We seem to. have not got a response from the maintainers of this module and it's to weeks old now.
Updated the Baker settings to provide developers with examples of best practices. Also, updated point six of the documentation below to encourage developers to use long encryption keys.
https://www.drupal.org/docs/extending-drupal/contributed-modules/contrib... →
Explaining what is best practice for a encryption key inline with the following issue.
https://www.drupal.org/project/bakery/issues/781014 ✨ Document how to choose a encryption key Closed: outdated
I can't seem to find the bakery_permission hook in the codebase, and I don't think it's being used in the 3.x branch. So, I'm not sure how this could be a security risk. Does anyone have any suggestions.
$ ack bakery_permission
$
purencool → created an issue.
Also added Gitlab CI file so that it can be used.
Cleaned up tests so they are working now. Three tests have been set to markTestIncomplete as they were not working or were not using the keyword "test" at the start of the method.
Testing /var/www/html/web/modules/contrib/bakery/tests
..I.......I...............................I. 44 / 44 (100%)
Time: 00:28.280, Memory: 14.00 MB
OK, but incomplete, skipped, or risky tests!
Tests: 44, Assertions: 128, Incomplete: 3.
Found if a domain has a port number (site.com:
) the functional tests won't work. Because the session believes that the cookie is assign to a different domain.
class BakerySiteTestBase extends BrowserTestBase {
......
public function setUp(): void {
parent::setUp();
$domain = preg_replace('/^[^.]+/', '', rtrim($this->baseUrl, '/'));
$this->domain = preg_replace('/:\d+$/', '', $domain); <--- added this line to remove the port number.
.....
}
Results from the tests below.
$ ../vendor/bin/phpunit -c core ./modules/contrib/bakery/tests/ --group=bakery
PHPUnit 9.6.23 by Sebastian Bergmann and contributors.
Testing /var/www/html/web/modules/contrib/bakery/tests
......E.................................F. 42 / 42 (100%)
Time: 00:19.421, Memory: 14.00 MB
There was 1 error:
purencool → created an issue.
Further testing, after creating a logCatcher method that logs to the tmp directory, shows that the cookie is set but the user page still returns a 403.
This is the new test method.
public function testChocolateChipCookieWorks() {
// Creating user account.
$account = $this->createUser(['access user profiles']);
// Account variables array.
$acc= [
'id' => $account->id(),
'name' => $account->getAccountName(),
'email' => $account->getEmail(),
'init_email' => $account->getInitialEmail(),
];
$this->logCatcher($acc, 'Account Array');
// Create active session.
$assert_session = $this->assertSession();
// Bake a cookie.
$this->bakeCookie(new ChocolateChip($acc['name'] , $acc['email'], $acc['init_email'], '0'));
// List all cookies.
$cookies = $this->getSession()->getDriver()->getClient()->getCookieJar();
$this->logCatcher($cookies, 'Get session cookies using Symfony');
// Checking user login page to see result.
$get_url_response = $this->drupalGet('/user/'. $acc['id']);
$this->logCatcher( [$get_url_response], 'Get url response');
// Test user exists on page.
$assert_session->responseContains($acc['name']);
}
Below are the errors and logs.
PHPUnit 9.6.23 by Sebastian Bergmann and contributors.
Testing Drupal\Tests\bakery\Functional\ChildLoginTest
E. 2 / 2 (100%)
Time: 00:04.651, Memory: 14.00 MB
There was 1 error:
1) Drupal\Tests\bakery\Functional\ChildLoginTest::testChocolateChipCookieWorks
Behat\Mink\Exception\ExpectationException: The string "ghqesupa" was not found anywhere in the HTML response of the current page.
/var/www/html/vendor/behat/mink/src/WebAssert.php:888
/var/www/html/vendor/behat/mink/src/WebAssert.php:363
/var/www/html/web/core/tests/Drupal/Tests/WebAssert.php:558
/var/www/html/web/modules/contrib/bakery/tests/src/Functional/ChildLoginTest.php:47
/var/www/html/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
Logs
$ cat /tmp/php_test.log
Account Array: Array
(
[id] => 2
[name] => ghqesupa
[email] => ghqesupa@example.com
[init_email] =>
)
Get session cookies using Symfony: Symfony\Component\BrowserKit\CookieJar Object
(
[cookieJar:protected] => Array
(
[.ddev.site:8443] => Array
(
[/] => Array
(
[CHOCOLATECHIPSSL] => Symfony\Component\BrowserKit\Cookie Object
(
[name:protected] => CHOCOLATECHIPSSL
[value:protected] => <redacted>
[expires:protected] =>
[path:protected] => /
[domain:protected] => .ddev.site:8443
[secure:protected] =>
[httponly:protected] => 1
[rawValue:protected] = <redacted>
[samesite:Symfony\Component\BrowserKit\Cookie:private] =>
)
)
)
)
)
Get url response: Array
(
[0] => <!DOCTYPE html>
....
<div>
<div data-drupal-messages-fallback class="hidden"></div>
<h1>Access denied</h1>
You are not authorized to access this page.
</div>
</div>
.....
</html>
)
Below is very simple test that checks if the CHOCOLATECHIPSSL exits. In the test below the expectation of the function is to return a cookie exits. However the result is a ways false. If the test is written correctly then other tests in the module may not be a clear barometer as to expected functionality. However this doesn't affect the modules current functionality as seems to work correctly when using Bakery in the Browser.
/**
* @throws \Drupal\Core\Entity\EntityStorageException
* @throws \Behat\Mink\Exception\ExpectationException
*/
public function testChocolateChipCookieWorks() {
$account = $this->createUser(['access user profiles']);
$assert_session = $this->assertSession();
$this->bakeCookie(new ChocolateChip($account->getAccountName() , $account->getEmail(), $account->getInitialEmail(), '1'));
$assert_session->cookieExists(ChocolateChip::getName());
}
The test above produces the following error.
Testing Drupal\Tests\bakery\Functional\ChildLoginTest
E. 2 / 2 (100%)
Time: 00:04.065, Memory: 14.00 MB
There was 1 error:
1) Drupal\Tests\bakery\Functional\ChildLoginTest::testChocolateChipCookieWorks
Behat\Mink\Exception\ExpectationException: Cookie "CHOCOLATECHIPSSL" is not set, but should be.
purencool → created an issue.
Test to see if this still is happening in the latest version.
Test to see if this still is happening in the latest version.
Test to see if this is happening in the latest version.
Test to see if this is happening in the latest version.
Test to see if this still is happening in the latest version.
Test to see if this still is happening in the latest version.
Test to see if this still is happening in the latest version.
Test to see if this still is happening in the latest version.
Test TFA and if it works with bakery.
Add this an option.
Registration really should be done on the parent site. This allows for all data to sync to the child site reducing the likelihood of polluting the dataset.
Update readme.
Test to see if this still is happening in the latest version.
Test to see if this still is happening in the latest version.
Test to see if this functionality works on the latest version.
Test to see if this still happens with the latest version.
https://www.drupal.org/project/bakery/issues/2931396 ✨ Allow for a proxy Host header for requests to master Active