Home Explore Help
Sign In
bachir
/
materio-base-d7
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5510ac0abf
Branches Tags
materio-base-d7
/
sites
/
all
/
modules
/
contrib
/
form
/
honeypot
/
honeypot.test

honeypot.test 14 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @file
    5. 

  5.  * Testing for Honeypot module.
    6. 

  6.  */
    7. 

  7. 

  8. /**
    9. 

  9.  * Test the functionality of the Honeypot module for forms.
    10. 

  10.  */
    11. 

  11. class HoneypotFormTestCase extends DrupalWebTestCase {
    12. 

  12.   protected $adminUser;
    13. 

  13.   protected $webUser;
    14. 

  14.   protected $node;
    15. 

  15. 

  16.   public static function getInfo() {
    17. 

  17.     return array(
    18. 

  18.       'name' => 'Honeypot form protections',
    19. 

  19.       'description' => 'Ensure that Honeypot protects site forms properly.',
    20. 

  20.       'group' => 'Form API',
    21. 

  21.     );
    22. 

  22.   }
    23. 

  23. 

  24.   public function setUp() {
    25. 

  25.     // Enable modules required for this test.
    26. 

  26.     parent::setUp(array('honeypot', 'comment', 'honeypot_test'));
    27. 

  27. 

  28.     // Set up required Honeypot variables.
    29. 

  29.     variable_set('honeypot_element_name', 'url');
    30. 

  30.     // Disable time_limit protection.
    31. 

  31.     variable_set('honeypot_time_limit', 0);
    32. 

  32.     // Test protecting all forms.
    33. 

  33.     variable_set('honeypot_protect_all_forms', TRUE);
    34. 

  34.     variable_set('honeypot_log', FALSE);
    35. 

  35. 

  36.     // Set up other required variables.
    37. 

  37.     variable_set('user_email_verification', TRUE);
    38. 

  38.     variable_set('user_register', USER_REGISTER_VISITORS);
    39. 

  39. 

  40.     // Set up admin user.
    41. 

  41.     $this->adminUser = $this->drupalCreateUser(array(
    42. 

  42.       'administer honeypot',
    43. 

  43.       'bypass honeypot protection',
    44. 

  44.       'administer content types',
    45. 

  45.       'administer users',
    46. 

  46.       'access comments',
    47. 

  47.       'post comments',
    48. 

  48.       'skip comment approval',
    49. 

  49.       'administer comments',
    50. 

  50.     ));
    51. 

  51. 

  52.     // Set up web user.
    53. 

  53.     $this->webUser = $this->drupalCreateUser(array(
    54. 

  54.       'access comments',
    55. 

  55.       'post comments',
    56. 

  56.       'create article content',
    57. 

  57.     ));
    58. 

  58. 

  59.     // Set up example node.
    60. 

  60.     $this->node = $this->drupalCreateNode(array(
    61. 

  61.       'type' => 'article',
    62. 

  62.       'promote' => 1,
    63. 

  63.       'uid' => $this->webUser->uid,
    64. 

  64.     ));
    65. 

  65.   }
    66. 

  66. 

  67.   /**
    68. 

  68.    * Test user registration (anonymous users).
    69. 

  69.    */
    70. 

  70.   public function testProtectRegisterUserNormal() {
    71. 

  71.     // Set up form and submit it.
    72. 

  72.     $edit['name'] = $this->randomName();
    73. 

  73.     $edit['mail'] = $edit['name'] . '@example.com';
    74. 

  74.     $this->drupalPost('user/register', $edit, t('Create new account'));
    75. 

  75. 

  76.     // Form should have been submitted successfully.
    77. 

  77.     $this->assertText(t('A welcome message with further instructions has been sent to your e-mail address.'), 'User registered successfully.');
    78. 

  78.   }
    79. 

  79. 

  80.   public function testProtectUserRegisterHoneypotFilled() {
    81. 

  81.     // Set up form and submit it.
    82. 

  82.     $edit['name'] = $this->randomName();
    83. 

  83.     $edit['mail'] = $edit['name'] . '@example.com';
    84. 

  84.     $edit['url'] = 'http://www.example.com/';
    85. 

  85.     $this->drupalPost('user/register', $edit, t('Create new account'));
    86. 

  86. 

  87.     // Form should have error message.
    88. 

  88.     $this->assertText(t('There was a problem with your form submission. Please refresh the page and try again.'), 'Registration form protected by honeypot.');
    89. 

