	'group' => 'Session'
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	14	);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	15	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	16
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	17	function setUp() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	18	parent::setUp('session_test');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	19	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	20
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	21	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	22	* Tests for drupal_save_session() and drupal_session_regenerate().
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	23	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	24	function testSessionSaveRegenerate() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	25	$this->assertFalse(drupal_save_session(), 'drupal_save_session() correctly returns FALSE (inside of testing framework) when initially called with no arguments.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	26	$this->assertFalse(drupal_save_session(FALSE), 'drupal_save_session() correctly returns FALSE when called with FALSE.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	27	$this->assertFalse(drupal_save_session(), 'drupal_save_session() correctly returns FALSE when saving has been disabled.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	28	$this->assertTrue(drupal_save_session(TRUE), 'drupal_save_session() correctly returns TRUE when called with TRUE.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	29	$this->assertTrue(drupal_save_session(), 'drupal_save_session() correctly returns TRUE when saving has been enabled.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	30
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	31	// Test session hardening code from SA-2008-044.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	32	$user = $this->drupalCreateUser(array('access content'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	33
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	34	// Enable sessions.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	35	$this->sessionReset($user->uid);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	36
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	37	// Make sure the session cookie is set as HttpOnly.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	38	$this->drupalLogin($user);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	39	$this->assertTrue(preg_match('/HttpOnly/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as HttpOnly.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	40	$this->drupalLogout();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	41
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	42	// Verify that the session is regenerated if a module calls exit
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	43	// in hook_user_login().
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	44	user_save($user, array('name' => 'session_test_user'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	45	$user->name = 'session_test_user';
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	46	$this->drupalGet('session-test/id');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	47	$matches = array();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	48	preg_match('/\ssession_id:(.)\n/', $this->drupalGetContent(), $matches);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	49	$this->assertTrue(!empty($matches[1]) , 'Found session ID before logging in.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	50	$original_session = $matches[1];
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	51
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	52	// We cannot use $this->drupalLogin($user); because we exit in
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	53	// session_test_user_login() which breaks a normal assertion.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	54	$edit = array(
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	55	'name' => $user->name,
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	56	'pass' => $user->pass_raw
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	57	);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	58	$this->drupalPost('user', $edit, t('Log in'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	59	$this->drupalGet('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	60	$pass = $this->assertText($user->name, format_string('Found name: %name', array('%name' => $user->name)), 'User login');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	61	$this->_logged_in = $pass;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	62
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	63	$this->drupalGet('session-test/id');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	64	$matches = array();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	65	preg_match('/\ssession_id:(.)\n/', $this->drupalGetContent(), $matches);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	66	$this->assertTrue(!empty($matches[1]) , 'Found session ID after logging in.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	67	$this->assertTrue($matches[1] != $original_session, 'Session ID changed after login.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	68	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	69
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	70	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	71	* Test data persistence via the session_test module callbacks.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	72	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	73	function testDataPersistence() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	74	$user = $this->drupalCreateUser(array('access content'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	75	// Enable sessions.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	76	$this->sessionReset($user->uid);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	77
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	78	$this->drupalLogin($user);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	79
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	80	$value_1 = $this->randomName();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	81	$this->drupalGet('session-test/set/' . $value_1);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	82	$this->assertText($value_1, 'The session value was stored.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	83	$this->drupalGet('session-test/get');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	84	$this->assertText($value_1, 'Session correctly returned the stored data for an authenticated user.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	85
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	86	// Attempt to write over val_1. If drupal_save_session(FALSE) is working.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	87	// properly, val_1 will still be set.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	88	$value_2 = $this->randomName();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	89	$this->drupalGet('session-test/no-set/' . $value_2);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	90	$this->assertText($value_2, 'The session value was correctly passed to session-test/no-set.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	91	$this->drupalGet('session-test/get');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	92	$this->assertText($value_1, 'Session data is not saved for drupal_save_session(FALSE).', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	93
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	94	// Switch browser cookie to anonymous user, then back to user 1.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	95	$this->sessionReset();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	96	$this->sessionReset($user->uid);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	97	$this->assertText($value_1, 'Session data persists through browser close.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	98
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	99	// Logout the user and make sure the stored value no longer persists.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	100	$this->drupalLogout();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	101	$this->sessionReset();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	102	$this->drupalGet('session-test/get');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	103	$this->assertNoText($value_1, "After logout, previous user's session data is not available.", 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	104
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	105	// Now try to store some data as an anonymous user.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	106	$value_3 = $this->randomName();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	107	$this->drupalGet('session-test/set/' . $value_3);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	108	$this->assertText($value_3, 'Session data stored for anonymous user.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	109	$this->drupalGet('session-test/get');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	110	$this->assertText($value_3, 'Session correctly returned the stored data for an anonymous user.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	111
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	112	// Try to store data when drupal_save_session(FALSE).
