/** * Set up the persistence and CAPTCHA settings. * * @param int $persistence * The persistence value. */ private function setUpPersistence($persistence) { $this->drupalLogin($this->adminUser); // Set persistence. $edit = array('persistence' => $persistence); $this->drupalPostForm(self::CAPTCHA_ADMIN_PATH, $edit, 'Save configuration'); // Log admin out. $this->drupalLogout(); // Set the Test123 CAPTCHA on user register and comment form. // We have to do this with the function captcha_set_form_id_setting() // (because the CATCHA admin form does not show the Test123 option). // We also have to do this after all usage of the CAPTCHA admin form // (because posting the CAPTCHA admin form would set the CAPTCHA to 'none'). captcha_set_form_id_setting('user_login_form', 'captcha/Test'); $this->drupalGet('user'); $this->assertCaptchaPresence(TRUE); captcha_set_form_id_setting('user_register_form', 'captcha/Test'); $this->drupalGet('user/register'); $this->assertCaptchaPresence(TRUE); }
/** * Test the cache tags. */ public function testCacheTags() { global $base_path; // Check caching without captcha as anonymous user. $this->drupalGet(''); $this->assertEqual($this->drupalGetHeader('x-drupal-cache'), 'MISS'); $this->drupalGet(''); $this->assertEqual($this->drupalGetHeader('x-drupal-cache'), 'HIT'); // Enable captcha on login block and test caching. captcha_set_form_id_setting('user_login_form', 'captcha/Math'); $this->drupalGet(''); $sid = $this->getCaptchaSidFromForm(); $math_challenge = (string) $this->xpath('//span[@class="field-prefix"]')[0]; $this->assertFalse($this->drupalGetHeader('x-drupal-cache'), 'Cache is disabled'); $this->drupalGet(''); $this->assertNotEqual($sid, $this->getCaptchaSidFromForm()); $this->assertNotEqual($math_challenge, (string) $this->xpath('//span[@class="field-prefix"]')[0]); // Switch challenge to captcha/Test, check the captcha isn't cached. captcha_set_form_id_setting('user_login_form', 'captcha/Test'); $this->drupalGet(''); $sid = $this->getCaptchaSidFromForm(); $this->assertFalse($this->drupalGetHeader('x-drupal-cache'), 'Cache is disabled'); $this->drupalGet(''); $this->assertNotEqual($sid, $this->getCaptchaSidFromForm()); // Switch challenge to image_captcha/Image, check the captcha isn't cached. captcha_set_form_id_setting('user_login_form', 'image_captcha/Image'); $this->drupalGet(''); $image_path = (string) $this->xpath('//div[@class="details-wrapper"]/img/@src')[0]; $this->assertFalse($this->drupalGetHeader('x-drupal-cache'), 'Cache disabled'); // Check that we get a new image when vising the page again. $this->drupalGet(''); $this->assertNotEqual($image_path, (string) $this->xpath('//div[@class="details-wrapper"]/img/@src')[0]); // Check image caching, remove the base path since drupalGet() expects the // internal path. $this->drupalGet(substr($image_path, strlen($base_path))); $this->assertResponse(200); // Request image twice to make sure no errors happen (due to page caching). $this->drupalGet(substr($image_path, strlen($base_path))); $this->assertResponse(200); }
/** * Testing the protection of the user login form. */ public function testReCaptchaOnLoginForm() { $site_key = $this->randomMachineName(40); $secret_key = $this->randomMachineName(40); $grecaptcha = '<div class="g-recaptcha" data-sitekey="' . $site_key . '" data-theme="light" data-type="image"></div>'; // Test if login works. $this->drupalLogin($this->normal_user); $this->drupalLogout(); $this->drupalGet('user/login'); $this->assertNoRaw($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is not shown on form.'); // Enable 'captcha/Math' CAPTCHA on login form. captcha_set_form_id_setting('user_login_form', 'captcha/Math'); $this->drupalGet('user/login'); $this->assertNoRaw($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is not