class UserAccountFormPasswordResetTest

Same name and namespace in other branches
  1. 11.x core/modules/user/tests/src/Kernel/UserAccountFormPasswordResetTest.php \Drupal\Tests\user\Kernel\UserAccountFormPasswordResetTest
  2. 10 core/modules/user/tests/src/Kernel/UserAccountFormPasswordResetTest.php \Drupal\Tests\user\Kernel\UserAccountFormPasswordResetTest

Verifies that the password reset behaves as expected with form elements.

@group user

Hierarchy

Expanded class hierarchy of UserAccountFormPasswordResetTest

File

core/modules/user/tests/src/Kernel/UserAccountFormPasswordResetTest.php, line 14

Namespace

Drupal\Tests\user\Kernel
View source
class UserAccountFormPasswordResetTest extends KernelTestBase {
  
  /**
   * Modules to enable.
   *
   * @var array
   */
  protected static $modules = [
    'system',
    'user',
  ];
  
  /**
   * User object.
   *
   * @var \Drupal\user\UserInterface
   */
  protected $user;
  
  /**
   * {@inheritdoc}
   */
  protected function setUp() : void {
    parent::setUp();
    // Install default configuration; required for AccountFormController.
    $this->installConfig([
      'user',
    ]);
    $this->installSchema('system', [
      'sequences',
    ]);
    $this->installEntitySchema('user');
    // Create an user to login.
    $this->user = User::create([
      'name' => 'test',
    ]);
    $this->user
      ->save();
    // Set current user.
    $this->container
      ->set('current_user', $this->user);
    // Install the router table and then rebuild.
    \Drupal::service('router.builder')->rebuild();
  }
  
  /**
   * Tests the reset token used only from query string.
   */
  public function testPasswordResetToken() {
    /** @var \Symfony\Component\HttpFoundation\Request $request */
    $request = $this->container
      ->get('request_stack')
      ->getCurrentRequest();
    // @todo: Replace with $request->getSession() as soon as the session is
    // present in KernelTestBase.
    // see: https://www.drupal.org/node/2484991
    $session = new Session();
    $request->setSession($session);
    $token = 'VALID_TOKEN';
    $session->set('pass_reset_1', $token);
    // Set token in query string.
    $request->query
      ->set('pass-reset-token', $token);
    $form = $this->buildAccountForm('default');
    // User shouldn't see current password field.
    $this->assertFalse($form['account']['current_pass']['#access']);
    $request->query
      ->set('pass-reset-token', NULL);
    $request->attributes
      ->set('pass-reset-token', $token);
    $form = $this->buildAccountForm('default');
    $this->assertTrue($form['account']['current_pass']['#access']);
  }
  
  /**
   * Builds the user account form for a given operation.
   *
   * @param string $operation
   *   The entity operation; one of 'register' or 'default'.
   *
   * @return array
   *   The form array.
   */
  protected function buildAccountForm($operation) {
    // @see HtmlEntityFormController::getFormObject()
    $entity_type = 'user';
    $fields = [];
    if ($operation != 'register') {
      $fields['uid'] = $this->user
        ->id();
    }
    $entity = $this->container
      ->get('entity_type.manager')
      ->getStorage($entity_type)
      ->create($fields);
    // @see EntityFormBuilder::getForm()
    return $this->container
      ->get('entity.form_builder')
      ->getForm($entity, $operation);
  }

}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.