UserPasswordResetTest.php 6.56 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
<?php

/**
 * @file
 * Definition of Drupal\user\Tests\UserPasswordResetTest.
 */

namespace Drupal\user\Tests;

use Drupal\simpletest\WebTestBase;

/**
13
14
15
 * Ensure that password reset methods work as expected.
 *
 * @group user
16
17
 */
class UserPasswordResetTest extends WebTestBase {
18
19
20
  /**
   * The user object to test password resetting.
   *
21
   * @var \Drupal\user\UserInterface
22
23
   */
  protected $account;
24

25
26
27
28
29
30
31
32
33
34
  /**
   * Modules to enable.
   *
   * @var array
   */
  public static $modules = ['block'];

  /**
   * {@inheritdoc}
   */
35
  protected function setUp() {
36
37
    parent::setUp();

38
39
    $this->drupalPlaceBlock('system_menu_block:account');

40
41
    // Create a user.
    $account = $this->drupalCreateUser();
42
43

    // Activate user by logging in.
44
    $this->drupalLogin($account);
45

46
    $this->account = user_load($account->id());
47
    $this->drupalLogout();
48
49
50
51

    // Set the last login time that is used to generate the one-time link so
    // that it is definitely over a second ago.
    $account->login = REQUEST_TIME - mt_rand(10, 100000);
52
    db_update('users_field_data')
53
      ->fields(array('login' => $account->getLastLoginTime()))
54
      ->condition('uid', $account->id())
55
      ->execute();
56
57
58
  }

  /**
59
   * Tests password reset functionality.
60
   */
61
62
63
64
  function testUserPasswordReset() {
    // Try to reset the password for an invalid account.
    $this->drupalGet('user/password');

65
    $edit = array('name' => $this->randomMachineName(32));
66
    $this->drupalPostForm(NULL, $edit, t('Email new password'));
67

68
69
    $this->assertText(t('Sorry, @name is not recognized as a username or an email address.', array('@name' => $edit['name'])), 'Validation error message shown when trying to request password for invalid account.');
    $this->assertEqual(count($this->drupalGetMails(array('id' => 'user_password_reset'))), 0, 'No email was sent when requesting a password for an invalid account.');
70
71

    // Reset the password by username via the password reset page.
72
    $edit['name'] = $this->account->getUsername();
73
    $this->drupalPostForm(NULL, $edit, t('Email new password'));
74

75
76
     // Verify that the user was sent an email.
    $this->assertMail('to', $this->account->getEmail(), 'Password email sent to user.');
77
    $subject = t('Replacement login information for @username at @site', array('@username' => $this->account->getUsername(), '@site' => $this->config('system.site')->get('name')));
78
    $this->assertMail('subject', $subject, 'Password reset email subject is correct.');
79
80
81
82
83

    $resetURL = $this->getResetURL();
    $this->drupalGet($resetURL);

    // Check the one-time login page.
84
    $this->assertText($this->account->getUsername(), 'One-time login page contains the correct username.');
85
86
87
    $this->assertText(t('This login can be used only once.'), 'Found warning about one-time login.');

    // Check successful login.
88
    $this->drupalPostForm(NULL, NULL, t('Log in'));
89
    $this->assertLink(t('Log out'));
90
    $this->assertTitle(t('@name | @site', array('@name' => $this->account->getUsername(), '@site' => $this->config('system.site')->get('name'))), 'Logged in using password reset link.');
91

92
93
94
95
96
97
98
99
100
101
    // Change the forgotten password.
    $password = user_password();
    $edit = array('pass[pass1]' => $password, 'pass[pass2]' => $password);
    $this->drupalPostForm(NULL, $edit, t('Save'));
    $this->assertText(t('The changes have been saved.'), 'Forgotten password changed.');

    // Verify that the password reset session has been destroyed.
    $this->drupalPostForm(NULL, $edit, t('Save'));
    $this->assertText(t('Your current password is missing or incorrect; it\'s required to change the Password.'), 'Password needed to make profile changes.');

102
    // Log out, and try to log in again using the same one-time link.
103
    $this->drupalLogout();
104
105
106
    $this->drupalGet($resetURL);
    $this->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.');

107
    // Request a new password again, this time using the email address.
108
109
110
    $this->drupalGet('user/password');
    // Count email messages before to compare with after.
    $before = count($this->drupalGetMails(array('id' => 'user_password_reset')));
111
    $edit = array('name' => $this->account->getEmail());
112
113
    $this->drupalPostForm(NULL, $edit, t('Email new password'));
    $this->assertTrue( count($this->drupalGetMails(array('id' => 'user_password_reset'))) === $before + 1, 'Email sent when requesting password reset using email address.');
114

115
    // Create a password reset link as if the request time was 60 seconds older than the allowed limit.
116
    $timeout = $this->config('user.settings')->get('password_reset_timeout');
117
    $bogus_timestamp = REQUEST_TIME - $timeout - 60;
118
    $_uid = $this->account->id();
119
    $this->drupalGet("user/reset/$_uid/$bogus_timestamp/" . user_pass_rehash($this->account->getPassword(), $bogus_timestamp, $this->account->getLastLoginTime()));
120
    $this->assertText(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.');
121
122
123
124
125
126
127

    // Create a user, block the account, and verify that a login link is denied.
    $timestamp = REQUEST_TIME - 1;
    $blocked_account = $this->drupalCreateUser()->block();
    $blocked_account->save();
    $this->drupalGet("user/reset/" . $blocked_account->id() . "/$timestamp/" . user_pass_rehash($blocked_account->getPassword(), $timestamp, $blocked_account->getLastLoginTime()));
    $this->assertResponse(403);
128
  }
129
130

  /**
131
   * Retrieves password reset email and extracts the login link.
132
133
134
135
136
137
138
139
140
141
   */
  public function getResetURL() {
    // Assume the most recent email.
    $_emails = $this->drupalGetMails();
    $email = end($_emails);
    $urls = array();
    preg_match('#.+user/reset/.+#', $email['body'], $urls);

    return $urls[0];
  }
142

143
144
145
  /**
   * Prefill the text box on incorrect login via link to password reset page.
   */
146
147
148
  public function testUserResetPasswordTextboxFilled() {
    $this->drupalGet('user/login');
    $edit = array(
149
150
      'name' => $this->randomMachineName(),
      'pass' => $this->randomMachineName(),
151
    );
152
    $this->drupalPostForm('user/login', $edit, t('Log in'));
153
    $this->assertRaw(t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>',
154
      array('@password' => \Drupal::url('user.pass', [], array('query' => array('name' => $edit['name']))))));
155
156
157
158
    unset($edit['pass']);
    $this->drupalGet('user/password', array('query' => array('name' => $edit['name'])));
    $this->assertFieldByName('name', $edit['name'], 'User name found.');
  }
159
}