Attempt to cancel account without permission.
function testUserCancelWithoutPermission() {
config('user.settings')
->set('cancel_method', 'user_cancel_reassign')
->save();
// Create a user.
$account = $this
->drupalCreateUser(array());
$this
->drupalLogin($account);
// Load real user object.
$account = user_load($account->uid, TRUE);
// Create a node.
$node = $this
->drupalCreateNode(array(
'uid' => $account->uid,
));
// Attempt to cancel account.
$this
->drupalGet('user/' . $account->uid . '/edit');
$this
->assertNoRaw(t('Cancel account'), 'No cancel account button displayed.');
// Attempt bogus account cancellation request confirmation.
$timestamp = $account->login;
$this
->drupalGet("user/{$account->uid}/cancel/confirm/{$timestamp}/" . user_pass_rehash($account->pass, $timestamp, $account->login));
$this
->assertResponse(403, 'Bogus cancelling request rejected.');
$account = user_load($account->uid);
$this
->assertTrue($account->status == 1, 'User account was not canceled.');
// Confirm user's content has not been altered.
$test_node = node_load($node->nid, TRUE);
$this
->assertTrue($test_node->uid == $account->uid && $test_node->status == 1, 'Node of the user has not been altered.');
}