function UserPasswordResetTestCase::testUserPasswordResetLoggedIn in Drupal 7
Test user password reset while logged in.
1 call to UserPasswordResetTestCase::testUserPasswordResetLoggedIn()
- UserPasswordResetTestCase::testUserDirectLogin in modules/
user/ user.test - Test direct login link that bypasses the password reset form.
File
- modules/
user/ user.test, line 685 - Tests for user.module.
Class
- UserPasswordResetTestCase
- Tests resetting a user password.
Code
function testUserPasswordResetLoggedIn($use_direct_login_link = FALSE) {
$another_account = $this
->drupalCreateUser();
$account = $this
->drupalCreateUser();
$this
->drupalLogin($account);
// Make sure the test account has a valid password.
user_save($account, array(
'pass' => user_password(),
));
// Try to use the login link while logged in as a different user.
// Generate one time login link.
$reset_url = $this
->generateResetURL($another_account, $use_direct_login_link);
$this
->drupalGet($reset_url);
$this
->assertRaw(t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href="!logout">logout</a> and try using the link again.', array(
'%other_user' => $account->name,
'%resetting_user' => $another_account->name,
'!logout' => url('user/logout'),
)));
// Test the link for a deleted user while logged in.
user_delete($another_account->uid);
$this
->drupalGet($reset_url);
$this
->assertText('The one-time login link you clicked is invalid.');
// Generate a one time login link for the logged-in user.
$fapi_action = $use_direct_login_link ? 'build' : 'submit';
variable_del("user_test_pass_reset_form_{$fapi_action}_{$account->uid}");
$reset_url = $this
->generateResetURL($account, $use_direct_login_link);
$this
->drupalGet($reset_url);
if ($use_direct_login_link) {
// The form is never fully built; user is logged out (session destroyed)
// and redirected to the same URL, then logged in again and redirected
// during form build.
$form_built = variable_get("user_test_pass_reset_form_build_{$account->uid}", FALSE);
$this
->assertTrue(!$form_built, 'The password reset form was never fully built.');
}
else {
$this
->assertUrl($this
->getConfirmURL($reset_url), array(), 'The user is redirected to the reset password confirm form.');
$this
->assertText('Reset password');
$this
->drupalPost(NULL, NULL, t('Log in'));
// The form was fully processed before redirecting.
$form_submit_handled = variable_get("user_test_pass_reset_form_submit_{$account->uid}", FALSE);
$this
->assertTrue($form_submit_handled, 'A custom submit handler executed.');
}
$this
->assertText('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.');
// The user can change the forgotten password on the page they are
// redirected to.
$pass = user_password();
$edit = array(
'pass[pass1]' => $pass,
'pass[pass2]' => $pass,
);
$this
->drupalPost(NULL, $edit, t('Save'));
$this
->assertText('The changes have been saved.');
}