  89.   }
    90. 

  90. 

  91.   public function testProtectRegisterUserTooFast() {
    92. 

  92.     // Enable time limit for honeypot.
    93. 

  93.     variable_set('honeypot_time_limit', 5);
    94. 

  94. 

  95.     // Set up form and submit it.
    96. 

  96.     $edit['name'] = $this->randomName();
    97. 

  97.     $edit['mail'] = $edit['name'] . '@example.com';
    98. 

  98.     $this->drupalPost('user/register', $edit, t('Create new account'));
    99. 

  99. 

  100.     // Form should have error message.
    101. 

  101.     $this->assertText(t('There was a problem with your form submission. Please wait 6 seconds and try again.'), 'Registration form protected by time limit.');
    102. 

  102.   }
    103. 

  103. 

  104.   /**
    105. 

  105.    * Test comment form protection.
    106. 

  106.    */
    107. 

  107.   public function testProtectCommentFormNormal() {
    108. 

  108.     $comment = 'Test comment.';
    109. 

  109. 

  110.     // Disable time limit for honeypot.
    111. 

  111.     variable_set('honeypot_time_limit', 0);
    112. 

  112. 

  113.     // Log in the web user.
    114. 

  114.     $this->drupalLogin($this->webUser);
    115. 

  115. 

  116.     // Set up form and submit it.
    117. 

  117.     $edit['comment_body[' . LANGUAGE_NONE . '][0][value]'] = $comment;
    118. 

  118.     $this->drupalPost('comment/reply/' . $this->node->nid, $edit, t('Save'));
    119. 

  119.     $this->assertText(t('Your comment has been posted.'), 'Comment posted successfully.');
    120. 

  120.   }
    121. 

  121. 

  122.   public function testProtectCommentFormHoneypotFilled() {
    123. 

  123.     $comment = 'Test comment.';
    124. 

  124. 

  125.     // Log in the web user.
    126. 

  126.     $this->drupalLogin($this->webUser);
    127. 

  127. 

  128.     // Set up form and submit it.
    129. 

  129.     $edit['comment_body[' . LANGUAGE_NONE . '][0][value]'] = $comment;
    130. 

  130.     $edit['url'] = 'http://www.example.com/';
    131. 

  131.     $this->drupalPost('comment/reply/' . $this->node->nid, $edit, t('Save'));
    132. 

  132.     $this->assertText(t('There was a problem with your form submission. Please refresh the page and try again.'), 'Comment posted successfully.');
    133. 

  133.   }
    134. 

  134. 

  135.   public function testProtectCommentFormHoneypotBypass() {
    136. 

  136.     // Log in the admin user.
    137. 

  137.     $this->drupalLogin($this->adminUser);
    138. 

  138. 

  139.     // Get the comment reply form and ensure there's no 'url' field.
    140. 

  140.     $this->drupalGet('comment/reply/' . $this->node->nid);
    141. 

  141.     $this->assertNoText('id="edit-url" name="url"', 'Honeypot home page field not shown.');
    142. 

  142.   }
    143. 

  143. 

  144.   /**
    145. 

  145.    * Test node form protection.
    146. 

  146.    */
    147. 

  147.   public function testProtectNodeFormTooFast() {
    148. 

  148.     // Log in the admin user.
    149. 

  149.     $this->drupalLogin($this->webUser);
    150. 

  150. 

  151.     // Reset the time limit to 5 seconds.
    152. 

  152.     variable_set('honeypot_time_limit', 5);
    153. 

  153. 

  154.     // Set up the form and submit it.
    155. 

  155.     $edit["title"] = 'Test Page';
    156. 

  156.     $this->drupalPost('node/add/article', $edit, t('Save'));
    157. 

  157.     $this->assertText(t('There was a problem with your form submission.'), 'Honeypot node form timestamp protection works.');
    158. 

  158.   }
    159. 

  159. 

  160.   /**
    161. 

  161.    * Test node form protection.
    162. 

  162.    */
    163. 

  163.   public function testProtectNodeFormPreviewPassthru() {
    164. 

  164.     // Log in the admin user.
    165. 

  165.     $this->drupalLogin($this->webUser);
    166. 

  166. 

  167.     // Post a node form using the 'Preview' button and make sure it's allowed.
    168. 

  168.     $edit["title"] = 'Test Page';
    169. 

