You are here

Home » API reference » User registration password 8 » UserRegistrationPassword.php » UserRegistrationPassword

public function UserRegistrationPassword::testRegistrationWithEmailVerificationAndPassword in User registration password 8

Implements testRegistrationWithEmailVerificationAndPassword().

File

tests/src/Functional/UserRegistrationPassword.php, line 29

Class

UserRegistrationPassword
Functionality tests for User registration password module.

Namespace

Drupal\Tests\user_registrationpassword\Functional

Code

public function testRegistrationWithEmailVerificationAndPassword() {

  // Register a new account.
  $edit = [];
  $edit['name'] = $name = $this
    ->randomMachineName();
  $edit['mail'] = $mail = $edit['name'] . '@example.com';
  $edit['pass[pass1]'] = $new_pass = $this
    ->randomMachineName();
  $edit['pass[pass2]'] = $new_pass;
  $pass = $new_pass;
  $this
    ->drupalPostForm('user/register', $edit, 'Create new account');
  $this
    ->assertSession()
    ->pageTextContains('A welcome message with further instructions has been sent to your email address.');

  // Load the new user.
  $accounts = \Drupal::entityQuery('user')
    ->condition('name', $name)
    ->condition('mail', $mail)
    ->condition('status', 0)
    ->execute();

  /** @var \Drupal\user\UserInterface $account */
  $account = \Drupal::entityTypeManager()
    ->getStorage('user')
    ->load(reset($accounts));

  // Configure some timestamps.
  // We up the timestamp a bit, else the check will fail.
  // The function that checks this uses the execution time
  // and that's always larger in real-life situations
  // (and it fails correctly when you remove the + 5000).
  $requestTime = \Drupal::time()
    ->getRequestTime();
  $timestamp = $requestTime + 5000;
  $test_timestamp = $requestTime;
  $bogus_timestamp = $requestTime - 86500;

  // Check if the account has not been activated.
  $this
    ->assertFalse($account
    ->isActive(), 'New account is blocked until approved via email confirmation. status check.');
  $this
    ->assertEquals(0, $account
    ->getLastLoginTime(), 'New account is blocked until approved via email confirmation. login check.');
  $this
    ->assertEquals(0, $account
    ->getLastAccessedTime(), 'New account is blocked until approved via email confirmation. access check.');

  // Login before activation.
  $auth = [
    'name' => $name,
    'pass' => $pass,
  ];
  $this
    ->drupalPostForm('user/login', $auth, 'Log in');
  $this
    ->assertSession()
    ->pageTextContains('The username ' . $name . ' has not been activated or is blocked.');

  // Timestamp can not be smaller then current. (== registration time).
  // If this is the case, something is really wrong.
  $this
    ->drupalGet("user/registrationpassword/" . $account
    ->id() . "/{$test_timestamp}/" . user_pass_rehash($account, $test_timestamp));
  $this
    ->assertSession()
    ->pageTextContains('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');

  // Fake key combi.
  $this
    ->drupalGet("user/registrationpassword/" . $account
    ->id() . "/{$timestamp}/" . user_pass_rehash($account, $bogus_timestamp));
  $this
    ->assertSession()
    ->pageTextContains('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');

  // Fake timestamp.
  $this
    ->drupalGet("user/registrationpassword/" . $account
    ->id() . "/{$bogus_timestamp}/" . user_pass_rehash($account, $timestamp));
  $this
    ->assertSession()
    ->pageTextContains('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');

  // Wrong password.
  $account_cloned = clone $account;
  $account_cloned
    ->setPassword('boguspass');
  $this
    ->drupalGet("user/registrationpassword/" . $account
    ->id() . "/{$timestamp}/" . user_pass_rehash($account_cloned, $timestamp));
  $this
    ->assertSession()
    ->pageTextContains('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');

  // Attempt to use the activation link.
  $this
    ->drupalGet("user/registrationpassword/" . $account
    ->id() . "/{$timestamp}/" . user_pass_rehash($account, $timestamp));
  $this
    ->assertSession()
    ->pageTextContains('You have just used your one-time login link. Your account is now active and you are authenticated.');

  // Attempt to use the activation link again.
  $this
    ->drupalGet("user/registrationpassword/" . $account
    ->id() . "/{$timestamp}/" . user_pass_rehash($account, $timestamp));
  $this
    ->assertSession()
    ->pageTextContains('You are currently authenticated as user ' . $account
    ->getAccountName() . '.');

  // Logout the user.
  $this
    ->drupalLogout();

  // Then attempt to use the activation link yet again.
  $this
    ->drupalGet("user/registrationpassword/" . $account
    ->id() . "/{$timestamp}/" . user_pass_rehash($account, $timestamp));
  $this
    ->assertSession()
    ->pageTextContains('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');

  // And then try to do normal login.
  $auth = [
    'name' => $name,
    'pass' => $pass,
  ];
  $this
    ->drupalPostForm('user/login', $auth, 'Log in');
  $this
    ->assertSession()
    ->pageTextContains('Member for');
}