Commit be488fb2 authored by Dries's avatar Dries

Issue #1814558 by LinL: Convert user_password_reset_timeout() variable to use config system.

parent 19ad9669
......@@ -13,3 +13,4 @@ notify:
register: visitors
signatures: '0'
cancel_method: user_cancel_block
password_reset_timeout: '86400'
......@@ -41,10 +41,8 @@ function testUserPasswordReset() {
* Attempts login using an expired password reset link.
*/
function testUserPasswordResetExpired() {
// Set password reset timeout variable to 43200 seconds = 12 hours.
$timeout = 43200;
variable_set('user_password_reset_timeout', $timeout);
// Set password reset timeout to 43200 seconds = 12 hours.
config('user.settings')->set('password_reset_timeout', 43200)->save();
// Create a user.
$account = $this->drupalCreateUser();
$this->drupalLogin($account);
......@@ -54,7 +52,8 @@ function testUserPasswordResetExpired() {
// To attempt an expired password reset, create a password reset link as if
// its request time was 60 seconds older than the allowed limit of timeout.
$bogus_timestamp = REQUEST_TIME - variable_get('user_password_reset_timeout', 86400) - 60;
$timeout = config('user.settings')->get('password_reset_timeout');
$bogus_timestamp = REQUEST_TIME - $timeout - 60;
$this->drupalGet("user/reset/$account->uid/$bogus_timestamp/" . user_pass_rehash($account->pass, $bogus_timestamp, $account->login));
$this->assertText(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.');
}
......
......@@ -496,6 +496,7 @@ function user_update_8004() {
'user_mail_status_blocked_notify' => 'notify.status_blocked',
'user_mail_status_cancelled_notify' => 'notify.status_cancelled',
'user_email_verification' => 'verify_mail',
'user_password_reset_timeout' => 'password_reset_timeout',
));
// Convert the user.settings:register numeric value to text value.
......
......@@ -119,9 +119,8 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
drupal_goto();
}
else {
// Time out, in seconds, until login URL expires. Defaults to 24 hours =
// 86400 seconds.
$timeout = variable_get('user_password_reset_timeout', 86400);
// Time out, in seconds, until login URL expires.
$timeout = config('user.settings')->get('password_reset_timeout');
$current = REQUEST_TIME;
$account = user_load($uid);
// Verify that the user exists and is active.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment