function UserPasswordResetTest::testUserPasswordReset in Zircon Profile 8.0
Same name and namespace in other branches
- 8 core/modules/user/src/Tests/UserPasswordResetTest.php \Drupal\user\Tests\UserPasswordResetTest::testUserPasswordReset()
Tests password reset functionality.
File
- core/
modules/ user/ src/ Tests/ UserPasswordResetTest.php, line 75 - Contains \Drupal\user\Tests\UserPasswordResetTest.
Class
- UserPasswordResetTest
- Ensure that password reset methods work as expected.
Namespace
Drupal\user\TestsCode
function testUserPasswordReset() {
// Try to reset the password for an invalid account.
$this
->drupalGet('user/password');
$edit = array(
'name' => $this
->randomMachineName(32),
);
$this
->drupalPostForm(NULL, $edit, t('Submit'));
$this
->assertText(t('@name is not recognized as a username or an email address.', array(
'@name' => $edit['name'],
)), 'Validation error message shown when trying to request password for invalid account.');
$this
->assertEqual(count($this
->drupalGetMails(array(
'id' => 'user_password_reset',
))), 0, 'No email was sent when requesting a password for an invalid account.');
// Reset the password by username via the password reset page.
$edit['name'] = $this->account
->getUsername();
$this
->drupalPostForm(NULL, $edit, t('Submit'));
// Verify that the user was sent an email.
$this
->assertMail('to', $this->account
->getEmail(), 'Password email sent to user.');
$subject = t('Replacement login information for @username at @site', array(
'@username' => $this->account
->getUsername(),
'@site' => $this
->config('system.site')
->get('name'),
));
$this
->assertMail('subject', $subject, 'Password reset email subject is correct.');
$resetURL = $this
->getResetURL();
$this
->drupalGet($resetURL);
$this
->assertFalse($this
->drupalGetHeader('X-Drupal-Cache'));
// Ensure the password reset URL is not cached.
$this
->drupalGet($resetURL);
$this
->assertFalse($this
->drupalGetHeader('X-Drupal-Cache'));
// Check the one-time login page.
$this
->assertText($this->account
->getUsername(), 'One-time login page contains the correct username.');
$this
->assertText(t('This login can be used only once.'), 'Found warning about one-time login.');
$this
->assertTitle(t('Reset password | Drupal'), 'Page title is "Reset password".');
// Check successful login.
$this
->drupalPostForm(NULL, NULL, t('Log in'));
$this
->assertLink(t('Log out'));
$this
->assertTitle(t('@name | @site', array(
'@name' => $this->account
->getUsername(),
'@site' => $this
->config('system.site')
->get('name'),
)), 'Logged in using password reset link.');
// Make sure the ajax request from uploading a user picture does not
// invalidate the reset token.
$image = current($this
->drupalGetTestFiles('image'));
$edit = array(
'files[user_picture_0]' => drupal_realpath($image->uri),
);
$this
->drupalPostAjaxForm(NULL, $edit, 'user_picture_0_upload_button');
// Change the forgotten password.
$password = user_password();
$edit = array(
'pass[pass1]' => $password,
'pass[pass2]' => $password,
);
$this
->drupalPostForm(NULL, $edit, t('Save'));
$this
->assertText(t('The changes have been saved.'), 'Forgotten password changed.');
// Verify that the password reset session has been destroyed.
$this
->drupalPostForm(NULL, $edit, t('Save'));
$this
->assertText(t('Your current password is missing or incorrect; it\'s required to change the Password.'), 'Password needed to make profile changes.');
// Log out, and try to log in again using the same one-time link.
$this
->drupalLogout();
$this
->drupalGet($resetURL);
$this
->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.');
// Request a new password again, this time using the email address.
$this
->drupalGet('user/password');
// Count email messages before to compare with after.
$before = count($this
->drupalGetMails(array(
'id' => 'user_password_reset',
)));
$edit = array(
'name' => $this->account
->getEmail(),
);
$this
->drupalPostForm(NULL, $edit, t('Submit'));
$this
->assertTrue(count($this
->drupalGetMails(array(
'id' => 'user_password_reset',
))) === $before + 1, 'Email sent when requesting password reset using email address.');
// Create a password reset link as if the request time was 60 seconds older than the allowed limit.
$timeout = $this
->config('user.settings')
->get('password_reset_timeout');
$bogus_timestamp = REQUEST_TIME - $timeout - 60;
$_uid = $this->account
->id();
$this
->drupalGet("user/reset/{$_uid}/{$bogus_timestamp}/" . user_pass_rehash($this->account, $bogus_timestamp));
$this
->assertText(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.');
// Create a user, block the account, and verify that a login link is denied.
$timestamp = REQUEST_TIME - 1;
$blocked_account = $this
->drupalCreateUser()
->block();
$blocked_account
->save();
$this
->drupalGet("user/reset/" . $blocked_account
->id() . "/{$timestamp}/" . user_pass_rehash($blocked_account, $timestamp));
$this
->assertResponse(403);
// Verify a blocked user can not request a new password.
$this
->drupalGet('user/password');
// Count email messages before to compare with after.
$before = count($this
->drupalGetMails(array(
'id' => 'user_password_reset',
)));
$edit = array(
'name' => $blocked_account
->getUsername(),
);
$this
->drupalPostForm(NULL, $edit, t('Submit'));
$this
->assertRaw(t('%name is blocked or has not been activated yet.', array(
'%name' => $blocked_account
->getUsername(),
)), 'Notified user blocked accounts can not request a new password');
$this
->assertTrue(count($this
->drupalGetMails(array(
'id' => 'user_password_reset',
))) === $before, 'No email was sent when requesting password reset for a blocked account');
// Verify a password reset link is invalidated when the user's email address changes.
$this
->drupalGet('user/password');
$edit = array(
'name' => $this->account
->getUsername(),
);
$this
->drupalPostForm(NULL, $edit, t('Submit'));
$old_email_reset_link = $this
->getResetURL();
$this->account
->setEmail("1" . $this->account
->getEmail());
$this->account
->save();
$this
->drupalGet($old_email_reset_link);
$this
->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.');
}