shown on form.'); // Enable 'recaptcha/reCAPTCHA' on login form. captcha_set_form_id_setting('user_login_form', 'recaptcha/reCAPTCHA'); $result = captcha_get_form_id_setting('user_login_form'); $this->assertNotNull($result, 'A configuration has been found for CAPTCHA point: user_login_form', 'reCAPTCHA'); //$this->assertEqual($result->module, 'recaptcha', 'reCAPTCHA module configured for CAPTCHA point: user_login_form', 'reCAPTCHA'); //$this->assertEqual($result->getCaptchaType(), 'reCAPTCHA', 'reCAPTCHA type has been configured for CAPTCHA point: user_login_form', 'reCAPTCHA'); $this->assertEqual($result->getCaptchaType(), 'recaptcha/reCAPTCHA', 'reCAPTCHA type has been configured for CAPTCHA point: user_login_form', 'reCAPTCHA'); //$this->verbose($result->getCaptchaType()); // Check if a Math CAPTCHA is still shown on the login form. The site key // and security key have not yet configured for reCAPTCHA. The module need // to fall back to math captcha. $this->drupalGet('user/login'); $this->assertRaw(t('Math question'), '[testReCaptchaOnLoginForm]: Math CAPTCHA is shown on form.'); // Configure site key and security key to show reCAPTCHA and no fall back. $this->config('recaptcha.settings')->set('site_key', $site_key)->save(); $this->config('recaptcha.settings')->set('secret_key', $secret_key)->save(); // Check if there is a reCAPTCHA on the login form. $this->drupalGet('user/login'); $this->assertRaw($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is shown on form.'); $this->assertRaw('<script src="https://www.google.com/recaptcha/api.js?hl=' . \Drupal::service('language_manager')->getCurrentLanguage()->getId() . '" async defer></script>', '[testReCaptchaOnLoginForm]: reCAPTCHA is shown on form.'); $this->assertNoRaw($grecaptcha . '<noscript>', '[testReCaptchaOnLoginForm]: NoScript code is not enabled for the reCAPTCHA.'); // Test if the fall back url is properly build and noscript code added. $this->config('recaptcha.settings')->set('widget.noscript', 1)->save(); $this->drupalGet('user/login'); $this->assertRaw($grecaptcha . "\n" . '<noscript>', '[testReCaptchaOnLoginForm]: NoScript for reCAPTCHA is shown on form.'); $this->assertRaw('https://www.google.com/recaptcha/api/fallback?k=' . $site_key . '&hl=' . \Drupal::service('language_manager')->getCurrentLanguage()->getId(), '[testReCaptchaOnLoginForm]: Fallback URL with IFRAME has been found.'); // Check that data-size attribute does not exists. $this->config('recaptcha.settings')->set('widget.size', '')->save(); $this->drupalGet('user/login'); $element = $this->xpath('//div[@class=:class and @data-size=:size]', [':class' => 'g-recaptcha', ':size' => 'small']); $this->assertFalse(!empty($element), 'Tag contains no data-size attribute.'); // Check that data-size attribute exists. $this->config('recaptcha.settings')->set('widget.size', 'small')->save(); $this->drupalGet('user/login'); $element = $this->xpath('//div[@class=:class and @data-size=:size]', [':class' => 'g-recaptcha', ':size' => 'small']); $this->assertTrue(!empty($element), 'Tag contains data-size attribute and value.'); // Check that data-tabindex attribute does not exists. $this->config('recaptcha.settings')->set('widget.tabindex', 0)->save(); $this->drupalGet('user/login'); $element = $this->xpath('//div[@class=:class and @data-tabindex=:index]', [':class' => 'g-recaptcha', ':index' => 0]); $this->assertFalse(!empty($element), 'Tag contains no data-tabindex attribute.'); // Check that data-tabindex attribute exists. $this->config('recaptcha.settings')->set('widget.tabindex', 5)->save(); $this->drupalGet('user/login'); $element = $this->xpath('//div[@class=:class and @data-tabindex=:index]', [':class' => 'g-recaptcha', ':index' => 5]); $this->assertTrue(!empty($element), 'Tag contains data-tabindex attribute