3 namespace Drupal\user\Tests;
6 use Drupal\rest\Tests\RESTTestBase;
7 use Drupal\user\Entity\Role;
8 use Drupal\user\RoleInterface;
11 * Tests user registration via REST resource.
15 class RestRegisterUserTest extends RESTTestBase {
20 public static $modules = ['hal'];
25 public function setUp() {
28 $this->enableService('user_registration', 'POST', 'hal_json');
30 Role::load(RoleInterface::ANONYMOUS_ID)
31 ->grantPermission('restful post user_registration')
34 Role::load(RoleInterface::AUTHENTICATED_ID)
35 ->grantPermission('restful post user_registration')
40 * Tests that only anonymous users can register users.
42 public function testRegisterUser() {
43 // Verify that an authenticated user cannot register a new user, despite
44 // being granted permission to do so because only anonymous users can
45 // register themselves, authenticated users with the necessary permissions
46 // can POST a new user to the "user" REST resource.
47 $user = $this->createUser();
48 $this->drupalLogin($user);
49 $this->registerRequest('palmer.eldritch');
50 $this->assertResponse('403', 'Only anonymous users can register users.');
51 $this->drupalLogout();
53 $user_settings = $this->config('user.settings');
55 // Test out different setting User Registration and Email Verification.
56 // Allow visitors to register with no email verification.
57 $user_settings->set('register', USER_REGISTER_VISITORS);
58 $user_settings->set('verify_mail', 0);
59 $user_settings->save();
60 $user = $this->registerUser('Palmer.Eldritch');
61 $this->assertFalse($user->isBlocked());
62 $this->assertFalse(empty($user->getPassword()));
63 $email_count = count($this->drupalGetMails());
64 $this->assertEqual(0, $email_count);
66 // Attempt to register without sending a password.
67 $this->registerRequest('Rick.Deckard', FALSE);
68 $this->assertResponse('422', 'No password provided');
70 // Allow visitors to register with email verification.
71 $user_settings->set('register', USER_REGISTER_VISITORS);
72 $user_settings->set('verify_mail', 1);
73 $user_settings->save();
74 $user = $this->registerUser('Jason.Taverner', FALSE);
75 $this->assertTrue(empty($user->getPassword()));
76 $this->assertTrue($user->isBlocked());
77 $this->assertMailString('body', 'You may now log in by clicking this link', 1);
79 // Attempt to register with a password when e-mail verification is on.
80 $this->registerRequest('Estraven', TRUE);
81 $this->assertResponse('422', 'A Password cannot be specified. It will be generated on login.');
83 // Allow visitors to register with Admin approval and e-mail verification.
84 $user_settings->set('register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
85 $user_settings->set('verify_mail', 1);
86 $user_settings->save();
87 $user = $this->registerUser('Bob.Arctor', FALSE);
88 $this->assertTrue(empty($user->getPassword()));
89 $this->assertTrue($user->isBlocked());
90 $this->assertMailString('body', 'Your application for an account is', 2);
91 $this->assertMailString('body', 'Bob.Arctor has applied for an account', 2);
93 // Attempt to register with a password when e-mail verification is on.
94 $this->registerRequest('Ursula', TRUE);
95 $this->assertResponse('422', 'A Password cannot be specified. It will be generated on login.');
97 // Allow visitors to register with Admin approval and no email verification.
98 $user_settings->set('register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
99 $user_settings->set('verify_mail', 0);
100 $user_settings->save();
101 $user = $this->registerUser('Argaven');
102 $this->assertFalse(empty($user->getPassword()));
103 $this->assertTrue($user->isBlocked());
104 $this->assertMailString('body', 'Your application for an account is', 2);
105 $this->assertMailString('body', 'Argaven has applied for an account', 2);
107 // Attempt to register without sending a password.
108 $this->registerRequest('Tibe', FALSE);
109 $this->assertResponse('422', 'No password provided');
113 * Creates serialize user values.
115 * @param string $name
116 * The name of the user. Use only valid values for emails.
118 * @param bool $include_password
119 * Whether to include a password in the user values.
122 * Serialized user values.
124 protected function createSerializedUser($name, $include_password = TRUE) {
126 // New user info to be serialized.
128 "_links" => ["type" => ["href" => $base_url . "/rest/type/user/user"]],
129 "langcode" => [["value" => "en"]],
130 "name" => [["value" => $name]],
131 "mail" => [["value" => "$name@example.com"]],
133 if ($include_password) {
134 $data['pass']['value'] = 'SuperSecretPassword';
137 // Create a HAL+JSON version for the user entity we want to create.
138 $serialized = $this->container->get('serializer')
139 ->serialize($data, 'hal_json');
144 * Registers a user via REST resource.
149 * @param bool $include_password
151 * @return bool|\Drupal\user\Entity\User
153 protected function registerUser($name, $include_password = TRUE) {
154 // Verify that an anonymous user can register.
155 $this->registerRequest($name, $include_password);
156 $this->assertResponse('200', 'HTTP response code is correct.');
157 $user = user_load_by_name($name);
158 $this->assertFalse(empty($user), 'User was create as expected');
163 * Make a REST user registration request.
166 * @param $include_password
168 protected function registerRequest($name, $include_password = TRUE) {
169 $serialized = $this->createSerializedUser($name, $include_password);
170 $this->httpRequest(Url::fromRoute('rest.user_registration.POST', ['_format' => 'hal_json']), 'POST', $serialized, 'application/hal+json');