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	113	$value_4 = $this->randomName();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	114	$this->drupalGet('session-test/no-set/' . $value_4);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	115	$this->assertText($value_4, 'The session value was correctly passed to session-test/no-set.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	116	$this->drupalGet('session-test/get');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	117	$this->assertText($value_3, 'Session data is not saved for drupal_save_session(FALSE).', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	118
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	119	// Login, the data should persist.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	120	$this->drupalLogin($user);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	121	$this->sessionReset($user->uid);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	122	$this->drupalGet('session-test/get');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	123	$this->assertNoText($value_1, 'Session has persisted for an authenticated user after logging out and then back in.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	124
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	125	// Change session and create another user.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	126	$user2 = $this->drupalCreateUser(array('access content'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	127	$this->sessionReset($user2->uid);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	128	$this->drupalLogin($user2);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	129	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	130
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	131	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	132	* Test that empty anonymous sessions are destroyed.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	133	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	134	function testEmptyAnonymousSession() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	135	// Verify that no session is automatically created for anonymous user.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	136	$this->drupalGet('');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	137	$this->assertSessionCookie(FALSE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	138	$this->assertSessionEmpty(TRUE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	139
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	140	// The same behavior is expected when caching is enabled.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	141	variable_set('cache', 1);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	142	$this->drupalGet('');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	143	$this->assertSessionCookie(FALSE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	144	$this->assertSessionEmpty(TRUE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	145	$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'MISS', 'Page was not cached.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	146
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	147	// Start a new session by setting a message.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	148	$this->drupalGet('session-test/set-message');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	149	$this->assertSessionCookie(TRUE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	150	$this->assertTrue($this->drupalGetHeader('Set-Cookie'), 'New session was started.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	151
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	152	// Display the message, during the same request the session is destroyed
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	153	// and the session cookie is unset.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	154	$this->drupalGet('');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	155	$this->assertSessionCookie(FALSE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	156	$this->assertSessionEmpty(FALSE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	157	$this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Caching was bypassed.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	158	$this->assertText(t('This is a dummy message.'), 'Message was displayed.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	159	$this->assertTrue(preg_match('/SESS\w+=deleted/', $this->drupalGetHeader('Set-Cookie')), 'Session cookie was deleted.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	160
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	161	// Verify that session was destroyed.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	162	$this->drupalGet('');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	163	$this->assertSessionCookie(FALSE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	164	$this->assertSessionEmpty(TRUE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	165	$this->assertNoText(t('This is a dummy message.'), 'Message was not cached.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	166	$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	167	$this->assertFalse($this->drupalGetHeader('Set-Cookie'), 'New session was not started.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	168
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	169	// Verify that no session is created if drupal_save_session(FALSE) is called.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	170	$this->drupalGet('session-test/set-message-but-dont-save');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	171	$this->assertSessionCookie(FALSE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	172	$this->assertSessionEmpty(TRUE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	173
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	174	// Verify that no message is displayed.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	175	$this->drupalGet('');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	176	$this->assertSessionCookie(FALSE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	177	$this->assertSessionEmpty(TRUE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	178	$this->assertNoText(t('This is a dummy message.'), 'The message was not saved.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	179	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	180
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	181	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	182	* Test that sessions are only saved when necessary.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	183	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	184	function testSessionWrite() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	185	$user = $this->drupalCreateUser(array('access content'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	186	$this->drupalLogin($user);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	187
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	188	$sql = 'SELECT u.access, s.timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE u.uid = :uid';
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	189	$times1 = db_query($sql, array(':uid' => $user->uid))->fetchObject();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	190
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	191	// Before every request we sleep one second to make sure that if the session
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	192	// is saved, its timestamp will change.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	193
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	194	// Modify the session.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	195	sleep(1);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	196	$this->drupalGet('session-test/set/foo');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	197	$times2 = db_query($sql, array(':uid' => $user->uid))->fetchObject();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	198	$this->assertEqual($times2->access, $times1->access, 'Users table was not updated.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	199	$this->assertNotEqual($times2->timestamp, $times1->timestamp, 'Sessions table was updated.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	200
