You are here

Home » API reference » Drupal 7 » user.test » UserPasswordResetTestCase

function UserPasswordResetTestCase::testUserPasswordReset in Drupal 7

Tests password reset functionality.

1 call to UserPasswordResetTestCase::testUserPasswordReset()
UserPasswordResetTestCase::testUserDirectLogin in modules/user/user.test
Test direct login link that bypasses the password reset form.

File

modules/user/user.test, line 529
Tests for user.module.

Class

UserPasswordResetTestCase
Tests resetting a user password.

Code

function testUserPasswordReset($use_direct_login_link = FALSE) {

  // Create a user.
  $account = $this
    ->drupalCreateUser();
  $this
    ->drupalLogin($account);
  $this
    ->drupalLogout();

  // Attempt to reset password.
  $edit = array(
    'name' => $account->name,
  );
  $this
    ->drupalPost('user/password', $edit, t('E-mail new password'));

  // Confirm the password reset.
  $this
    ->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.');

  // Ensure that flood control was not triggered.
  $this
    ->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by single password reset.');

  // Create an image field to enable an Ajax request on the user profile page.
  $field = array(
    'field_name' => 'field_avatar',
    'type' => 'image',
    'settings' => array(),
    'cardinality' => 1,
  );
  field_create_field($field);
  $instance = array(
    'field_name' => $field['field_name'],
    'entity_type' => 'user',
    'label' => 'Avatar',
    'bundle' => 'user',
    'required' => FALSE,
    'settings' => array(),
    'widget' => array(
      'type' => 'image_image',
      'settings' => array(),
    ),
  );
  field_create_instance($instance);
  variable_del("user_test_pass_reset_form_submit_{$account->uid}");
  $resetURL = $this
    ->getResetURL($use_direct_login_link);
  $this
    ->drupalGet($resetURL);

  // Check successful login.
  if (!$use_direct_login_link) {
    $this
      ->assertUrl($this
      ->getConfirmURL($resetURL), array(), 'The user is redirected to the reset password confirm form.');
    $this
      ->drupalPost(NULL, NULL, t('Log in'));

    // The form was fully processed before redirecting.
    $form_submit_handled = variable_get("user_test_pass_reset_form_submit_{$account->uid}", FALSE);
    $this
      ->assertTrue($form_submit_handled, 'A custom submit handler executed.');
  }
  $this
    ->assertText('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.');

  // Make sure the Ajax request from uploading a file does not invalidate the
  // reset token.
  $image = current($this
    ->drupalGetTestFiles('image'));
  $edit = array(
    'files[field_avatar_und_0]' => drupal_realpath($image->uri),
  );
  $this
    ->drupalPostAJAX(NULL, $edit, 'field_avatar_und_0_upload_button');

  // Change the forgotten password.
  $password = user_password();
  $edit = array(
    'pass[pass1]' => $password,
    'pass[pass2]' => $password,
  );
  $this
    ->drupalPost(NULL, $edit, t('Save'));
  $this
    ->assertText(t('The changes have been saved.'), 'Forgotten password changed.');

  // Ensure blocked and deleted accounts can't access the direct login link.
  $this
    ->drupalLogout();
  $reset_url = $this
    ->generateResetURL($account, $use_direct_login_link);
  user_save($account, array(
    'status' => 0,
  ));
  $this
    ->drupalGet($reset_url);
  $this
    ->assertResponse(403);
  user_delete($account->uid);
  $this
    ->drupalGet($reset_url);
  $this
    ->assertResponse(403);
}