  169.     $this->drupalPost('node/add/article', $edit, t('Preview'));
    170. 

  170.     $this->assertNoText(t('There was a problem with your form submission.'), 'Honeypot not blocking node form previews.');
    171. 

  171.   }
    172. 

  172. 

  173.   /**
    174. 

  174.    * Test programmatic submission.
    175. 

  175.    */
    176. 

  176.   public function testProgrammaticSubmission() {
    177. 

  177.     // Enable time limit protection.
    178. 

  178.     variable_set('honeypot_time_limit', 5);
    179. 

  179. 

  180.     // Create a user for which we are going to trigger the password reset.
    181. 

  181.     $edit = array();
    182. 

  182.     $edit['name']   = 'robo-user';
    183. 

  183.     $edit['mail']   = $edit['name'] . '@example.com';
    184. 

  184.     $edit['status'] = 1;
    185. 

  185.     user_save(drupal_anonymous_user(), $edit);
    186. 

  186. 

  187.     // Trigger the password reset through a programmatic submission.
    188. 

  188.     $this->drupalGet('honeypot_test/submit_form');
    189. 

  189. 

  190.     // Verify that the submission did not return any validation errors.
    191. 

  191.     $form_errors = drupal_json_decode($this->content);
    192. 

  192.     $this->assertNoRaw('There was a problem with your form submission. Please wait 6 seconds and try again.');
    193. 

  193.     $this->assertFalse($form_errors, 'The were no validation errors when submitting the form.');
    194. 

  194.   }
    195. 

  195. }
    196. 

  196. 

  197. /**
    198. 

  198.  * Test the functionality of the Honeypot module for an admin user.
    199. 

  199.  */
    200. 

  200. class HoneypotAdminFormTestCase extends DrupalWebTestCase {
    201. 

  201.   protected $adminUser;
    202. 

  202. 

  203.   public static function getInfo() {
    204. 

  204.     return array(
    205. 

  205.       'name' => 'Honeypot admin form',
    206. 

  206.       'description' => 'Ensure the Honeypot admin form functions properly.',
    207. 

  207.       'group' => 'Form API',
    208. 

  208.     );
    209. 

  209.   }
    210. 

  210. 

  211.   public function setUp() {
    212. 

  212.     // Enable modules required for this test.
    213. 

  213.     parent::setUp(array('honeypot'));
    214. 

  214. 

  215.     // Set up admin user.
    216. 

  216.     $this->adminUser = $this->drupalCreateUser(array(
    217. 

  217.       'administer honeypot',
    218. 

  218.       'bypass honeypot protection',
    219. 

  219.     ));
    220. 

  220.   }
    221. 

  221. 

  222.   /**
    223. 

  223.    * Test a valid element name.
    224. 

  224.    */
    225. 

  225.   public function testElementNameUpdateSuccess() {
    226. 

  226.     // Log in the web user.
    227. 

  227.     $this->drupalLogin($this->adminUser);
    228. 

  228. 

  229.     // Set up form and submit it.
    230. 

  230.     $edit['honeypot_element_name'] = "test";
    231. 

  231.     $this->drupalPost('admin/config/content/honeypot', $edit, t('Save configuration'));
    232. 

  232. 

  233.     // Form should have been submitted successfully.
    234. 

  234.     $this->assertText(t('The configuration options have been saved.'), 'Honeypot element name assertion works for valid names.');
    235. 

  235. 

  236.     // Set up form and submit it.
    237. 

  237.     $edit['honeypot_element_name'] = "test-1";
    238. 

  238.     $this->drupalPost('admin/config/content/honeypot', $edit, t('Save configuration'));
    239. 

  239. 

  240.     // Form should have been submitted successfully.
    241. 

  241.     $this->assertText(t('The configuration options have been saved.'), 'Honeypot element name assertion works for valid names with dashes and numbers.');
    242. 

  242.   }
    243. 

  243. 

  244.   /**
    245. 

  245.    * Test an invalid element name (invalid first character).
    246. 

  246.    */
    247. 

  247.   public function testElementNameUpdateFirstCharacterFail() {
    248. 

  248.     // Log in the admin user.
    249. 

  249.     $this->drupalLogin($this->adminUser);
    250. 

  250. 

  251.     // Set up form and submit it.
    252. 

  252.     $edit['honeypot_element_name'] = "1test";
    253. 

  253.     $this->drupalPost('admin/config/content/honeypot', $edit, t('Save configuration'));
    254. 

