Esempio n. 1
0
 /**
  * Set up the persistence and CAPTCHA settings.
  *
  * @param int $persistence
  *   The persistence value.
  */
 private function setUpPersistence($persistence)
 {
     $this->drupalLogin($this->adminUser);
     // Set persistence.
     $edit = array('persistence' => $persistence);
     $this->drupalPostForm(self::CAPTCHA_ADMIN_PATH, $edit, 'Save configuration');
     // Log admin out.
     $this->drupalLogout();
     // Set the Test123 CAPTCHA on user register and comment form.
     // We have to do this with the function captcha_set_form_id_setting()
     // (because the CATCHA admin form does not show the Test123 option).
     // We also have to do this after all usage of the CAPTCHA admin form
     // (because posting the CAPTCHA admin form would set the CAPTCHA to 'none').
     captcha_set_form_id_setting('user_login_form', 'captcha/Test');
     $this->drupalGet('user');
     $this->assertCaptchaPresence(TRUE);
     captcha_set_form_id_setting('user_register_form', 'captcha/Test');
     $this->drupalGet('user/register');
     $this->assertCaptchaPresence(TRUE);
 }
Esempio n. 2
0
 /**
  * Test the cache tags.
  */
 public function testCacheTags()
 {
     global $base_path;
     // Check caching without captcha as anonymous user.
     $this->drupalGet('');
     $this->assertEqual($this->drupalGetHeader('x-drupal-cache'), 'MISS');
     $this->drupalGet('');
     $this->assertEqual($this->drupalGetHeader('x-drupal-cache'), 'HIT');
     // Enable captcha on login block and test caching.
     captcha_set_form_id_setting('user_login_form', 'captcha/Math');
     $this->drupalGet('');
     $sid = $this->getCaptchaSidFromForm();
     $math_challenge = (string) $this->xpath('//span[@class="field-prefix"]')[0];
     $this->assertFalse($this->drupalGetHeader('x-drupal-cache'), 'Cache is disabled');
     $this->drupalGet('');
     $this->assertNotEqual($sid, $this->getCaptchaSidFromForm());
     $this->assertNotEqual($math_challenge, (string) $this->xpath('//span[@class="field-prefix"]')[0]);
     // Switch challenge to captcha/Test, check the captcha isn't cached.
     captcha_set_form_id_setting('user_login_form', 'captcha/Test');
     $this->drupalGet('');
     $sid = $this->getCaptchaSidFromForm();
     $this->assertFalse($this->drupalGetHeader('x-drupal-cache'), 'Cache is disabled');
     $this->drupalGet('');
     $this->assertNotEqual($sid, $this->getCaptchaSidFromForm());
     // Switch challenge to image_captcha/Image, check the captcha isn't cached.
     captcha_set_form_id_setting('user_login_form', 'image_captcha/Image');
     $this->drupalGet('');
     $image_path = (string) $this->xpath('//div[@class="details-wrapper"]/img/@src')[0];
     $this->assertFalse($this->drupalGetHeader('x-drupal-cache'), 'Cache disabled');
     // Check that we get a new image when vising the page again.
     $this->drupalGet('');
     $this->assertNotEqual($image_path, (string) $this->xpath('//div[@class="details-wrapper"]/img/@src')[0]);
     // Check image caching, remove the base path since drupalGet() expects the
     // internal path.
     $this->drupalGet(substr($image_path, strlen($base_path)));
     $this->assertResponse(200);
     // Request image twice to make sure no errors happen (due to page caching).
     $this->drupalGet(substr($image_path, strlen($base_path)));
     $this->assertResponse(200);
 }
  /**
   * Testing the protection of the user login form.
   */
  public function testReCaptchaOnLoginForm() {
    $site_key = $this->randomMachineName(40);
    $secret_key = $this->randomMachineName(40);
    $grecaptcha = '<div class="g-recaptcha" data-sitekey="' . $site_key . '" data-theme="light" data-type="image"></div>';

    // Test if login works.
    $this->drupalLogin($this->normal_user);
    $this->drupalLogout();

    $this->drupalGet('user/login');
    $this->assertNoRaw($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is not shown on form.');

    // Enable 'captcha/Math' CAPTCHA on login form.
    captcha_set_form_id_setting('user_login_form', 'captcha/Math');

    $this->drupalGet('user/login');
    $this->assertNoRaw($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is not shown on form.');