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	201	// Write the same value again, i.e. do not modify the session.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	202	sleep(1);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	203	$this->drupalGet('session-test/set/foo');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	204	$times3 = db_query($sql, array(':uid' => $user->uid))->fetchObject();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	205	$this->assertEqual($times3->access, $times1->access, 'Users table was not updated.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	206	$this->assertEqual($times3->timestamp, $times2->timestamp, 'Sessions table was not updated.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	207
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	208	// Do not change the session.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	209	sleep(1);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	210	$this->drupalGet('');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	211	$times4 = db_query($sql, array(':uid' => $user->uid))->fetchObject();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	212	$this->assertEqual($times4->access, $times3->access, 'Users table was not updated.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	213	$this->assertEqual($times4->timestamp, $times3->timestamp, 'Sessions table was not updated.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	214
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	215	// Force updating of users and sessions table once per second.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	216	variable_set('session_write_interval', 0);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	217	$this->drupalGet('');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	218	$times5 = db_query($sql, array(':uid' => $user->uid))->fetchObject();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	219	$this->assertNotEqual($times5->access, $times4->access, 'Users table was updated.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	220	$this->assertNotEqual($times5->timestamp, $times4->timestamp, 'Sessions table was updated.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	221	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	222
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	223	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	224	* Test that empty session IDs are not allowed.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	225	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	226	function testEmptySessionID() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	227	$user = $this->drupalCreateUser(array('access content'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	228	$this->drupalLogin($user);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	229	$this->drupalGet('session-test/is-logged-in');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	230	$this->assertResponse(200, 'User is logged in.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	231
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	232	// Reset the sid in {sessions} to a blank string. This may exist in the
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	233	// wild in some cases, although we normally prevent it from happening.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	234	db_query("UPDATE {sessions} SET sid = '' WHERE uid = :uid", array(':uid' => $user->uid));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	235	// Send a blank sid in the session cookie, and the session should no longer
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	236	// be valid. Closing the curl handler will stop the previous session ID
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	237	// from persisting.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	238	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	239	$this->additionalCurlOptions[CURLOPT_COOKIE] = rawurlencode($this->session_name) . '=;';
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	240	$this->drupalGet('session-test/id-from-cookie');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	241	$this->assertRaw("session_id:\n", 'Session ID is blank as sent from cookie header.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	242	// Assert that we have an anonymous session now.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	243	$this->drupalGet('session-test/is-logged-in');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	244	$this->assertResponse(403, 'An empty session ID is not allowed.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	245	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	246
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	247	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	248	* Reset the cookie file so that it refers to the specified user.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	249	*
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	250	* @param $uid User id to set as the active session.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	251	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	252	function sessionReset($uid = 0) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	253	// Close the internal browser.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	254	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	255	$this->loggedInUser = FALSE;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	256
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	257	// Change cookie file for user.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	258	$this->cookieFile = file_stream_wrapper_get_instance_by_scheme('temporary')->getDirectoryPath() . '/cookie.' . $uid . '.txt';
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	259	$this->additionalCurlOptions[CURLOPT_COOKIEFILE] = $this->cookieFile;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	260	$this->additionalCurlOptions[CURLOPT_COOKIESESSION] = TRUE;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	261	$this->drupalGet('session-test/get');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	262	$this->assertResponse(200, 'Session test module is correctly enabled.', 'Session');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	263	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	264
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	265	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	266	* Assert whether the SimpleTest browser sent a session cookie.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	267	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	268	function assertSessionCookie($sent) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	269	if ($sent) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	270	$this->assertNotNull($this->session_id, 'Session cookie was sent.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	271	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	272	else {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	273	$this->assertNull($this->session_id, 'Session cookie was not sent.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	274	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	275	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	276
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	277	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	278	* Assert whether $_SESSION is empty at the beginning of the request.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	279	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	280	function assertSessionEmpty($empty) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	281	if ($empty) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	282	$this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '1', 'Session was empty.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	283	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	284	else {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	285	$this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '0', 'Session was not empty.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	286	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	287	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	288	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	289
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	290	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	291	* Ensure that when running under HTTPS two session cookies are generated.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	292	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	293	class SessionHttpsTestCase extends DrupalWebTestCase {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	294
