function UserPasswordResetTestCase::testUserPasswordReset

Tests password reset functionality.

1 call to UserPasswordResetTestCase::testUserPasswordReset()
UserPasswordResetTestCase::testUserDirectLogin in modules/user/user.test
Test direct login link that bypasses the password reset form.

File

modules/user/user.test, line 541

Class

UserPasswordResetTestCase
Tests resetting a user password.

Code

function testUserPasswordReset($use_direct_login_link = FALSE) {
    // Create a user.
    $account = $this->drupalCreateUser();
    $this->drupalLogin($account);
    $this->drupalLogout();
    // Attempt to reset password.
    $edit = array(
        'name' => $account->name,
    );
    $this->drupalPost('user/password', $edit, t('E-mail new password'));
    // Ensure the correct message is shown for a valid user name.
    $password_reset_text = variable_get('user_password_reset_text', t('If %identifier is a valid account, an email will be sent with instructions to reset your password.'));
    $this->assertRaw(format_string($password_reset_text, array(
        '%identifier' => $account->name,
    )), 'Password reset instructions mailed message displayed for a valid user.');
    // Ensure that flood control was not triggered.
    $this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by single password reset.');
    // Ensure the correct message is shown for a non-existent user name.
    $name = $this->randomName();
    $edit = array(
        'name' => $name,
    );
    $this->drupalPost('user/password', $edit, t('E-mail new password'));
    $password_reset_text = variable_get('user_password_reset_text', t('If %identifier is a valid account, an email will be sent with instructions to reset your password.'));
    $this->assertRaw(format_string($password_reset_text, array(
        '%identifier' => $name,
    )), 'Password reset instructions mailed message displayed for a non-existent user.');
    // Create an image field to enable an Ajax request on the user profile page.
    $field = array(
        'field_name' => 'field_avatar',
        'type' => 'image',
        'settings' => array(),
        'cardinality' => 1,
    );
    field_create_field($field);
    $instance = array(
        'field_name' => $field['field_name'],
        'entity_type' => 'user',
        'label' => 'Avatar',
        'bundle' => 'user',
        'required' => FALSE,
        'settings' => array(),
        'widget' => array(
            'type' => 'image_image',
            'settings' => array(),
        ),
    );
    field_create_instance($instance);
    variable_del("user_test_pass_reset_form_submit_{$account->uid}");
    $resetURL = $this->getResetURL($use_direct_login_link);
    $this->drupalGet($resetURL);
    // Check successful login.
    if (!$use_direct_login_link) {
        $this->assertUrl($this->getConfirmURL($resetURL), array(), 'The user is redirected to the reset password confirm form.');
        $this->drupalPost(NULL, NULL, t('Log in'));
        // The form was fully processed before redirecting.
        $form_submit_handled = variable_get("user_test_pass_reset_form_submit_{$account->uid}", FALSE);
        $this->assertTrue($form_submit_handled, 'A custom submit handler executed.');
    }
    $this->assertText('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.');
    // Make sure the Ajax request from uploading a file does not invalidate the
    // reset token.
    $image = current($this->drupalGetTestFiles('image'));
    $edit = array(
        'files[field_avatar_und_0]' => drupal_realpath($image->uri),
    );
    $this->drupalPostAJAX(NULL, $edit, 'field_avatar_und_0_upload_button');
    // Change the forgotten password.
    $password = user_password();
    $edit = array(
        'pass[pass1]' => $password,
        'pass[pass2]' => $password,
    );
    $this->drupalPost(NULL, $edit, t('Save'));
    $this->assertText(t('The changes have been saved.'), 'Forgotten password changed.');
    // Ensure blocked and deleted accounts can't access the direct login link.
    $this->drupalLogout();
    $reset_url = $this->generateResetURL($account, $use_direct_login_link);
    user_save($account, array(
        'status' => 0,
    ));
    $this->drupalGet($reset_url);
    $this->assertResponse(403);
    user_delete($account->uid);
    $this->drupalGet($reset_url);
    $this->assertResponse(403);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.