and value.'); // Try to log in, which should fail. $edit['name'] = $this->normal_user->getUsername(); $edit['pass'] = $this->normal_user->getPassword(); $edit['captcha_response'] = '?'; $this->drupalPostForm('user/login', $edit, t('Log in')); // Check for error message. $this->assertText(t('The answer you entered for the CAPTCHA was not correct.'), 'CAPTCHA should block user login form', 'reCAPTCHA'); // And make sure that user is not logged in: check for name and password fields on ?q=user $this->drupalGet('user/login'); $this->assertField('name', t('Username field found.'), 'reCAPTCHA'); $this->assertField('pass', t('Password field found.'), 'reCAPTCHA'); }
/** * Test if the CAPTCHA session ID is reused when previewing nodes. * * Node preview after correct response should not show CAPTCHA anymore. * The preview functionality of comments and nodes works * slightly different under the hood. * CAPTCHA module should be able to handle both. * * @see testCaptchaDescriptionAfterCommentPreview() */ public function testCaptchaSessionReuseOnNodeForms() { // Set Test CAPTCHA on page form. captcha_set_form_id_setting('node_page_form', 'captcha/Test'); // Log in as normal user. $this->drupalLogin($this->normalUser); // Page settings to post, with correct CAPTCHA answer. $edit = $this->getNodeFormValues(); $edit['captcha_response'] = 'Test 123'; $this->drupalGet('node/add/page'); $this->drupalPostForm(NULL, $edit, t('Preview')); $this->assertCaptchaPresence(FALSE); }
/** * @AfterScenario @disablecaptcha */ public function afterCaptcha() { // Nothing to do. if (!module_exists('captcha')) { return; } module_load_include('inc', 'captcha', 'captcha'); variable_set('disable_captcha', FALSE); captcha_set_form_id_setting('user_login', 'default'); captcha_set_form_id_setting('feedback_node_form', 'default'); captcha_set_form_id_setting('comment_node_feedback_form', 'default'); }
/** * Test multiple captcha widgets on single page. */ public function testMultipleCaptchaProtectedFormsOnOnePage() { \Drupal::service('module_installer')->install(['block']); $this->drupalPlaceBlock('user_login_block'); // Set Test CAPTCHA on comment form and login block. captcha_set_form_id_setting(self::COMMENT_FORM_ID, 'captcha/Test'); captcha_set_form_id_setting('user_login_form', 'captcha/Test'); $this->allowCommentPostingForAnonymousVisitors(); // Create a node with comments enabled. $node = $this->drupalCreateNode(); // Preview comment with correct CAPTCHA answer. $edit = $this->getCommentFormValues(); $comment_subject = $edit['subject[0][value]']; $edit['captcha_response'] = 'Test 123'; $this->drupalPostForm('comment/reply/node/' . $node->id() . '/comment', $edit, t('Preview')); // Post should be accepted: no warnings, // no CAPTCHA reuse detection (which could be used by user log in block). $this->assertCaptchaResponseAccepted(); $this->assertText($comment_subject); }
/** * Test the CAPTCHA placement clearing. */ public function testCaptchaPlacementCacheClearing() { // Set CAPTCHA on user register form. captcha_set_form_id_setting('user_register_form', 'captcha/Math'); // Visit user register form to fill the CAPTCHA placement cache. $this->drupalGet('user/register'); // Check if there is CAPTCHA placement cache. $placement_map = $this->container->get('cache.default')->get('captcha_placement_map_cache'); $this->assertNotNull($placement_map, 'CAPTCHA placement cache should be set.'); // Clear the cache. $this->drupalLogin($this->adminUser); $this->drupalPostForm(self::CAPTCHA_ADMIN_PATH, array(), t('Clear the CAPTCHA placement cache')); // Check that the placement cache is unset. $placement_map = $this->container->get('cache.default')->get('captcha_placement_map_cache'); $this->assertFalse($placement_map, 'CAPTCHA placement cache should be unset after cache clear.'); }