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	295	public static function getInfo() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	296	return array(
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	297	'name' => 'Session HTTPS handling',
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	298	'description' => 'Ensure that when running under HTTPS two session cookies are generated.',
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	299	'group' => 'Session'
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	300	);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	301	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	302
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	303	public function setUp() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	304	parent::setUp('session_test');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	305	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	306
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	307	protected function testHttpsSession() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	308	global $is_https;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	309
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	310	if ($is_https) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	311	$secure_session_name = session_name();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	312	$insecure_session_name = substr(session_name(), 1);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	313	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	314	else {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	315	$secure_session_name = 'S' . session_name();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	316	$insecure_session_name = session_name();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	317	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	318
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	319	$user = $this->drupalCreateUser(array('access administration pages'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	320
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	321	// Test HTTPS session handling by altering the form action to submit the
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	322	// login form through https.php, which creates a mock HTTPS request.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	323	$this->drupalGet('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	324	$form = $this->xpath('//form[@id="user-login"]');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	325	$form[0]['action'] = $this->httpsUrl('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	326	$edit = array('name' => $user->name, 'pass' => $user->pass_raw);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	327	$this->drupalPost(NULL, $edit, t('Log in'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	328
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	329	// Test a second concurrent session.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	330	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	331	$this->drupalGet('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	332	$form = $this->xpath('//form[@id="user-login"]');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	333	$form[0]['action'] = $this->httpsUrl('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	334	$this->drupalPost(NULL, $edit, t('Log in'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	335
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	336	// Check secure cookie on secure page.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	337	$this->assertTrue($this->cookies[$secure_session_name]['secure'], 'The secure cookie has the secure attribute');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	338	// Check insecure cookie is not set.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	339	$this->assertFalse(isset($this->cookies[$insecure_session_name]));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	340	$ssid = $this->cookies[$secure_session_name]['value'];
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	341	$this->assertSessionIds($ssid, $ssid, 'Session has a non-empty SID and a correct secure SID.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	342	$cookie = $secure_session_name . '=' . $ssid;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	343
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	344	// Verify that user is logged in on secure URL.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	345	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	346	$this->drupalGet($this->httpsUrl('admin/config'), array(), array('Cookie: ' . $cookie));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	347	$this->assertText(t('Configuration'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	348	$this->assertResponse(200);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	349
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	350	// Verify that user is not logged in on non-secure URL.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	351	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	352	$this->drupalGet($this->httpUrl('admin/config'), array(), array('Cookie: ' . $cookie));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	353	$this->assertNoText(t('Configuration'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	354	$this->assertResponse(403);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	355
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	356	// Verify that empty SID cannot be used on the non-secure site.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	357	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	358	$cookie = $insecure_session_name . '=';
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	359	$this->drupalGet($this->httpUrl('admin/config'), array(), array('Cookie: ' . $cookie));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	360	$this->assertResponse(403);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	361
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	362	// Test HTTP session handling by altering the form action to submit the
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	363	// login form through http.php, which creates a mock HTTP request on HTTPS
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	364	// test environments.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	365	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	366	$this->drupalGet('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	367	$form = $this->xpath('//form[@id="user-login"]');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	368	$form[0]['action'] = $this->httpUrl('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	369	$edit = array('name' => $user->name, 'pass' => $user->pass_raw);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	370	$this->drupalPost(NULL, $edit, t('Log in'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	371	$this->drupalGet($this->httpUrl('admin/config'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	372	$this->assertResponse(200);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	373	$sid = $this->cookies[$insecure_session_name]['value'];
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	374	$this->assertSessionIds($sid, '', 'Session has the correct SID and an empty secure SID.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	375
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	376	// Verify that empty secure SID cannot be used on the secure site.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	377	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	378	$cookie = $secure_session_name . '=';
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	379	$this->drupalGet($this->httpsUrl('admin/config'), array(), array('Cookie: ' . $cookie));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	380	$this->assertResponse(403);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	381
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	382	// Clear browser cookie jar.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	383	$this->cookies = array();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	384
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	385	if ($is_https) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	386	// The functionality does not make sense when running on HTTPS.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	387	return;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	388	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	389
