Home Explore Help
Sign In
bachir
/
materio-base-d7
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: feb93503b6
Branches Tags
materio-base-d7
/
sites
/
all
/
modules
/
contrib
/
form
/
honeypot
/
honeypot.test

honeypot.test 7.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @file
    5. 

  5.  * Testing for Honeypot module.
    6. 

  6.  */
    7. 

  7. 

  8. /**
    9. 

  9.  * Test the functionality of the Honeypot module for an admin user.
    10. 

  10.  */
    11. 

  11. class HoneypotFormTestCase extends DrupalWebTestCase {
    12. 

  12.   protected $adminUser;
    13. 

  13.   protected $webUser;
    14. 

  14.   protected $node;
    15. 

  15. 

  16.   public static function getInfo() {
    17. 

  17.     return array(
    18. 

  18.       'name' => 'Honeypot form protections',
    19. 

  19.       'description' => 'Ensure that Honeypot protects site forms properly.',
    20. 

  20.       'group' => 'Form API',
    21. 

  21.     );
    22. 

  22.   }
    23. 

  23. 

  24.   public function setUp() {
    25. 

  25.     // Enable modules required for this test.
    26. 

  26.     parent::setUp(array('honeypot', 'comment'));
    27. 

  27. 

  28.     // Set up required Honeypot variables.
    29. 

  29.     variable_set('honeypot_element_name', 'url');
    30. 

  30.     // Disable time_limit protection.
    31. 

  31.     variable_set('honeypot_time_limit', 0);
    32. 

  32.     // Test protecting all forms.
    33. 

  33.     variable_set('honeypot_protect_all_forms', TRUE);
    34. 

  34.     variable_set('honeypot_log', FALSE);
    35. 

  35. 

  36.     // Set up other required variables.
    37. 

  37.     variable_set('user_email_verification', TRUE);
    38. 

  38.     variable_set('user_register', USER_REGISTER_VISITORS);
    39. 

  39. 

  40.     // Set up admin user.
    41. 

  41.     $this->adminUser = $this->drupalCreateUser(array(
    42. 

  42.       'administer honeypot',
    43. 

  43.       'bypass honeypot protection',
    44. 

  44.       'administer content types',
    45. 

  45.       'administer users',
    46. 

  46.       'access comments',
    47. 

  47.       'post comments',
    48. 

  48.       'skip comment approval',
    49. 

  49.       'administer comments',
    50. 

  50.     ));
    51. 

  51. 

  52.     // Set up web user.
    53. 

  53.     $this->webUser = $this->drupalCreateUser(array(
    54. 

  54.       'access comments',
    55. 

  55.       'post comments',
    56. 

  56.       'create article content',
    57. 

  57.     ));
    58. 

  58. 

  59.     // Set up example node.
    60. 

  60.     $this->node = $this->drupalCreateNode(array(
    61. 

  61.       'type' => 'article',
    62. 

  62.       'promote' => 1,
    63. 

  63.       'uid' => $this->webUser->uid,
    64. 

  64.     ));
    65. 

  65.   }
    66. 

  66. 

  67.   /**
    68. 

  68.    * Test user registration (anonymous users).
    69. 

  69.    */
    70. 

  70.   public function testProtectRegisterUserNormal() {
    71. 

  71.     // Set up form and submit it.
    72. 

  72.     $edit['name'] = $this->randomName();
    73. 

  73.     $edit['mail'] = $edit['name'] . '@example.com';
    74. 

  74.     $this->drupalPost('user/register', $edit, t('Create new account'));
    75. 

  75. 

  76.     // Form should have been submitted successfully.
    77. 

  77.     $this->assertText(t('A welcome message with further instructions has been sent to your e-mail address.'), 'User registered successfully.');
    78. 

  78.   }
    79. 

  79. 

  80.   public function testProtectUserRegisterHoneypotFilled() {
    81. 

  81.     // Set up form and submit it.
    82. 

  82.     $edit['name'] = $this->randomName();
    83. 

