3 namespace Drupal\Tests\system\Functional\System;
5 use Drupal\Component\Render\FormattableMarkup;
6 use Drupal\Tests\BrowserTestBase;
7 use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
8 use Drupal\user\RoleInterface;
11 * Tests page access denied functionality, including custom 403 pages.
15 class AccessDeniedTest extends BrowserTestBase {
17 use AssertPageCacheContextsAndTagsTrait;
24 public static $modules = ['block', 'node', 'system_test'];
28 protected function setUp() {
31 $this->drupalPlaceBlock('page_title_block');
33 // Create an administrative user.
34 $this->adminUser = $this->drupalCreateUser(['access administration pages', 'administer site configuration', 'link to any page', 'administer blocks']);
35 $this->adminUser->roles[] = 'administrator';
36 $this->adminUser->save();
38 user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access user profiles']);
39 user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, ['access user profiles']);
42 public function testAccessDenied() {
43 $this->drupalGet('admin');
44 $this->assertText(t('Access denied'), 'Found the default 403 page');
45 $this->assertResponse(403);
47 // Ensure that users without permission are denied access and have the
48 // correct path information in drupalSettings.
49 $this->drupalLogin($this->createUser([]));
50 $this->drupalGet('admin', ['query' => ['foo' => 'bar']]);
52 $settings = $this->getDrupalSettings();
53 $this->assertEqual($settings['path']['currentPath'], 'admin');
54 $this->assertEqual($settings['path']['currentPathIsAdmin'], TRUE);
55 $this->assertEqual($settings['path']['currentQuery'], ['foo' => 'bar']);
57 $this->drupalLogin($this->adminUser);
59 // Set a custom 404 page without a starting slash.
61 'site_403' => 'user/' . $this->adminUser->id(),
63 $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
64 $this->assertRaw(new FormattableMarkup("The path '%path' has to start with a slash.", ['%path' => $edit['site_403']]));
66 // Use a custom 403 page.
68 'site_403' => '/user/' . $this->adminUser->id(),
70 $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
72 // Enable the user login block.
73 $block = $this->drupalPlaceBlock('user_login_block', ['id' => 'login']);
75 // Log out and check that the user login block is shown on custom 403 pages.
76 $this->drupalLogout();
77 $this->drupalGet('admin');
78 $this->assertText($this->adminUser->getUsername(), 'Found the custom 403 page');
79 $this->assertText(t('Username'), 'Blocks are shown on the custom 403 page');
81 // Log back in and remove the custom 403 page.
82 $this->drupalLogin($this->adminUser);
86 $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
88 // Logout and check that the user login block is shown on default 403 pages.
89 $this->drupalLogout();
90 $this->drupalGet('admin');
91 $this->assertText(t('Access denied'), 'Found the default 403 page');
92 $this->assertResponse(403);
93 $this->assertText(t('Username'), 'Blocks are shown on the default 403 page');
95 // Log back in, set the custom 403 page to /user/login and remove the block
96 $this->drupalLogin($this->adminUser);
97 $this->config('system.site')->set('page.403', '/user/login')->save();
98 $block->disable()->save();
100 // Check that we can log in from the 403 page.
101 $this->drupalLogout();
103 'name' => $this->adminUser->getUsername(),
104 'pass' => $this->adminUser->pass_raw,
106 $this->drupalPostForm('admin/config/system/site-information', $edit, t('Log in'));
108 // Check that we're still on the same page.
109 $this->assertText(t('Basic site settings'));
113 * Tests that an inaccessible custom 403 page falls back to the default.
115 public function testAccessDeniedCustomPageWithAccessDenied() {
116 // Sets up a 403 page not accessible by the anonymous user.
117 $this->config('system.site')->set('page.403', '/system-test/custom-4xx')->save();
119 $this->drupalGet('/system-test/always-denied');
120 $this->assertNoText('Admin-only 4xx response');
121 $this->assertText('You are not authorized to access this page.');
122 $this->assertResponse(403);
123 // Verify the access cacheability metadata for custom 403 is bubbled.
124 $this->assertCacheContext('user.roles');
126 $this->drupalLogin($this->adminUser);
127 $this->drupalGet('/system-test/always-denied');
128 $this->assertText('Admin-only 4xx response');
129 $this->assertResponse(403);
130 // Verify the access cacheability metadata for custom 403 is bubbled.
131 $this->assertCacheContext('user.roles');