    // Enable 'recaptcha/reCAPTCHA' on login form.
    captcha_set_form_id_setting('user_login_form', 'recaptcha/reCAPTCHA');
    $result = captcha_get_form_id_setting('user_login_form');
    $this->assertNotNull($result, 'A configuration has been found for CAPTCHA point: user_login_form', 'reCAPTCHA');
    //$this->assertEqual($result->module, 'recaptcha', 'reCAPTCHA module configured for CAPTCHA point: user_login_form', 'reCAPTCHA');
    //$this->assertEqual($result->getCaptchaType(), 'reCAPTCHA', 'reCAPTCHA type has been configured for CAPTCHA point: user_login_form', 'reCAPTCHA');
    $this->assertEqual($result->getCaptchaType(), 'recaptcha/reCAPTCHA', 'reCAPTCHA type has been configured for CAPTCHA point: user_login_form', 'reCAPTCHA');
    //$this->verbose($result->getCaptchaType());

    // Check if a Math CAPTCHA is still shown on the login form. The site key
    // and security key have not yet configured for reCAPTCHA. The module need
    // to fall back to math captcha.
    $this->drupalGet('user/login');
    $this->assertRaw(t('Math question'), '[testReCaptchaOnLoginForm]: Math CAPTCHA is shown on form.');

    // Configure site key and security key to show reCAPTCHA and no fall back.
    $this->config('recaptcha.settings')->set('site_key', $site_key)->save();
    $this->config('recaptcha.settings')->set('secret_key', $secret_key)->save();

    // Check if there is a reCAPTCHA on the login form.
    $this->drupalGet('user/login');
    $this->assertRaw($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is shown on form.');
    $this->assertRaw('<script src="https://www.google.com/recaptcha/api.js?hl=' . \Drupal::service('language_manager')->getCurrentLanguage()->getId() . '" async defer></script>', '[testReCaptchaOnLoginForm]: reCAPTCHA is shown on form.');
    $this->assertNoRaw($grecaptcha . '<noscript>', '[testReCaptchaOnLoginForm]: NoScript code is not enabled for the reCAPTCHA.');

    // Test if the fall back url is properly build and noscript code added.
    $this->config('recaptcha.settings')->set('widget.noscript', 1)->save();

    $this->drupalGet('user/login');
    $this->assertRaw($grecaptcha . "\n" . '<noscript>', '[testReCaptchaOnLoginForm]: NoScript for reCAPTCHA is shown on form.');
    $this->assertRaw('https://www.google.com/recaptcha/api/fallback?k=' . $site_key . '&amp;hl=' . \Drupal::service('language_manager')->getCurrentLanguage()->getId(), '[testReCaptchaOnLoginForm]: Fallback URL with IFRAME has been found.');

    // Check that data-size attribute does not exists.
    $this->config('recaptcha.settings')->set('widget.size', '')->save();
    $this->drupalGet('user/login');
    $element = $this->xpath('//div[@class=:class and @data-size=:size]', [':class' => 'g-recaptcha', ':size' => 'small']);
    $this->assertFalse(!empty($element), 'Tag contains no data-size attribute.');

    // Check that data-size attribute exists.
    $this->config('recaptcha.settings')->set('widget.size', 'small')->save();
    $this->drupalGet('user/login');
    $element = $this->xpath('//div[@class=:class and @data-size=:size]', [':class' => 'g-recaptcha', ':size' => 'small']);
    $this->assertTrue(!empty($element), 'Tag contains data-size attribute and value.');

    // Check that data-tabindex attribute does not exists.
    $this->config('recaptcha.settings')->set('widget.tabindex', 0)->save();
    $this->drupalGet('user/login');
    $element = $this->xpath('//div[@class=:class and @data-tabindex=:index]', [':class' => 'g-recaptcha', ':index' => 0]);
    $this->assertFalse(!empty($element), 'Tag contains no data-tabindex attribute.');

    // Check that data-tabindex attribute exists.
    $this->config('recaptcha.settings')->set('widget.tabindex', 5)->save();
    $this->drupalGet('user/login');
    $element = $this->xpath('//div[@class=:class and @data-tabindex=:index]', [':class' => 'g-recaptcha', ':index' => 5]);
    $this->assertTrue(!empty($element), 'Tag contains data-tabindex attribute and value.');