  254. 

  255.     // Form submission should fail.
    256. 

  256.     $this->assertText(t('The element name must start with a letter.'), 'Honeypot element name assertion works for invalid names.');
    257. 

  257.   }
    258. 

  258. 

  259.   /**
    260. 

  260.    * Test an invalid element name (invalid character in name).
    261. 

  261.    */
    262. 

  262.   public function testElementNameUpdateInvalidCharacterFail() {
    263. 

  263.     // Log in the admin user.
    264. 

  264.     $this->drupalLogin($this->adminUser);
    265. 

  265. 

  266.     // Set up form and submit it.
    267. 

  267.     $edit['honeypot_element_name'] = "special-character-&";
    268. 

  268.     $this->drupalPost('admin/config/content/honeypot', $edit, t('Save configuration'));
    269. 

  269. 

  270.     // Form submission should fail.
    271. 

  271.     $this->assertText(t('The element name cannot contain spaces or other special characters.'), 'Honeypot element name assertion works for invalid names with special characters.');
    272. 

  272. 

  273.     // Set up form and submit it.
    274. 

  274.     $edit['honeypot_element_name'] = "space in name";
    275. 

  275.     $this->drupalPost('admin/config/content/honeypot', $edit, t('Save configuration'));
    276. 

  276. 

  277.     // Form submission should fail.
    278. 

  278.     $this->assertText(t('The element name cannot contain spaces or other special characters.'), 'Honeypot element name assertion works for invalid names with spaces.');
    279. 

  279.   }
    280. 

  280. }
    281. 

  281. 

  282. /**
    283. 

  283.  * Test Honeypot's CSS generation routines.
    284. 

  284.  */
    285. 

  285. class HoneypotCssTestCase extends DrupalWebTestCase {
    286. 

  286.   public static function getInfo() {
    287. 

  287.     return array(
    288. 

  288.       'name' => 'Honeypot CSS tests',
    289. 

  289.       'description' => 'Ensure that Honeypot rebuilds its CSS file correctly.',
    290. 

  290.       'group' => 'Form API',
    291. 

  291.     );
    292. 

  292.   }
    293. 

  293. 

  294.   public function setUp() {
    295. 

  295.     // Enable modules required for this test.
    296. 

  296.     parent::setUp(array('honeypot'));
    297. 

  297. 

  298.     // Set up required Honeypot variables.
    299. 

  299.     variable_set('honeypot_element_name', 'url');
    300. 

  300.   }
    301. 

  301. 

  302.   /**
    303. 

  303.    * Test CSS file regeneration.
    304. 

  304.    */
    305. 

  305.   public function testHoneypotCssRegeneration() {
    306. 

  306.     $honeypot_css = honeypot_get_css_file_path();
    307. 

  307. 

  308.     // Delete the Honeypot CSS file (if it exists).
    309. 

  309.     file_unmanaged_delete($honeypot_css);
    310. 

  310. 

  311.     // Make sure the Honeypot CSS file doesn't exist.
    312. 

  312.     $this->assertFalse(file_exists($honeypot_css));
    313. 

  313. 

  314.     // Create the CSS file.
    315. 

  315.     honeypot_create_css(variable_get('honeypot_element_name', 'url'));
    316. 

  316. 

  317.     // Make sure the Honeypot CSS file exists.
    318. 

  318.     $this->assertTrue(file_exists($honeypot_css));
    319. 

  319.   }
    320. 

  320. 

  321.   /**
    322. 

  322.    * Test cron-based CSS file regeneration.
    323. 

  323.    */
    324. 

  324.   public function testHoneypotCssRegenerationOnCron() {
    325. 

  325.     $honeypot_css = honeypot_get_css_file_path();
    326. 

  326. 

  327.     // Delete the Honeypot CSS file (if it exists).
    328. 

  328.     file_unmanaged_delete($honeypot_css);
    329. 

  329. 

  330.     // Make sure the Honeypot CSS file doesn't exist.
    331. 

  331.     $this->assertFalse(file_exists($honeypot_css));
    332. 

  332. 

  333.     // Run cron.
    334. 

  334.     honeypot_cron();
    335. 

  335. 

  336.     // Make sure the Honeypot CSS file exists.
    337. 

  337.     $this->assertTrue(file_exists($honeypot_css));
    338. 

  338.   }
    339. 

  339. 

  340.   /**
    341. 

