public function UserPasswordResetTest::testUserPasswordResetOtherUserLoggedIn

1 user_password_reset.test public UserPasswordResetTest::testUserPasswordResetOtherUserLoggedIn()

Test user password reset in a browser where another user is logged in.

File

core/modules/user/tests/user_password_reset.test, line 363: Tests for resetting the password.

Class

UserPasswordResetTest

Code

public function testUserPasswordResetOtherUserLoggedIn() {
  $another_account = $this->backdropCreateUser();
  $account = $this->backdropCreateUser();
  $this->backdropLogin($account);
  // Make sure the test account has a valid password.
  user_save($account, array('pass' => user_password()));

  // Try to use the login link while logged in as a different user.
  // Generate one time login link.
  $reset_url = user_pass_reset_url($another_account);
  $this->backdropGet($reset_url);
  $this->assertRaw(t(
  'You cannot use a password reset link while logged into the site. Please <a href="!logout">logout</a> and try using the link again.', 
  array('!logout' => url('user/logout'))
  ));

  // Verify that the invalid password reset page does not show the user name.
  $attack_reset_url = "user/reset/" . $another_account->uid . "/1/1";
  $this->backdropGet($attack_reset_url);
  $this->assertNoText($another_account->name);
  $this->assertText('The one-time login link you clicked is invalid.');
}