UserPasswordResetTest.php 5.93 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
<?php

/**
 * @file
 * Definition of Drupal\user\Tests\UserPasswordResetTest.
 */

namespace Drupal\user\Tests;

use Drupal\simpletest\WebTestBase;

/**
13
14
15
 * Ensure that password reset methods work as expected.
 *
 * @group user
16
17
 */
class UserPasswordResetTest extends WebTestBase {
18
19
20
  /**
   * The user object to test password resetting.
   *
21
   * @var \Drupal\user\UserInterface
22
23
   */
  protected $account;
24

25
26
27
  public function setUp() {
    parent::setUp();

28
29
    // Create a user.
    $account = $this->drupalCreateUser();
30
31

    // Activate user by logging in.
32
    $this->drupalLogin($account);
33

34
    $this->account = user_load($account->id());
35
    $this->drupalLogout();
36
37
38
39
40

    // Set the last login time that is used to generate the one-time link so
    // that it is definitely over a second ago.
    $account->login = REQUEST_TIME - mt_rand(10, 100000);
    db_update('users')
41
      ->fields(array('login' => $account->getLastLoginTime()))
42
      ->condition('uid', $account->id())
43
      ->execute();
44
45
46
  }

  /**
47
   * Tests password reset functionality.
48
   */
49
50
51
52
53
  function testUserPasswordReset() {
    // Try to reset the password for an invalid account.
    $this->drupalGet('user/password');

    $edit = array('name' => $this->randomName(32));
54
    $this->drupalPostForm(NULL, $edit, t('Email new password'));
55

56
57
    $this->assertText(t('Sorry, @name is not recognized as a username or an email address.', array('@name' => $edit['name'])), 'Validation error message shown when trying to request password for invalid account.');
    $this->assertEqual(count($this->drupalGetMails(array('id' => 'user_password_reset'))), 0, 'No email was sent when requesting a password for an invalid account.');
58
59

    // Reset the password by username via the password reset page.
60
    $edit['name'] = $this->account->getUsername();
61
    $this->drupalPostForm(NULL, $edit, t('Email new password'));
62

63
64
     // Verify that the user was sent an email.
    $this->assertMail('to', $this->account->getEmail(), 'Password email sent to user.');
65
    $subject = t('Replacement login information for @username at @site', array('@username' => $this->account->getUsername(), '@site' => \Drupal::config('system.site')->get('name')));
66
    $this->assertMail('subject', $subject, 'Password reset email subject is correct.');
67
68
69
70
71

    $resetURL = $this->getResetURL();
    $this->drupalGet($resetURL);

    // Check the one-time login page.
72
    $this->assertText($this->account->getUsername(), 'One-time login page contains the correct username.');
73
74
75
    $this->assertText(t('This login can be used only once.'), 'Found warning about one-time login.');

    // Check successful login.
76
    $this->drupalPostForm(NULL, NULL, t('Log in'));
77
    $this->assertLink(t('Log out'));
78
    $this->assertTitle(t('@name | @site', array('@name' => $this->account->getUsername(), '@site' => \Drupal::config('system.site')->get('name'))), 'Logged in using password reset link.');
79

80
81
82
83
84
85
86
87
88
89
    // Change the forgotten password.
    $password = user_password();
    $edit = array('pass[pass1]' => $password, 'pass[pass2]' => $password);
    $this->drupalPostForm(NULL, $edit, t('Save'));
    $this->assertText(t('The changes have been saved.'), 'Forgotten password changed.');

    // Verify that the password reset session has been destroyed.
    $this->drupalPostForm(NULL, $edit, t('Save'));
    $this->assertText(t('Your current password is missing or incorrect; it\'s required to change the Password.'), 'Password needed to make profile changes.');

90
    // Log out, and try to log in again using the same one-time link.
91
    $this->drupalLogout();
92
93
94
    $this->drupalGet($resetURL);
    $this->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.');

95
    // Request a new password again, this time using the email address.
96
97
98
    $this->drupalGet('user/password');
    // Count email messages before to compare with after.
    $before = count($this->drupalGetMails(array('id' => 'user_password_reset')));
99
    $edit = array('name' => $this->account->getEmail());
100
101
    $this->drupalPostForm(NULL, $edit, t('Email new password'));
    $this->assertTrue( count($this->drupalGetMails(array('id' => 'user_password_reset'))) === $before + 1, 'Email sent when requesting password reset using email address.');
102

103
    // Create a password reset link as if the request time was 60 seconds older than the allowed limit.
104
    $timeout = \Drupal::config('user.settings')->get('password_reset_timeout');
105
    $bogus_timestamp = REQUEST_TIME - $timeout - 60;
106
    $_uid = $this->account->id();
107
    $this->drupalGet("user/reset/$_uid/$bogus_timestamp/" . user_pass_rehash($this->account->getPassword(), $bogus_timestamp, $this->account->getLastLoginTime()));
108
109
    $this->assertText(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.');
  }
110
111

  /**
112
   * Retrieves password reset email and extracts the login link.
113
114
115
116
117
118
119
120
121
122
   */
  public function getResetURL() {
    // Assume the most recent email.
    $_emails = $this->drupalGetMails();
    $email = end($_emails);
    $urls = array();
    preg_match('#.+user/reset/.+#', $email['body'], $urls);

    return $urls[0];
  }
123

124
125
126
  /**
   * Prefill the text box on incorrect login via link to password reset page.
   */
127
128
129
130
131
132
  public function testUserResetPasswordTextboxFilled() {
    $this->drupalGet('user/login');
    $edit = array(
      'name' => $this->randomName(),
      'pass' => $this->randomName(),
    );
133
    $this->drupalPostForm('user', $edit, t('Log in'));
134
135
136
137
138
139
    $this->assertRaw(t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>',
      array('@password' => url('user/password', array('query' => array('name' => $edit['name']))))));
    unset($edit['pass']);
    $this->drupalGet('user/password', array('query' => array('name' => $edit['name'])));
    $this->assertFieldByName('name', $edit['name'], 'User name found.');
  }
140
}