public function UserPasswordResetTest::testUserPasswordResetLoggedIn in Drupal 10
Same name and namespace in other branches
- 8 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserPasswordResetLoggedIn()
- 9 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserPasswordResetLoggedIn()
Tests user password reset while logged in.
File
- core/
modules/ user/ tests/ src/ Functional/ UserPasswordResetTest.php, line 322
Class
- UserPasswordResetTest
- Ensure that password reset methods work as expected.
Namespace
Drupal\Tests\user\FunctionalCode
public function testUserPasswordResetLoggedIn() {
$another_account = $this
->drupalCreateUser();
$this
->drupalLogin($another_account);
$this
->drupalGet('user/password');
$this
->submitForm([], 'Submit');
// Click the reset URL while logged and change our password.
$resetURL = $this
->getResetURL();
// Log in as a different user.
$this
->drupalLogin($this->account);
$this
->drupalGet($resetURL);
$this
->assertSession()
->pageTextContains("Another user ({$this->account->getAccountName()}) is already logged into the site on this computer, but you tried to use a one-time link for user {$another_account->getAccountName()}. Please log out and try using the link again.");
$this
->assertSession()
->linkExists('log out');
$this
->assertSession()
->linkByHrefExists(Url::fromRoute('user.logout')
->toString());
$another_account
->delete();
$this
->drupalGet($resetURL);
$this
->assertSession()
->pageTextContains('The one-time login link you clicked is invalid.');
// Log in.
$this
->drupalLogin($this->account);
// Reset the password by username via the password reset page.
$this
->drupalGet('user/password');
$this
->submitForm([], 'Submit');
// Click the reset URL while logged and change our password.
$resetURL = $this
->getResetURL();
$this
->drupalGet($resetURL);
$this
->submitForm([], 'Log in');
// Change the password.
$password = \Drupal::service('password_generator')
->generate();
$edit = [
'pass[pass1]' => $password,
'pass[pass2]' => $password,
];
$this
->submitForm($edit, 'Save');
$this
->assertSession()
->pageTextContains('The changes have been saved.');
// Logged in users should not be able to access the user.reset.login or the
// user.reset.form routes.
$timestamp = REQUEST_TIME - 1;
$this
->drupalGet("user/reset/" . $this->account
->id() . "/{$timestamp}/" . user_pass_rehash($this->account, $timestamp) . '/login');
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet("user/reset/" . $this->account
->id());
$this
->assertSession()
->statusCodeEquals(403);
}