function UserPasswordResetTestCase::testUserPasswordReset
Tests password reset functionality.
File
-
modules/
user/ user.test, line 541
Class
- UserPasswordResetTestCase
- Tests resetting a user password.
Code
function testUserPasswordReset($use_direct_login_link = FALSE) {
// Create a user.
$account = $this->drupalCreateUser();
$this->drupalLogin($account);
$this->drupalLogout();
// Attempt to reset password.
$edit = array(
'name' => $account->name,
);
$this->drupalPost('user/password', $edit, t('E-mail new password'));
// Ensure the correct message is shown for a valid user name.
$password_reset_text = variable_get('user_password_reset_text', t('If %identifier is a valid account, an email will be sent with instructions to reset your password.'));
$this->assertRaw(format_string($password_reset_text, array(
'%identifier' => $account->name,
)), 'Password reset instructions mailed message displayed for a valid user.');
// Ensure that flood control was not triggered.
$this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by single password reset.');
// Ensure the correct message is shown for a non-existent user name.
$name = $this->randomName();
$edit = array(
'name' => $name,
);
$this->drupalPost('user/password', $edit, t('E-mail new password'));
$password_reset_text = variable_get('user_password_reset_text', t('If %identifier is a valid account, an email will be sent with instructions to reset your password.'));
$this->assertRaw(format_string($password_reset_text, array(
'%identifier' => $name,
)), 'Password reset instructions mailed message displayed for a non-existent user.');
// Create an image field to enable an Ajax request on the user profile page.
$field = array(
'field_name' => 'field_avatar',
'type' => 'image',
'settings' => array(),
'cardinality' => 1,
);
field_create_field($field);
$instance = array(
'field_name' => $field['field_name'],
'entity_type' => 'user',
'label' => 'Avatar',
'bundle' => 'user',
'required' => FALSE,
'settings' => array(),
'widget' => array(
'type' => 'image_image',
'settings' => array(),
),
);
field_create_instance($instance);
variable_del("user_test_pass_reset_form_submit_{$account->uid}");
$resetURL = $this->getResetURL($use_direct_login_link);
$this->drupalGet($resetURL);
// Check successful login.
if (!$use_direct_login_link) {
$this->assertUrl($this->getConfirmURL($resetURL), array(), 'The user is redirected to the reset password confirm form.');
$this->drupalPost(NULL, NULL, t('Log in'));
// The form was fully processed before redirecting.
$form_submit_handled = variable_get("user_test_pass_reset_form_submit_{$account->uid}", FALSE);
$this->assertTrue($form_submit_handled, 'A custom submit handler executed.');
}
$this->assertText('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.');
// Make sure the Ajax request from uploading a file does not invalidate the
// reset token.
$image = current($this->drupalGetTestFiles('image'));
$edit = array(
'files[field_avatar_und_0]' => drupal_realpath($image->uri),
);
$this->drupalPostAJAX(NULL, $edit, 'field_avatar_und_0_upload_button');
// Change the forgotten password.
$password = user_password();
$edit = array(
'pass[pass1]' => $password,
'pass[pass2]' => $password,
);
$this->drupalPost(NULL, $edit, t('Save'));
$this->assertText(t('The changes have been saved.'), 'Forgotten password changed.');
// Ensure blocked and deleted accounts can't access the direct login link.
$this->drupalLogout();
$reset_url = $this->generateResetURL($account, $use_direct_login_link);
user_save($account, array(
'status' => 0,
));
$this->drupalGet($reset_url);
$this->assertResponse(403);
user_delete($account->uid);
$this->drupalGet($reset_url);
$this->assertResponse(403);
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.