Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #477038 by Damien Tournoud, chx: add security and session token support to DrupalWebTestCase.

merge-requests/26/head
Dries Buytaert 2009-05-30 07:09:02 +00:00
parent 0a5715cf65
commit 39877809cc
1 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
modules/simpletest/drupal_web_test_case.php
View File

@ -591,6 +591,16 @@ class DrupalWebTestCase extends DrupalTestCase {
*/ */
protected $httpauth_credentials = NULL; protected $httpauth_credentials = NULL;
/**
* The current session name, if available.
*/
protected $session_name = NULL;
/**
* The current session ID, if available.
*/
protected $session_id = NULL;
/** /**
* Constructor for DrupalWebTestCase. * Constructor for DrupalWebTestCase.
*/ */
@ -913,6 +923,14 @@ class DrupalWebTestCase extends DrupalTestCase {
} }
} }
/**
* Generate a token for the currently logged in user.
*/
protected function drupalGetToken($value = '') {
$private_key = drupal_get_private_key();
return md5($this->session_id . $value . $private_key);
}
/* /*
* Logs a user out of the internal browser, then check the login page to confirm logout. * Logs a user out of the internal browser, then check the login page to confirm logout.
*/ */
@ -1121,6 +1139,9 @@ class DrupalWebTestCase extends DrupalTestCase {
$curl_options[CURLOPT_USERPWD] = $this->httpauth_credentials; $curl_options[CURLOPT_USERPWD] = $this->httpauth_credentials;
} }
curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options); curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options);
// By default, the child session name should be the same as the parent.
$this->session_name = session_name();
} }
} }
@ -1144,7 +1165,11 @@ class DrupalWebTestCase extends DrupalTestCase {
$curl_options[CURLOPT_HTTPHEADER][] = 'Expect:'; $curl_options[CURLOPT_HTTPHEADER][] = 'Expect:';
} }
curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options); curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options);
// Reset headers and the session ID.
$this->session_id = NULL;
$this->headers = array(); $this->headers = array();
$this->drupalSetContent(curl_exec($this->curlHandle), curl_getinfo($this->curlHandle, CURLINFO_EFFECTIVE_URL)); $this->drupalSetContent(curl_exec($this->curlHandle), curl_getinfo($this->curlHandle, CURLINFO_EFFECTIVE_URL));
$message_vars = array( $message_vars = array(
'!method' => !empty($curl_options[CURLOPT_NOBODY]) ? 'HEAD' : (empty($curl_options[CURLOPT_POSTFIELDS]) ? 'GET' : 'POST'), '!method' => !empty($curl_options[CURLOPT_NOBODY]) ? 'HEAD' : (empty($curl_options[CURLOPT_POSTFIELDS]) ? 'GET' : 'POST'),
@ -1169,6 +1194,7 @@ class DrupalWebTestCase extends DrupalTestCase {
*/ */
protected function curlHeaderCallback($curlHandler, $header) { protected function curlHeaderCallback($curlHandler, $header) {
$this->headers[] = $header; $this->headers[] = $header;
// Errors are being sent via X-Drupal-Assertion-* headers, // Errors are being sent via X-Drupal-Assertion-* headers,
// generated by _drupal_log_error() in the exact form required // generated by _drupal_log_error() in the exact form required
// by DrupalWebTestCase::error(). // by DrupalWebTestCase::error().
@ -1176,6 +1202,17 @@ class DrupalWebTestCase extends DrupalTestCase {
// Call DrupalWebTestCase::error() with the parameters from the header. // Call DrupalWebTestCase::error() with the parameters from the header.
call_user_func_array(array(&$this, 'error'), unserialize(urldecode($matches[1]))); call_user_func_array(array(&$this, 'error'), unserialize(urldecode($matches[1])));
} }
// Save the session cookie, if set.
if (preg_match('/^Set-Cookie: ' . preg_quote($this->session_name) . '=([a-z90-9]+)/', $header, $matches)) {
if ($matches[1] != 'deleted') {
$this->session_id = $matches[1];
}
else {
$this->session_id = NULL;
}
}
// This is required by cURL. // This is required by cURL.
return strlen($header); return strlen($header);
} }