| Current Path : /var/www/html/rocksensor/web/core/modules/contact/tests/src/Functional/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : /var/www/html/rocksensor/web/core/modules/contact/tests/src/Functional/ContactPersonalTest.php |
<?php
declare(strict_types=1);
namespace Drupal\Tests\contact\Functional;
use Drupal\Component\Render\FormattableMarkup;
use Drupal\Component\Utility\Html;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Test\AssertMailTrait;
use Drupal\Tests\BrowserTestBase;
use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
use Drupal\user\RoleInterface;
/**
* Tests personal contact form functionality.
*
* @group contact
*/
class ContactPersonalTest extends BrowserTestBase {
use AssertMailTrait;
use AssertPageCacheContextsAndTagsTrait;
/**
* {@inheritdoc}
*/
protected static $modules = ['contact', 'dblog', 'mail_html_test'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* A user with some administrative permissions.
*
* @var \Drupal\user\UserInterface
*/
private $adminUser;
/**
* A user with permission to view profiles and access user contact forms.
*
* @var \Drupal\user\UserInterface
*/
private $webUser;
/**
* A user without any permissions.
*
* @var \Drupal\user\UserInterface
*/
private $contactUser;
/**
* {@inheritdoc}
*/
protected function setUp(): void {
parent::setUp();
// Create an admin user.
$this->adminUser = $this->drupalCreateUser([
'administer contact forms',
'administer users',
'administer account settings',
'access site reports',
]);
// Create some normal users with their contact forms enabled by default.
$this->config('contact.settings')->set('user_default_enabled', TRUE)->save();
$this->webUser = $this->drupalCreateUser([
'access user profiles',
'access user contact forms',
]);
$this->contactUser = $this->drupalCreateUser();
}
/**
* Tests that mails for contact messages are correctly sent.
*/
public function testSendPersonalContactMessage(): void {
// Ensure that the web user's email needs escaping.
$mail = $this->webUser->getAccountName() . '&escaped@example.com';
$this->webUser->setEmail($mail)->save();
$this->drupalLogin($this->webUser);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->assertEscaped($mail);
$message = $this->submitPersonalContact($this->contactUser);
$mails = $this->getMails();
$this->assertCount(1, $mails);
$mail = $mails[0];
$this->assertEquals($this->contactUser->getEmail(), $mail['to']);
$this->assertEquals($this->config('system.site')->get('mail'), $mail['from']);
$this->assertEquals($this->webUser->getEmail(), $mail['reply-to']);
$this->assertEquals('user_mail', $mail['key']);
$subject = '[' . $this->config('system.site')->get('name') . '] ' . $message['subject[0][value]'];
$this->assertEquals($subject, $mail['subject'], 'Subject is in sent message.');
$this->assertStringContainsString('Hello ' . $this->contactUser->getDisplayName(), $mail['body'], 'Recipient name is in sent message.');
$this->assertStringContainsString($this->webUser->getDisplayName(), $mail['body'], 'Sender name is in sent message.');
$this->assertStringContainsString($message['message[0][value]'], $mail['body'], 'Message body is in sent message.');
// Check there was no problems raised during sending.
$this->drupalLogout();
$this->drupalLogin($this->adminUser);
// Verify that the correct watchdog message has been logged.
$this->drupalGet('/admin/reports/dblog');
$placeholders = [
'@sender_name' => $this->webUser->getAccountName(),
'@sender_email' => $this->webUser->getEmail(),
'@recipient_name' => $this->contactUser->getAccountName(),
];
$this->assertSession()->responseContains(new FormattableMarkup('@sender_name (@sender_email) sent @recipient_name an email.', $placeholders));
// Ensure an unescaped version of the email does not exist anywhere.
$this->assertSession()->responseNotContains($this->webUser->getEmail());
// Test HTML mails.
$mail_config = $this->config('system.mail');
$mail_config->set('interface.default', 'test_html_mail_collector');
$mail_config->save();
$this->drupalLogin($this->webUser);
$message['message[0][value]'] = 'This <i>is</i> a more <b>specific</b> <sup>test</sup>, the emails are formatted now.';
$message = $this->submitPersonalContact($this->contactUser, $message);
// Assert mail content.
$this->assertMailString('body', 'Hello ' . $this->contactUser->getDisplayName(), 1);
$this->assertMailString('body', $this->webUser->getDisplayName(), 1);
$this->assertMailString('body', Html::Escape($message['message[0][value]']), 1);
}
/**
* Tests access to the personal contact form.
