/** * Testing the protection of the user login form. */ public function testReCaptchaOnLoginForm() { $site_key = $this->randomMachineName(40); $secret_key = $this->randomMachineName(40); $grecaptcha = '<div class="g-recaptcha" data-sitekey="' . $site_key . '" data-theme="light" data-type="image"></div>'; // Test if login works. $this->drupalLogin($this->normal_user); $this->drupalLogout(); $this->drupalGet('user/login'); $this->assertNoRaw($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is not shown on form.'); // Enable 'captcha/Math' CAPTCHA on login form. captcha_set_form_id_setting('user_login_form', 'captcha/Math'); $this->drupalGet('user/login'); $this->assertNoRaw($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is not shown on form.'); // Enable 'recaptcha/reCAPTCHA' on login form. captcha_set_form_id_setting('user_login_form', 'recaptcha/reCAPTCHA'); $result = captcha_get_form_id_setting('user_login_form'); $this->assertNotNull($result, 'A configuration has been found for CAPTCHA point: user_login_form', 'reCAPTCHA'); //$this->assertEqual($result->module, 'recaptcha', 'reCAPTCHA module configured for CAPTCHA point: user_login_form', 'reCAPTCHA'); //$this->assertEqual($result->getCaptchaType(), 'reCAPTCHA', 'reCAPTCHA type has been configured for CAPTCHA point: user_login_form', 'reCAPTCHA'); $this->assertEqual($result->getCaptchaType(), 'recaptcha/reCAPTCHA', 'reCAPTCHA type has been configured for CAPTCHA point: user_login_form', 'reCAPTCHA'); //$this->verbose($result->getCaptchaType()); // Check if a Math CAPTCHA is still shown on the login form. The site key // and security key have not yet configured for reCAPTCHA. The module need // to fall back to math captcha. $this->drupalGet('user/login'); $this->assertRaw(t('Math question'), '[testReCaptchaOnLoginForm]: Math CAPTCHA is shown on form.'); // Configure site key and security key to show reCAPTCHA and no fall back. $this->config('recaptcha.settings')->set('site_key', $site_key)->save(); $this->config('recaptcha.settings')->set('secret_key', $secret_key)->save(); // Check if there is a reCAPTCHA on the login form. $this->drupalGet('user/login'); $this->assertRaw($grecaptcha, '[testReCaptchaOnLoginForm]: reCAPTCHA is shown on form.'); $this->assertRaw('<script src="https://www.google.com/recaptcha/api.js?hl=' . \Drupal::service('language_manager')->getCurrentLanguage()->getId() . '" async defer></script>', '[testReCaptchaOnLoginForm]: reCAPTCHA is shown on form.'); $this->assertNoRaw($grecaptcha . '<noscript>', '[testReCaptchaOnLoginForm]: NoScript code is not enabled for the reCAPTCHA.'); // Test if the fall back url is properly build and noscript code added. $this->config('recaptcha.settings')->set('widget.noscript', 1)->save(); $this->drupalGet('user/login'); $this->assertRaw($grecaptcha . "\n" . '<noscript>', '[testReCaptchaOnLoginForm]: NoScript for reCAPTCHA is shown on form.'); $this->assertRaw('https://www.google.com/recaptcha/api/fallback?k=' . $site_key . '&hl=' . \Drupal::service('language_manager')->getCurrentLanguage()->getId(), '[testReCaptchaOnLoginForm]: Fallback URL with IFRAME has been found.'); // Check that data-size attribute does not exists. $this->config('recaptcha.settings')->set('widget.size', '')->save(); $this->drupalGet('user/login'); $element = $this->xpath('//div[@class=:class and @data-size=:size]', [':class' => 'g-recaptcha', ':size' => 'small']); $this->assertFalse(!empty($element), 'Tag contains no data-size attribute.'); // Check that data-size attribute exists. $this->config('recaptcha.settings')->set('widget.size', 'small')->save(); $this->drupalGet('user/login'); $element = $this->xpath('//div[@class=:class and @data-size=:size]', [':class' => 'g-recaptcha', ':size' => 'small']); $this->assertTrue(!empty($element), 'Tag contains data-size attribute and value.'); // Check that data-tabindex attribute does not exists. $this->config('recaptcha.settings')->set('widget.tabindex', 0)->save(); $this->drupalGet('user/login'); $element = $this->xpath('//div[@class=:class and @data-tabindex=:index]', [':class' => 'g-recaptcha', ':index' => 0]); $this->assertFalse(!empty($element), 'Tag contains no data-tabindex attribute.'); // Check that data-tabindex attribute exists. $this->config('recaptcha.settings')->set('widget.tabindex', 5)->save(); $this->drupalGet('user/login'); $element = $this->xpath('//div[@class=:class and @data-tabindex=:index]', [':class' => 'g-recaptcha', ':index' => 5]); $this->assertTrue(!empty($element), 'Tag contains data-tabindex attribute and value.'); // Try to log in, which should fail. $edit['name'] = $this->normal_user->getUsername(); $edit['pass'] = $this->normal_user->getPassword(); $edit['captcha_response'] = '?'; $this->drupalPostForm('user/login', $edit, t('Log in')); // Check for error message. $this->assertText(t('The answer you entered for the CAPTCHA was not correct.'), 'CAPTCHA should block user login form', 'reCAPTCHA'); // And make sure that user is not logged in: check for name and password fields on ?q=user $this->drupalGet('user/login'); $this->assertField('name', t('Username field found.'), 'reCAPTCHA'); $this->assertField('pass', t('Password field found.'), 'reCAPTCHA'); }
/** * Helper function for checking CAPTCHA setting of a form. * * @param string $form_id * The form_id of the form to investigate. * @param string $challenge_type * What the challenge type should be: * NULL, 'default' or something like 'captcha/Math'. */ protected function assertCaptchaSetting($form_id, $challenge_type) { $result = captcha_get_form_id_setting(self::COMMENT_FORM_ID, TRUE); $this->assertEqual($result, $challenge_type, t('Check CAPTCHA setting for form: expected: @expected, received: @received.', array('@expected' => var_export($challenge_type, TRUE), '@received' => var_export($result, TRUE))), 'CAPTCHA'); }