  341.    * Test cron-based CSS file update.
    342. 

  342.    */
    343. 

  343.   public function testHoneypotCssUpdateOnCron() {
    344. 

  344.     $honeypot_css = honeypot_get_css_file_path();
    345. 

  345.     $original_element_name = variable_get('honeypot_element_name', 'url');
    346. 

  346. 

  347.     // Update the honeypot element name.
    348. 

  348.     variable_set('honeypot_element_name', 'test');
    349. 

  349. 

  350.     // Make sure the Honeypot CSS file still exists.
    351. 

  351.     $this->assertTrue(file_exists($honeypot_css));
    352. 

  352. 

  353.     // Run cron.
    354. 

  354.     honeypot_cron();
    355. 

  355. 

  356.     // Make sure the Honeypot CSS file was updated with the new element name.
    357. 

  357.     $handle = fopen($honeypot_css, 'r');
    358. 

  358.     $contents = fread($handle, filesize($honeypot_css));
    359. 

  359.     fclose($handle);
    360. 

  360.     $updated_element_name_in_css = (strpos($contents, 'test') === 1);
    361. 

  361.     $this->assertTrue($updated_element_name_in_css);
    362. 

  362. 

  363.     // For debug.
    364. 

  364.     $this->verbose($contents);
    365. 

  365. 

  366.     // Revert the honeypot element name back to the original.
    367. 

  367.     variable_set('honeypot_element_name', $original_element_name);
    368. 

  368.   }
    369. 

  369. }
    370. 

  370. 

  371. /**
    372. 

  372.  * Test the functionality of the Honeypot module's integration with Trigger.
    373. 

  373.  */
    374. 

  374. class HoneypotTriggerTestCase extends DrupalWebTestCase {
    375. 

  375.   public static function getInfo() {
    376. 

  376.     return array(
    377. 

  377.       'name' => 'Honeypot Trigger integration',
    378. 

  378.       'description' => 'Ensure that Honeypot triggers events correctly.',
    379. 

  379.       'group' => 'Form API',
    380. 

  380.     );
    381. 

  381.   }
    382. 

  382. 

  383.   public function setUp() {
    384. 

  384.     // Enable modules required for this test.
    385. 

  385.     parent::setUp(array('honeypot', 'trigger'));
    386. 

  386. 

  387.     // Set up required Honeypot variables.
    388. 

  388.     variable_set('honeypot_element_name', 'url');
    389. 

  389.     // Disable time_limit protection.
    390. 

  390.     variable_set('honeypot_time_limit', 0);
    391. 

  391.     // Test protecting all forms.
    392. 

  392.     variable_set('honeypot_protect_all_forms', TRUE);
    393. 

  393.     variable_set('honeypot_log', FALSE);
    394. 

  394. 

  395.     // Set up other required variables.
    396. 

  396.     variable_set('user_email_verification', TRUE);
    397. 

  397.     variable_set('user_register', USER_REGISTER_VISITORS);
    398. 

  398. 

  399.     // Assign new action to Honeypot form rejection Trigger.
    400. 

  400.     db_insert('trigger_assignments')
    401. 

  401.       ->fields(array(
    402. 

  402.         'hook' => 'honeypot_reject',
    403. 

  403.         'aid' => 'system_block_ip_action',
    404. 

  404.         'weight' => 1,
    405. 

  405.       ))
    406. 

  406.       ->execute();
    407. 

  407.   }
    408. 

  408. 

  409.   /**
    410. 

  410.    * Test trigger integration.
    411. 

  411.    */
    412. 

  412.   public function testHoneypotTriggerIntegration() {
    413. 

  413.     // Set up form and submit it.
    414. 

  414.     $edit['name'] = $this->randomName();
    415. 

  415.     $edit['mail'] = $edit['name'] . '@example.com';
    416. 

  416.     $edit['url'] = 'http://www.example.com/';
    417. 

  417.     $this->drupalPost('user/register', $edit, t('Create new account'));
    418. 

  418. 

  419.     // Make sure Honeypot is working.
    420. 

  420.     $this->assertText(t('There was a problem with your form submission.'), 'Honeypot working correctly.');
    421. 

  421. 

  422.     // Visit the home page and make sure the user is banned.
    423. 

  423.     $this->drupalGet('node');
    424. 

  424.     $this->assertText(t('has been banned'), 'User banned successfully.');
    425. 

  425.   }
    426. 

  426. }
    427.