  83.     $edit['mail'] = $edit['name'] . '@example.com';
    84. 

  84.     $edit['url'] = 'http://www.example.com/';
    85. 

  85.     $this->drupalPost('user/register', $edit, t('Create new account'));
    86. 

  86. 

  87.     // Form should have error message.
    88. 

  88.     $this->assertText(t('There was a problem with your form submission. Please refresh the page and try again.'), 'Registration form protected by honeypot.');
    89. 

  89.   }
    90. 

  90. 

  91.   public function testProtectRegisterUserTooFast() {
    92. 

  92.     // Enable time limit for honeypot.
    93. 

  93.     variable_set('honeypot_time_limit', 5);
    94. 

  94. 

  95.     // Set up form and submit it.
    96. 

  96.     $edit['name'] = $this->randomName();
    97. 

  97.     $edit['mail'] = $edit['name'] . '@example.com';
    98. 

  98.     $this->drupalPost('user/register', $edit, t('Create new account'));
    99. 

  99. 

  100.     // Form should have error message.
    101. 

  101.     $this->assertText(t('There was a problem with your form submission. Please wait 6 seconds and try again.'), 'Registration form protected by time limit.');
    102. 

  102.   }
    103. 

  103. 

  104.   /**
    105. 

  105.    * Test comment form protection.
    106. 

  106.    */
    107. 

  107.   public function testProtectCommentFormNormal() {
    108. 

  108.     $comment = 'Test comment.';
    109. 

  109. 

  110.     // Disable time limit for honeypot.
    111. 

  111.     variable_set('honeypot_time_limit', 0);
    112. 

  112. 

  113.     // Log in the web user.
    114. 

  114.     $this->drupalLogin($this->webUser);
    115. 

  115. 

  116.     // Set up form and submit it.
    117. 

  117.     $edit['comment_body[' . LANGUAGE_NONE . '][0][value]'] = $comment;
    118. 

  118.     $this->drupalPost('comment/reply/' . $this->node->nid, $edit, t('Save'));
    119. 

  119.     $this->assertText(t('Your comment has been posted.'), 'Comment posted successfully.');
    120. 

  120.   }
    121. 

  121. 

  122.   public function testProtectCommentFormHoneypotFilled() {
    123. 

  123.     $comment = 'Test comment.';
    124. 

  124. 

  125.     // Log in the web user.
    126. 

  126.     $this->drupalLogin($this->webUser);
    127. 

  127. 

  128.     // Set up form and submit it.
    129. 

  129.     $edit['comment_body[' . LANGUAGE_NONE . '][0][value]'] = $comment;
    130. 

  130.     $edit['url'] = 'http://www.example.com/';
    131. 

  131.     $this->drupalPost('comment/reply/' . $this->node->nid, $edit, t('Save'));
    132. 

  132.     $this->assertText(t('There was a problem with your form submission. Please refresh the page and try again.'), 'Comment posted successfully.');
    133. 

  133.   }
    134. 

  134. 

  135.   public function testProtectCommentFormHoneypotBypass() {
    136. 

  136.     // Log in the admin user.
    137. 

  137.     $this->drupalLogin($this->adminUser);
    138. 

  138. 

  139.     // Get the comment reply form and ensure there's no 'url' field.
    140. 

  140.     $this->drupalGet('comment/reply/' . $this->node->nid);
    141. 

  141.     $this->assertNoText('id="edit-url" name="url"', 'Honeypot home page field not shown.');
    142. 

  142.   }
    143. 

  143. 

  144.   /**
    145. 

  145.    * Test node form protection.
    146. 

  146.    */
    147. 

  147.   public function testProtectNodeFormTooFast() {
    148. 

  148.     // Log in the admin user.
    149. 

  149.     $this->drupalLogin($this->webUser);
    150. 

  150. 

  151.     // Reset the time limit to 5 seconds.
    152. 

  152.     variable_set('honeypot_time_limit', 5);
    153. 

  153. 

  154.     // Set up the form and submit it.
    155. 