*/
public function testPersonalContactAccess(): void {
// Test allowed access to admin user's contact form.
$this->drupalLogin($this->webUser);
$this->drupalGet('user/' . $this->adminUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
// Check the page title is properly displayed.
$this->assertSession()->pageTextContains('Contact ' . $this->adminUser->getDisplayName());
// Test denied access to admin user's own contact form.
$this->drupalLogout();
$this->drupalLogin($this->adminUser);
$this->drupalGet('user/' . $this->adminUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(403);
// Test allowed access to user with contact form enabled.
$this->drupalLogin($this->webUser);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
// Test that there is no access to personal contact forms for users
// without an email address configured.
$original_email = $this->contactUser->getEmail();
$this->contactUser->setEmail(FALSE)->save();
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(404);
// Test that the 'contact tab' does not appear on the user profiles
// for users without an email address configured.
$this->drupalGet('user/' . $this->contactUser->id());
$contact_link = '/user/' . $this->contactUser->id() . '/contact';
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->linkByHrefNotExists($contact_link, 'The "contact" tab is hidden on profiles for users with no email address');
// Restore original email address.
$this->contactUser->setEmail($original_email)->save();
// Test denied access to the user's own contact form.
$this->drupalGet('user/' . $this->webUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(403);
// Test always denied access to the anonymous user contact form.
$this->drupalGet('user/0/contact');
$this->assertSession()->statusCodeEquals(403);
// Test that anonymous users can access the contact form.
$this->drupalLogout();
user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access user contact forms']);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
// Test that anonymous users can access admin user's contact form.
$this->drupalGet('user/' . $this->adminUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
$this->assertCacheContext('user');
// Revoke the personal contact permission for the anonymous user.
user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['access user contact forms']);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(403);
$this->assertCacheContext('user');
$this->drupalGet('user/' . $this->adminUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(403);
// Disable the personal contact form.
$this->drupalLogin($this->adminUser);
$edit = ['contact_default_status' => FALSE];
$this->drupalGet('admin/config/people/accounts');
$this->submitForm($edit, 'Save configuration');
$this->assertSession()->pageTextContains('The configuration options have been saved.');
$this->drupalLogout();
// Re-create our contacted user with personal contact forms disabled by
// default.
$this->contactUser = $this->drupalCreateUser();
// Test denied access to a user with contact form disabled.
$this->drupalLogin($this->webUser);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(403);
// Test allowed access for admin user to a user with contact form disabled.
$this->drupalLogin($this->adminUser);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
// Re-create our contacted user as a blocked user.
$this->contactUser = $this->drupalCreateUser();
$this->contactUser->block();
$this->contactUser->save();
// Test that blocked users can still be contacted by admin.
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
// Test that blocked users cannot be contacted by non-admins.
$this->drupalLogin($this->webUser);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(403);
// Test enabling and disabling the contact page through the user profile
// form.
$this->drupalGet('user/' . $this->webUser->id() . '/edit');
$this->assertSession()->checkboxNotChecked('edit-contact--2');
$this->assertNull(\Drupal::service('user.data')->get('contact', $this->webUser->id(), 'enabled'), 'Personal contact form disabled');
$this->submitForm(['contact' => TRUE], 'Save');
$this->assertSession()->checkboxChecked('edit-contact--2');
$this->assertNotEmpty(\Drupal::service('user.data')->get('contact', $this->webUser->id(), 'enabled'), 'Personal contact form enabled');
// Test with disabled global default contact form in combination with a user
// that has the contact form enabled.
$this->config('contact.settings')->set('user_default_enabled', FALSE)->save();
$this->contactUser = $this->drupalCreateUser();
\Drupal::service('user.data')->set('contact', $this->contactUser->id(), 'enabled', 1);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
}
/**
* Tests the personal contact form flood protection.
*/
public function testPersonalContactFlood(): void {
$flood_limit = 3;
$this->config('contact.settings')->set('flood.limit', $flood_limit)->save();
$this->drupalLogin($this->webUser);
// Submit contact form with correct values and check flood interval.
for ($i = 0; $i < $flood_limit; $i++) {
$this->submitPersonalContact($this->contactUser);
$this->assertSession()->pageTextContains('Your message has been sent.');
}
// Submit contact form one over limit.
$this->submitPersonalContact($this->contactUser);
// Normal user should be denied access to flooded contact form.