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	390	// Enable secure pages.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	391	variable_set('https', TRUE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	392
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	393	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	394	// Start an anonymous session on the insecure site.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	395	$session_data = $this->randomName();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	396	$this->drupalGet('session-test/set/' . $session_data);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	397	// Check secure cookie on insecure page.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	398	$this->assertFalse(isset($this->cookies[$secure_session_name]), 'The secure cookie is not sent on insecure pages.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	399	// Check insecure cookie on insecure page.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	400	$this->assertFalse($this->cookies[$insecure_session_name]['secure'], 'The insecure cookie does not have the secure attribute');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	401
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	402	// Store the anonymous cookie so we can validate that its session is killed
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	403	// after login.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	404	$anonymous_cookie = $insecure_session_name . '=' . $this->cookies[$insecure_session_name]['value'];
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	405
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	406	// Check that password request form action is not secure.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	407	$this->drupalGet('user/password');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	408	$form = $this->xpath('//form[@id="user-pass"]');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	409	$this->assertNotEqual(substr($form[0]['action'], 0, 6), 'https:', 'Password request form action is not secure');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	410	$form[0]['action'] = $this->httpsUrl('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	411
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	412	// Check that user login form action is secure.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	413	$this->drupalGet('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	414	$form = $this->xpath('//form[@id="user-login"]');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	415	$this->assertEqual(substr($form[0]['action'], 0, 6), 'https:', 'Login form action is secure');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	416	$form[0]['action'] = $this->httpsUrl('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	417
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	418	$edit = array(
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	419	'name' => $user->name,
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	420	'pass' => $user->pass_raw,
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	421	);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	422	$this->drupalPost(NULL, $edit, t('Log in'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	423	// Check secure cookie on secure page.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	424	$this->assertTrue($this->cookies[$secure_session_name]['secure'], 'The secure cookie has the secure attribute');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	425	// Check insecure cookie on secure page.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	426	$this->assertFalse($this->cookies[$insecure_session_name]['secure'], 'The insecure cookie does not have the secure attribute');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	427
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	428	$sid = $this->cookies[$insecure_session_name]['value'];
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	429	$ssid = $this->cookies[$secure_session_name]['value'];
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	430	$this->assertSessionIds($sid, $ssid, 'Session has both secure and insecure SIDs');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	431	$cookies = array(
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	432	$insecure_session_name . '=' . $sid,
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	433	$secure_session_name . '=' . $ssid,
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	434	);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	435
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	436	// Test that session data saved before login is still available on the
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	437	// authenticated session.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	438	$this->drupalGet('session-test/get');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	439	$this->assertText($session_data, 'Session correctly returned the stored data set by the anonymous session.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	440
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	441	foreach ($cookies as $cookie_key => $cookie) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	442	foreach (array('admin/config', $this->httpsUrl('admin/config')) as $url_key => $url) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	443	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	444
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	445	$this->drupalGet($url, array(), array('Cookie: ' . $cookie));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	446	if ($cookie_key == $url_key) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	447	$this->assertText(t('Configuration'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	448	$this->assertResponse(200);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	449	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	450	else {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	451	$this->assertNoText(t('Configuration'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	452	$this->assertResponse(403);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	453	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	454	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	455	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	456
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	457	// Test that session data saved before login is not available using the
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	458	// pre-login anonymous cookie.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	459	$this->cookies = array();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	460	$this->drupalGet('session-test/get', array('Cookie: ' . $anonymous_cookie));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	461	$this->assertNoText($session_data, 'Initial anonymous session is inactive after login.');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	462
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	463	// Clear browser cookie jar.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	464	$this->cookies = array();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	465
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	466	// Start an anonymous session on the secure site.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	467	$this->drupalGet($this->httpsUrl('session-test/set/1'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	468
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	469	// Mock a login to the secure site using the secure session cookie.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	470	$this->drupalGet('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	471	$form = $this->xpath('//form[@id="user-login"]');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	472	$form[0]['action'] = $this->httpsUrl('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	473	$this->drupalPost(NULL, $edit, t('Log in'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	474
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	475	// Test that the user is also authenticated on the insecure site.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	476	$this->drupalGet("user/{$user->uid}/edit");
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	477	$this->assertResponse(200);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	478	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	479
