public function UserPasswordResetTest::testUserPasswordResetLoggedIn in Drupal 8
Same name and namespace in other branches
- 9 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserPasswordResetLoggedIn()
Test user password reset while logged in.
File
- core/
modules/ user/ tests/ src/ Functional/ UserPasswordResetTest.php, line 224
Class
- UserPasswordResetTest
- Ensure that password reset methods work as expected.
Namespace
Drupal\Tests\user\FunctionalCode
public function testUserPasswordResetLoggedIn() {
$another_account = $this
->drupalCreateUser();
$this
->drupalLogin($another_account);
$this
->drupalGet('user/password');
$this
->drupalPostForm(NULL, NULL, t('Submit'));
// Click the reset URL while logged and change our password.
$resetURL = $this
->getResetURL();
// Log in as a different user.
$this
->drupalLogin($this->account);
$this
->drupalGet($resetURL);
$this
->assertRaw(new FormattableMarkup('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href=":logout">log out</a> and try using the link again.', [
'%other_user' => $this->account
->getAccountName(),
'%resetting_user' => $another_account
->getAccountName(),
':logout' => Url::fromRoute('user.logout')
->toString(),
]));
$another_account
->delete();
$this
->drupalGet($resetURL);
$this
->assertText('The one-time login link you clicked is invalid.');
// Log in.
$this
->drupalLogin($this->account);
// Reset the password by username via the password reset page.
$this
->drupalGet('user/password');
$this
->drupalPostForm(NULL, NULL, t('Submit'));
// Click the reset URL while logged and change our password.
$resetURL = $this
->getResetURL();
$this
->drupalGet($resetURL);
$this
->drupalPostForm(NULL, NULL, t('Log in'));
// Change the password.
$password = user_password();
$edit = [
'pass[pass1]' => $password,
'pass[pass2]' => $password,
];
$this
->drupalPostForm(NULL, $edit, t('Save'));
$this
->assertText(t('The changes have been saved.'), 'Password changed.');
// Logged in users should not be able to access the user.reset.login or the
// user.reset.form routes.
$timestamp = REQUEST_TIME - 1;
$this
->drupalGet("user/reset/" . $this->account
->id() . "/{$timestamp}/" . user_pass_rehash($this->account, $timestamp) . '/login');
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet("user/reset/" . $this->account
->id());
$this
->assertSession()
->statusCodeEquals(403);
}