  155.     $edit["title"] = 'Test Page';
    156. 

  156.     $this->drupalPost('node/add/article', $edit, t('Save'));
    157. 

  157.     $this->assertText(t('There was a problem with your form submission.'), 'Honeypot node form timestamp protection works.');
    158. 

  158.   }
    159. 

  159. 

  160.   /**
    161. 

  161.    * Test node form protection.
    162. 

  162.    */
    163. 

  163.   public function testProtectNodeFormPreviewPassthru() {
    164. 

  164.     // Log in the admin user.
    165. 

  165.     $this->drupalLogin($this->webUser);
    166. 

  166. 

  167.     // Post a node form using the 'Preview' button and make sure it's allowed.
    168. 

  168.     $edit["title"] = 'Test Page';
    169. 

  169.     $this->drupalPost('node/add/article', $edit, t('Preview'));
    170. 

  170.     $this->assertNoText(t('There was a problem with your form submission.'), 'Honeypot not blocking node form previews.');
    171. 

  171.   }
    172. 

  172. }
    173. 

  173. 

  174. /**
    175. 

  175.  * Test the functionality of the Honeypot module's integration with Trigger.
    176. 

  176.  */
    177. 

  177. class HoneypotTriggerTestCase extends DrupalWebTestCase {
    178. 

  178.   public static function getInfo() {
    179. 

  179.     return array(
    180. 

  180.       'name' => 'Honeypot Trigger integration',
    181. 

  181.       'description' => 'Ensure that Honeypot triggers events correctly.',
    182. 

  182.       'group' => 'Form API',
    183. 

  183.     );
    184. 

  184.   }
    185. 

  185. 

  186.   public function setUp() {
    187. 

  187.     // Enable modules required for this test.
    188. 

  188.     parent::setUp(array('honeypot', 'trigger'));
    189. 

  189. 

  190.     // Set up required Honeypot variables.
    191. 

  191.     variable_set('honeypot_element_name', 'url');
    192. 

  192.     // Disable time_limit protection.
    193. 

  193.     variable_set('honeypot_time_limit', 0);
    194. 

  194.     // Test protecting all forms.
    195. 

  195.     variable_set('honeypot_protect_all_forms', TRUE);
    196. 

  196.     variable_set('honeypot_log', FALSE);
    197. 

  197. 

  198.     // Set up other required variables.
    199. 

  199.     variable_set('user_email_verification', TRUE);
    200. 

  200.     variable_set('user_register', USER_REGISTER_VISITORS);
    201. 

  201. 

  202.     // Assign new action to Honeypot form rejection Trigger.
    203. 

  203.     db_insert('trigger_assignments')
    204. 

  204.       ->fields(array(
    205. 

  205.         'hook' => 'honeypot_reject',
    206. 

  206.         'aid' => 'system_block_ip_action',
    207. 

  207.         'weight' => 1,
    208. 

  208.       ))
    209. 

  209.       ->execute();
    210. 

  210.   }
    211. 

  211. 

  212.   /**
    213. 

  213.    * Test trigger integration.
    214. 

  214.    */
    215. 

  215.   public function testHoneypotTriggerIntegration() {
    216. 

  216.     // Set up form and submit it.
    217. 

  217.     $edit['name'] = $this->randomName();
    218. 

  218.     $edit['mail'] = $edit['name'] . '@example.com';
    219. 

  219.     $edit['url'] = 'http://www.example.com/';
    220. 

  220.     $this->drupalPost('user/register', $edit, t('Create new account'));
    221. 

  221. 

  222.     // Make sure Honeypot is working.
    223. 

  223.     $this->assertText(t('There was a problem with your form submission.'), 'Honeypot working correctly.');
    224. 

  224. 

  225.     // Visit the home page and make sure the user is banned.
    226. 

  226.     $this->drupalGet('node');
    227. 

  227.     $this->assertText(t('has been banned'), 'User banned successfully.');
    228. 

  228.   }
    229. 

  229. }
    230.