$interval = \Drupal::service('date.formatter')->formatInterval($this->config('contact.settings')->get('flood.interval'));
$this->assertSession()->pageTextContains("You cannot send more than 3 messages in {$interval}. Try again later.");
// Test that the admin user can still access the contact form even though
// the flood limit was reached.
$this->drupalLogin($this->adminUser);
$this->assertSession()->pageTextNotContains('Try again later.');
}
/**
* Tests the personal contact form based access when an admin adds users.
*/
public function testAdminContact(): void {
user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access user contact forms']);
$this->checkContactAccess(200);
$this->checkContactAccess(403, FALSE);
$config = $this->config('contact.settings');
$config->set('user_default_enabled', FALSE);
$config->save();
$this->checkContactAccess(403);
}
/**
* Creates a user and then checks contact form access.
*
* @param int $response
* The expected response code.
* @param bool $contact_value
* (optional) The value the contact field should be set too.
*/
protected function checkContactAccess($response, $contact_value = NULL) {
$this->drupalLogin($this->adminUser);
$this->drupalGet('admin/people/create');
if ($this->config('contact.settings')->get('user_default_enabled', TRUE)) {
$this->assertSession()->checkboxChecked('edit-contact--2');
}
else {
$this->assertSession()->checkboxNotChecked('edit-contact--2');
}
$name = $this->randomMachineName();
$edit = [
'name' => $name,
'mail' => $this->randomMachineName() . '@example.com',
'pass[pass1]' => $pass = $this->randomString(),
'pass[pass2]' => $pass,
'notify' => FALSE,
];
if (isset($contact_value)) {
$edit['contact'] = $contact_value;
}
$this->drupalGet('admin/people/create');
$this->submitForm($edit, 'Create new account');
$user = user_load_by_name($name);
$this->drupalLogout();
$this->drupalGet('user/' . $user->id() . '/contact');
$this->assertSession()->statusCodeEquals($response);
}
/**
* Fills out a user's personal contact form and submits it.
*
* @param \Drupal\Core\Session\AccountInterface $account
* A user object of the user being contacted.
* @param array $message
* (optional) An array with the form fields being used. Defaults to an empty
* array.
* @param bool $user_copy
* (optional) A boolean to determine whether to send a user copy email.
* Defaults to FALSE.
*
* @return array
* An array with the form fields being used.
*/
protected function submitPersonalContact(AccountInterface $account, array $message = [], bool $user_copy = FALSE) {
$message += [
'subject[0][value]' => $this->randomMachineName(16) . '< " =+ >',
'message[0][value]' => $this->randomMachineName(64) . '< " =+ >',
'copy' => $user_copy,
];
$this->drupalGet('user/' . $account->id() . '/contact');
$this->submitForm($message, 'Send message');
return $message;
}
/**
* Tests that the opt-out message is included correctly in contact emails.
*/
public function testPersonalContactForm(): void {
$opt_out_message = "If you don't want to receive such messages, you can change your settings at";
// Send an email from an admin (should not contain the opt-out message).
$this->drupalLogin($this->adminUser);
$this->submitPersonalContact($this->contactUser);
$this->drupalLogout();
$this->assertStringNotContainsString($opt_out_message, $this->getMails()[0]['body'], 'Opt-out message excluded in email.');
// Send an email from a non-admin (should contain the opt-out message).
$this->drupalLogin($this->webUser);
$this->submitPersonalContact($this->contactUser);
$this->assertMailString('body', $opt_out_message, 1, 'Opt-out message included in email.');
}
/**
* Tests that the opt-out message is not included in user copy emails.
*/
public function testPersonalContactFormUserCopy(): void {
$opt_out_message = "If you don't want to receive such messages, you can change your settings at";
// Send an email from an admin.
$this->drupalLogin($this->adminUser);
$this->submitPersonalContact($this->contactUser, [], TRUE);
$this->drupalLogout();
// Send an email from a non-admin.
$this->drupalLogin($this->webUser);
$this->submitPersonalContact($this->contactUser, [], TRUE);
$user_copy_emails = $this->getMails(['id' => 'contact_user_copy']);
// Tests that the opt-out message is not included in admin user copy emails.
$this->assertStringNotContainsString($opt_out_message, $user_copy_emails[0]['body'], 'Opt-out message not included in admin user copy email.');
// Tests that the opt-out message is not included in non-admin user copy emails.
$this->assertStringNotContainsString($opt_out_message, $user_copy_emails[1]['body'], 'Opt-out message not included in non-admin user copy email.');
}
}