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	480	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	481	* Tests that empty session IDs do not cause unrelated sessions to load.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	482	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	483	public function testEmptySessionId() {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	484	global $is_https;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	485
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	486	if ($is_https) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	487	$secure_session_name = session_name();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	488	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	489	else {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	490	$secure_session_name = 'S' . session_name();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	491	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	492
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	493	// Enable mixed mode for HTTP and HTTPS.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	494	variable_set('https', TRUE);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	495
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	496	$admin_user = $this->drupalCreateUser(array('access administration pages'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	497	$standard_user = $this->drupalCreateUser(array('access content'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	498
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	499	// First log in as the admin user on HTTP.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	500	// We cannot use $this->drupalLogin() here because we need to use the
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	501	// special http.php URLs.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	502	$edit = array(
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	503	'name' => $admin_user->name,
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	504	'pass' => $admin_user->pass_raw
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	505	);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	506	$this->drupalGet('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	507	$form = $this->xpath('//form[@id="user-login"]');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	508	$form[0]['action'] = $this->httpUrl('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	509	$this->drupalPost(NULL, $edit, t('Log in'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	510
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	511	$this->curlClose();
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	512
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	513	// Now start a session for the standard user on HTTPS.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	514	$edit = array(
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	515	'name' => $standard_user->name,
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	516	'pass' => $standard_user->pass_raw
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	517	);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	518	$this->drupalGet('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	519	$form = $this->xpath('//form[@id="user-login"]');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	520	$form[0]['action'] = $this->httpsUrl('user');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	521	$this->drupalPost(NULL, $edit, t('Log in'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	522
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	523	// Make the secure session cookie blank.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	524	curl_setopt($this->curlHandle, CURLOPT_COOKIE, "$secure_session_name=");
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	525	$this->drupalGet($this->httpsUrl('user'));
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	526	$this->assertNoText($admin_user->name, 'User is not logged in as admin');
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	527	$this->assertNoText($standard_user->name, "The user's own name is not displayed because the invalid session cookie has logged them out.");
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	528	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	529
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	530	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	531	* Test that there exists a session with two specific session IDs.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	532	*
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	533	* @param $sid
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	534	* The insecure session ID to search for.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	535	* @param $ssid
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	536	* The secure session ID to search for.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	537	* @param $assertion_text
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	538	* The text to display when we perform the assertion.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	539	*
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	540	* @return
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	541	* The result of assertTrue() that there's a session in the system that
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	542	* has the given insecure and secure session IDs.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	543	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	544	protected function assertSessionIds($sid, $ssid, $assertion_text) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	545	$args = array(
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	546	':sid' => $sid,
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	547	':ssid' => $ssid,
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	548	);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	549	return $this->assertTrue(db_query('SELECT timestamp FROM {sessions} WHERE sid = :sid AND ssid = :ssid', $args)->fetchField(), $assertion_text);
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	550	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	551
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	552	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	553	* Builds a URL for submitting a mock HTTPS request to HTTP test environments.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	554	*
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	555	* @param $url
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	556	* A Drupal path such as 'user'.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	557	*
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	558	* @return
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	559	* An absolute URL.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	560	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	561	protected function httpsUrl($url) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	562	global $base_url;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	563	return $base_url . '/modules/simpletest/tests/https.php?q=' . $url;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	564	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	565
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	566	/**
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	567	* Builds a URL for submitting a mock HTTP request to HTTPS test environments.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	568	*
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	569	* @param $url
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	570	* A Drupal path such as 'user'.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	571	*
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	572	* @return
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	573	* An absolute URL.
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	574	*/
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	575	protected function httpUrl($url) {
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	576	global $base_url;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	577	return $base_url . '/modules/simpletest/tests/http.php?q=' . $url;
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	578	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	579	}
e756a8c72c3d integrate drupal and correct build process. update version ymh <ymh.work@gmail.com> parents: diff changeset	580

author	ymh <ymh.work@gmail.com>
	Tue, 20 Mar 2018 15:02:40 +0100
changeset 573	25f3d28f51b2
parent 541	e756a8c72c3d
permissions	-rwxr-xr-x