1 user_password_reset.test UserPasswordResetTest::testUserPasswordReset()

Tests password reset functionality.


core/modules/user/tests/user_password_reset.test, line 53
Tests for resetting the password.




function testUserPasswordReset() {
  // Try to reset the password for an invalid account.

  $edit = array('name' => $this->randomName(32));
  $this->backdropPost(NULL, $edit, t('Reset password'));

  $this->assertRaw(t('Sorry, %name is not recognized as a user name or an email address.', array('%name' => $edit['name'])), 'Validation error message shown when trying to request password for invalid account.');
  $this->assertEqual(count($this->backdropGetMails(array('id' => 'user_password_reset'))), 0, 'No email was sent when requesting a password for an invalid account.');

  // Reset the password by username via the password reset page.
  $edit['name'] = $this->account->name;
  $this->backdropPost(NULL, $edit, t('Reset password'));

  // Verify that the user was sent an email.
  $this->assertMail('to', $this->account->mail, 'Password email sent to user.');
  $subject = t('Password reset information for @username at @site', array('@username' => $this->account->name, '@site' => config_get('system.core', 'site_name')));
  $this->assertMail('subject', $subject, 'Password reset email subject is correct.');

  // Ensure that flood control was not triggered.
  $this->assertNoText('Sorry, too many password reset attempts', 'Flood control was not triggered by single password reset.');

  $resetURL = $this->getResetURL();

  // Check that password value is required.
  $this->backdropPost(NULL, array(), t('Save password & log in'));
  $this->assertText(t('Password field is required.'));

  // Check successful login with values.
  $pass = user_password();
  $pass_edit = array(
    'pass[pass1]' => $pass,
    'pass[pass2]' => $pass,
  $this->backdropPost(NULL, $pass_edit, t('Save password & log in'));
  $this->assertLink(t('Log out'));

  // Log out, and try to log in again using the same one-time link.
  $this->assertText(t('You have tried to use a reset password link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.');

  // Request a new password again, this time using the email address.
  // Count email messages before to compare with after.
  $before = count($this->backdropGetMails(array('id' => 'user_password_reset')));
  $edit['name'] = $this->account->mail;
  $this->backdropPost(NULL, $edit, t('Reset password'));
  $this->assertTrue(count($this->backdropGetMails(array('id' => 'user_password_reset'))) === $before + 1, 'Email sent when requesting password reset using email address.');

  // Log in the user using password reset url.
  $user_pass_reset_url = $this->getResetURL();
  $new_password = user_password();
  $edit = array(
    'pass[pass1]' => $new_password,
    'pass[pass2]' => $new_password,
  $this->backdropPost($user_pass_reset_url, $edit, t('Save password & log in'));
  $this->assertText(t('Your account password has been updated.'), 'One time login with password reset completed.');
  $this->account = user_load($this->account->uid, TRUE);
  $this->assertTrue(user_check_password($new_password, $this->account), 'Password reset successful.');

  // Create a password reset link as if the request time was 60 seconds older than the allowed limit.
  $timeout = 86400;
  $bogus_timestamp = REQUEST_TIME - $timeout - 60;
  $this->backdropGet("user/reset/{$this->account->uid}/$bogus_timestamp/" . user_pass_rehash($this->account->pass, $bogus_timestamp, $this->account->login, $this->account->uid));
  $this->assertText(t('You have tried to use a reset password link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.');

  // Test an immediate login, without the reset form.
  $timestamp = time();
  $this->backdropGet("user/reset/{$this->account->uid}/$timestamp/" . user_pass_rehash($this->account->pass, $timestamp, $this->account->login, $this->account->uid) . '/login');
  $this->assertText(t('You have used your one-time log-in link and are now logged-in.'), 'Immediate login link message shown.');
  $this->assertResponse(200, 'Immediate login link logged user in.');