function UserPasswordResetTest::testUserPasswordReset

Tests password reset functionality.

File

drupal/core/modules/user/lib/Drupal/user/Tests/UserPasswordResetTest.php, line 47

Definition of Drupal\user\Tests\UserPasswordResetTest.

Class

UserPasswordResetTest

Tests resetting a user password.

Namespace

Code

function testUserPasswordReset() {

  // Try to reset the password for an invalid account.
  $this
    ->drupalGet('user/password');
  $edit = array(
    'name' => $this
      ->randomName(32),
  );
  $this
    ->drupalPost(NULL, $edit, t('E-mail new password'));
  $this
    ->assertText(t('Sorry, @name is not recognized as a username or an e-mail address.', array(
    '@name' => $edit['name'],
  )), 'Validation error message shown when trying to request password for invalid account.');
  $this
    ->assertEqual(count($this
    ->drupalGetMails(array(
    'id' => 'user_password_reset',
  ))), 0, t('No e-mail was sent when requesting a password for an invalid account.'));

  // Reset the password by username via the password reset page.
  $edit['name'] = $this->account->name;
  $this
    ->drupalPost(NULL, $edit, t('E-mail new password'));

  // Verify that the user was sent an e-mail.
  $this
    ->assertMail('to', $this->account->mail, t('Password e-mail sent to user.'));
  $subject = t('Replacement login information for @username at @site', array(
    '@username' => $this->account->name,
    '@site' => config('system.site')
      ->get('name'),
  ));
  $this
    ->assertMail('subject', $subject, 'Password reset e-mail subject is correct.');
  $resetURL = $this
    ->getResetURL();
  $this
    ->drupalGet($resetURL);

  // Check the one-time login page.
  $this
    ->assertText($this->account->name, 'One-time login page contains the correct username.');
  $this
    ->assertText(t('This login can be used only once.'), 'Found warning about one-time login.');

  // Check successful login.
  $this
    ->drupalPost(NULL, NULL, t('Log in'));
  $this
    ->assertLink(t('Log out'));
  $this
    ->assertTitle(t('@name | @site', array(
    '@name' => $this->account->name,
    '@site' => config('system.site')
      ->get('name'),
  )), 'Logged in using password reset link.');

  // Log out, and try to log in again using the same one-time link.
  $this
    ->drupalLogout();
  $this
    ->drupalGet($resetURL);
  $this
    ->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.');

  // Request a new password again, this time using the e-mail address.
  $this
    ->drupalGet('user/password');

  // Count email messages before to compare with after.
  $before = count($this
    ->drupalGetMails(array(
    'id' => 'user_password_reset',
  )));
  $edit['name'] = $this->account->mail;
  $this
    ->drupalPost(NULL, $edit, t('E-mail new password'));
  $this
    ->assertTrue(count($this
    ->drupalGetMails(array(
    'id' => 'user_password_reset',
  ))) === $before + 1, 'E-mail sent when requesting password reset using e-mail address.');

  // Create a password reset link as if the request time was 60 seconds older than the allowed limit.
  $timeout = config('user.settings')
    ->get('password_reset_timeout');
  $bogus_timestamp = REQUEST_TIME - $timeout - 60;
  $_uid = $this->account->uid;
  $this
    ->drupalGet("user/reset/{$_uid}/{$bogus_timestamp}/" . user_pass_rehash($this->account->pass, $bogus_timestamp, $this->account->login));
  $this
    ->assertText(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.');
}