    // Try to log in, which should fail.
    $edit['name'] = $this->normal_user->getUsername();
    $edit['pass'] = $this->normal_user->getPassword();
    $edit['captcha_response'] = '?';

    $this->drupalPostForm('user/login', $edit, t('Log in'));
    // Check for error message.
    $this->assertText(t('The answer you entered for the CAPTCHA was not correct.'), 'CAPTCHA should block user login form', 'reCAPTCHA');

    // And make sure that user is not logged in: check for name and password fields on ?q=user
    $this->drupalGet('user/login');
    $this->assertField('name', t('Username field found.'), 'reCAPTCHA');
    $this->assertField('pass', t('Password field found.'), 'reCAPTCHA');
  }
Esempio n. 4
0
 /**
  * Test if the CAPTCHA session ID is reused when previewing nodes.
  *
  * Node preview after correct response should not show CAPTCHA anymore.
  * The preview functionality of comments and nodes works
  * slightly different under the hood.
  * CAPTCHA module should be able to handle both.
  *
  * @see testCaptchaDescriptionAfterCommentPreview()
  */
 public function testCaptchaSessionReuseOnNodeForms()
 {
     // Set Test CAPTCHA on page form.
     captcha_set_form_id_setting('node_page_form', 'captcha/Test');
     // Log in as normal user.
     $this->drupalLogin($this->normalUser);
     // Page settings to post, with correct CAPTCHA answer.
     $edit = $this->getNodeFormValues();
     $edit['captcha_response'] = 'Test 123';
     $this->drupalGet('node/add/page');
     $this->drupalPostForm(NULL, $edit, t('Preview'));
     $this->assertCaptchaPresence(FALSE);
 }
Esempio n. 5
0
 /**
  * @AfterScenario @disablecaptcha
  */
 public function afterCaptcha()
 {
     // Nothing to do.
     if (!module_exists('captcha')) {
         return;
     }
     module_load_include('inc', 'captcha', 'captcha');
     variable_set('disable_captcha', FALSE);
     captcha_set_form_id_setting('user_login', 'default');
     captcha_set_form_id_setting('feedback_node_form', 'default');
     captcha_set_form_id_setting('comment_node_feedback_form', 'default');
 }
 /**
  * Test multiple captcha widgets on single page.
  */
 public function testMultipleCaptchaProtectedFormsOnOnePage()
 {
     \Drupal::service('module_installer')->install(['block']);
     $this->drupalPlaceBlock('user_login_block');
     // Set Test CAPTCHA on comment form and login block.
     captcha_set_form_id_setting(self::COMMENT_FORM_ID, 'captcha/Test');
     captcha_set_form_id_setting('user_login_form', 'captcha/Test');
     $this->allowCommentPostingForAnonymousVisitors();
     // Create a node with comments enabled.
     $node = $this->drupalCreateNode();
     // Preview comment with correct CAPTCHA answer.
     $edit = $this->getCommentFormValues();
     $comment_subject = $edit['subject[0][value]'];
     $edit['captcha_response'] = 'Test 123';
     $this->drupalPostForm('comment/reply/node/' . $node->id() . '/comment', $edit, t('Preview'));
     // Post should be accepted: no warnings,
     // no CAPTCHA reuse detection (which could be used by user log in block).
     $this->assertCaptchaResponseAccepted();
     $this->assertText($comment_subject);
 }
Esempio n. 7
0
 /**
  * Test the CAPTCHA placement clearing.
  */
 public function testCaptchaPlacementCacheClearing()
 {
     // Set CAPTCHA on user register form.
     captcha_set_form_id_setting('user_register_form', 'captcha/Math');
     // Visit user register form to fill the CAPTCHA placement cache.
     $this->drupalGet('user/register');
     // Check if there is CAPTCHA placement cache.
     $placement_map = $this->container->get('cache.default')->get('captcha_placement_map_cache');
     $this->assertNotNull($placement_map, 'CAPTCHA placement cache should be set.');
     // Clear the cache.
     $this->drupalLogin($this->adminUser);
     $this->drupalPostForm(self::CAPTCHA_ADMIN_PATH, array(), t('Clear the CAPTCHA placement cache'));
     // Check that the placement cache is unset.
     $placement_map = $this->container->get('cache.default')->get('captcha_placement_map_cache');
     $this->assertFalse($placement_map, 'CAPTCHA placement cache should be unset after cache clear.');
 }