1 user_password_reset.test | public UserPasswordResetTest::testUserPasswordReset() |
Tests password reset functionality.
File
- core/
modules/ user/ tests/ user_password_reset.test, line 53 - Tests for resetting the password.
Class
Code
public function testUserPasswordReset() {
// Try to reset the password for an invalid account.
$this->backdropGet('user/password');
$edit = array('name' => $this->randomName(32));
$this->backdropPost(NULL, $edit, t('Reset password'));
$this->assertRaw(t('Sorry, %name is not recognized as a user name or an email address.', array('%name' => $edit['name'])), 'Validation error message shown when trying to request password for invalid account.');
$this->assertEqual(count($this->backdropGetMails(array('id' => 'user_password_reset'))), 0, 'No email was sent when requesting a password for an invalid account.');
// Reset the password by username via the password reset page.
$edit['name'] = $this->account->name;
$this->backdropPost(NULL, $edit, t('Reset password'));
// Verify that the user was sent an email.
$this->assertMail('to', $this->account->mail, 'Password email sent to user.');
$subject = t('Password reset information for @username at @site', array('@username' => $this->account->name, '@site' => config_get('system.core', 'site_name')));
$this->assertMail('subject', $subject, 'Password reset email subject is correct.');
// Ensure that flood control was not triggered.
$this->assertNoText('Sorry, too many password reset attempts', 'Flood control was not triggered by single password reset.');
$resetURL = $this->getResetURL();
$this->backdropGet($resetURL);
// Check that password value is required.
$this->backdropPost(NULL, array(), t('Save password & log in'));
$this->assertText(t('Password field is required.'));
// Check successful login with values.
$pass = user_password();
$pass_edit = array(
'pass[pass1]' => $pass,
'pass[pass2]' => $pass,
);
$this->backdropPost(NULL, $pass_edit, t('Save password & log in'));
$this->assertLink(t('Log out'));
$this->assertUrl('<front>');
// Log out, and try to log in again using the same one-time link.
$this->backdropLogout();
$this->backdropGet($resetURL);
$this->assertText(t('You have tried to use a reset password link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.');
// Request a new password again, this time using the email address.
$this->backdropGet('user/password');
// Count email messages before to compare with after.
$before = count($this->backdropGetMails(array('id' => 'user_password_reset')));
$edit['name'] = $this->account->mail;
$this->backdropPost(NULL, $edit, t('Reset password'));
$this->assertTrue(count($this->backdropGetMails(array('id' => 'user_password_reset'))) === $before + 1, 'Email sent when requesting password reset using email address.');
// Log in the user using password reset url.
$user_pass_reset_url = $this->getResetURL();
$new_password = user_password();
$edit = array(
'pass[pass1]' => $new_password,
'pass[pass2]' => $new_password,
);
$this->backdropPost($user_pass_reset_url, $edit, t('Save password & log in'));
$this->assertText(t('Your account password has been updated.'), 'One time login with password reset completed.');
$this->account = user_load($this->account->uid, TRUE);
$this->assertTrue(user_check_password($new_password, $this->account), 'Password reset successful.');
$this->backdropLogout();
// Create a password reset link as if the request time was 60 seconds older than the allowed limit.
$timeout = 86400;
$bogus_timestamp = REQUEST_TIME - $timeout - 60;
$this->backdropGet("user/reset/{$this->account->uid}/$bogus_timestamp/" . user_pass_rehash($this->account->pass, $bogus_timestamp, $this->account->login, $this->account->uid, $this->account->mail));
$this->assertText(t('You have tried to use a reset password link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.');
$this->backdropLogout();
// Test an immediate login, without the reset form.
sleep(1);
$timestamp = time();
$this->backdropGet("user/reset/{$this->account->uid}/$timestamp/" . user_pass_rehash($this->account->pass, $timestamp, $this->account->login, $this->account->uid, $this->account->mail) . '/login');
$this->assertText(t('You have used your one-time log-in link and are now logged-in.'), 'Immediate login link message shown.');
$this->backdropGet("user/{$this->account->uid}/edit");
$this->assertResponse(200, 'Immediate login link logged user in.');
}