function UserPasswordResetTestCase::testUserPasswordResetLoggedIn

Test user password reset while logged in.

1 call to UserPasswordResetTestCase::testUserPasswordResetLoggedIn()
UserPasswordResetTestCase::testUserDirectLogin in modules/user/user.test
Test direct login link that bypasses the password reset form.

File

modules/user/user.test, line 708

Class

UserPasswordResetTestCase
Tests resetting a user password.

Code

function testUserPasswordResetLoggedIn($use_direct_login_link = FALSE) {
    $another_account = $this->drupalCreateUser();
    $account = $this->drupalCreateUser();
    $this->drupalLogin($account);
    // Make sure the test account has a valid password.
    user_save($account, array(
        'pass' => user_password(),
    ));
    // Try to use the login link while logged in as a different user.
    // Generate one time login link.
    $reset_url = $this->generateResetURL($another_account, $use_direct_login_link);
    $this->drupalGet($reset_url);
    $this->assertRaw(t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href="!logout">logout</a> and try using the link again.', array(
        '%other_user' => $account->name,
        '%resetting_user' => $another_account->name,
        '!logout' => url('user/logout'),
    )));
    // Test the link for a deleted user while logged in.
    user_delete($another_account->uid);
    $this->drupalGet($reset_url);
    $this->assertText('The one-time login link you clicked is invalid.');
    // Generate a one time login link for the logged-in user.
    $fapi_action = $use_direct_login_link ? 'build' : 'submit';
    variable_del("user_test_pass_reset_form_{$fapi_action}_{$account->uid}");
    $reset_url = $this->generateResetURL($account, $use_direct_login_link);
    $this->drupalGet($reset_url);
    if ($use_direct_login_link) {
        // The form is never fully built; user is logged out (session destroyed)
        // and redirected to the same URL, then logged in again and redirected
        // during form build.
        $form_built = variable_get("user_test_pass_reset_form_build_{$account->uid}", FALSE);
        $this->assertTrue(!$form_built, 'The password reset form was never fully built.');
    }
    else {
        $this->assertUrl($this->getConfirmURL($reset_url), array(), 'The user is redirected to the reset password confirm form.');
        $this->assertText('Reset password');
        $this->drupalPost(NULL, NULL, t('Log in'));
        // The form was fully processed before redirecting.
        $form_submit_handled = variable_get("user_test_pass_reset_form_submit_{$account->uid}", FALSE);
        $this->assertTrue($form_submit_handled, 'A custom submit handler executed.');
    }
    $this->assertText('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.');
    // The user can change the forgotten password on the page they are
    // redirected to.
    $pass = user_password();
    $edit = array(
        'pass[pass1]' => $pass,
        'pass[pass2]' => $pass,
    );
    $this->drupalPost(NULL, $edit, t('Save'));
    $this->assertText('The changes have been saved.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.