summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathaniel Catchpole2016-02-01 19:08:41 +0900
committerNathaniel Catchpole2016-02-01 19:08:41 +0900
commit260b6e37801a96d2b6bee88c747ada3836cd8395 (patch)
treee4f8cd5b3a7dc153a418f42e324e8ba056f88f62
parent9d050abbf0f6012b186d5480dcf5f47afd123580 (diff)
Issue #2587275 by swentel, Sharique, cilefen, ivanjaros, Dave Reid, Berdir: Invalid token used in user email notification
-rw-r--r--core/modules/user/config/install/user.mail.yml2
-rw-r--r--core/modules/user/src/Tests/Update/UserUpdateEmailToken.php40
-rw-r--r--core/modules/user/src/Tests/UserAdminTest.php6
-rw-r--r--core/modules/user/tests/fixtures/update/drupal-8.user-email-token-2587275.php22
-rw-r--r--core/modules/user/user.install22
5 files changed, 91 insertions, 1 deletions
diff --git a/core/modules/user/config/install/user.mail.yml b/core/modules/user/config/install/user.mail.yml
index f8e41ce..9f2ad67 100644
--- a/core/modules/user/config/install/user.mail.yml
+++ b/core/modules/user/config/install/user.mail.yml
@@ -20,7 +20,7 @@ status_activated:
body: "[user:display-name],\n\nYour account at [site:name] has been activated.\n\nYou may now log in by clicking this link or copying and pasting it into your browser:\n\n[user:one-time-login-url]\n\nThis link can only be used once to log in and will lead you to a page where you can set your password.\n\nAfter setting your password, you will be able to log in at [site:login-url] in the future using:\n\nusername: [user:account-name]\npassword: Your password\n\n-- [site:name] team"
subject: 'Account details for [user:display-name] at [site:name] (approved)'
status_blocked:
- body: "[user:display-name],\n\nYour account on [site:account-name] has been blocked.\n\n-- [site:name] team"
+ body: "[user:display-name],\n\nYour account on [site:name] has been blocked.\n\n-- [site:name] team"
subject: 'Account details for [user:display-name] at [site:name] (blocked)'
status_canceled:
body: "[user:display-name],\n\nYour account on [site:name] has been canceled.\n\n-- [site:name] team"
diff --git a/core/modules/user/src/Tests/Update/UserUpdateEmailToken.php b/core/modules/user/src/Tests/Update/UserUpdateEmailToken.php
new file mode 100644
index 0000000..3e1140b
--- /dev/null
+++ b/core/modules/user/src/Tests/Update/UserUpdateEmailToken.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\user\Tests\Update\UserUpdateEmailToken.
+ */
+
+namespace Drupal\user\Tests\Update;
+
+use Drupal\system\Tests\Update\UpdatePathTestBase;
+
+/**
+ * Tests user email token upgrade path.
+ *
+ * @group Update
+ */
+class UserUpdateEmailToken extends UpdatePathTestBase {
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setDatabaseDumpFiles() {
+ $this->databaseDumpFiles = [
+ __DIR__ . '/../../../../system/tests/fixtures/update/drupal-8.bare.standard.php.gz',
+ __DIR__ . '/../../../tests/fixtures/update/drupal-8.user-email-token-2587275.php',
+ ];
+ }
+
+ /**
+ * Tests that email token in status_blocked of user.mail is updated.
+ */
+ public function testEmailToken() {
+ $mail = \Drupal::config('user.mail')->get('status_blocked');
+ $this->assertTrue(strpos($mail['body'], '[site:account-name]'));
+ $this->runUpdates();
+ $mail = \Drupal::config('user.mail')->get('status_blocked');
+ $this->assertFalse(strpos($mail['body'], '[site:account-name]'));
+ }
+
+}
diff --git a/core/modules/user/src/Tests/UserAdminTest.php b/core/modules/user/src/Tests/UserAdminTest.php
index cf942f9..595e0ae 100644
--- a/core/modules/user/src/Tests/UserAdminTest.php
+++ b/core/modules/user/src/Tests/UserAdminTest.php
@@ -28,6 +28,7 @@ class UserAdminTest extends WebTestBase {
* Registers a user and deletes it.
*/
function testUserAdmin() {
+ $config = $this->config('user.settings');
$user_a = $this->drupalCreateUser();
$user_a->name = 'User A';
$user_a->mail = $this->randomMachineName() . '@example.com';
@@ -101,11 +102,16 @@ class UserAdminTest extends WebTestBase {
$edit = array();
$edit['action'] = 'user_block_user_action';
$edit['user_bulk_form[4]'] = TRUE;
+ $config
+ ->set('notify.status_blocked', TRUE)
+ ->save();
$this->drupalPostForm('admin/people', $edit, t('Apply'), array(
// Sort the table by username so that we know reliably which user will be
// targeted with the blocking action.
'query' => array('order' => 'name', 'sort' => 'asc')
));
+ $site_name = $this->config('system.site')->get('name');
+ $this->assertMailString('body', 'Your account on ' . $site_name . ' has been blocked.', 1, 'Blocked message found in the mail sent to user C.');
$user_storage->resetCache(array($user_c->id()));
$account = $user_storage->load($user_c->id());
$this->assertTrue($account->isBlocked(), 'User C blocked');
diff --git a/core/modules/user/tests/fixtures/update/drupal-8.user-email-token-2587275.php b/core/modules/user/tests/fixtures/update/drupal-8.user-email-token-2587275.php
new file mode 100644
index 0000000..28dab8b
--- /dev/null
+++ b/core/modules/user/tests/fixtures/update/drupal-8.user-email-token-2587275.php
@@ -0,0 +1,22 @@
+<?php
+
+/**
+ * @file
+ * Contains database additions to drupal-8.bare.standard.php.gz for testing the
+ * upgrade path of https://www.drupal.org/node/2587275.
+ */
+
+use Drupal\Core\Database\Database;
+
+$connection = Database::getConnection();
+
+// Replace the user.mail configuration because the dump contains the right token
+// already.
+$connection->delete('config')->condition('name', 'user.mail')->execute();
+$connection->insert('config')
+->fields(array('collection', 'name', 'data'))
+->values(array(
+ 'collection' => '',
+ 'name' => 'user.mail',
+ 'data' => "a:10:{s:14:\"cancel_confirm\";a:2:{s:4:\"body\";s:369:\"[user:name],\n\nA request to cancel your account has been made at [site:name].\n\nYou may now cancel your account on [site:url-brief] by clicking this link or copying and pasting it into your browser:\n\n[user:cancel-url]\n\nNOTE: The cancellation of your account is not reversible.\n\nThis link expires in one day and nothing will happen if it is not used.\n\n-- [site:name] team\";s:7:\"subject\";s:59:\"Account cancellation request for [user:name] at [site:name]\";}s:14:\"password_reset\";a:2:{s:4:\"body\";s:397:\"[user:name],\n\nA request to reset the password for your account has been made at [site:name].\n\nYou may now log in by clicking this link or copying and pasting it to your browser:\n\n[user:one-time-login-url]\n\nThis link can only be used once to log in and will lead you to a page where you can set your password. It expires after one day and nothing will happen if it's not used.\n\n-- [site:name] team\";s:7:\"subject\";s:60:\"Replacement login information for [user:name] at [site:name]\";}s:22:\"register_admin_created\";a:2:{s:4:\"body\";s:463:\"[user:name],\n\nA site administrator at [site:name] has created an account for you. You may now log in by clicking this link or copying and pasting it to your browser:\n\n[user:one-time-login-url]\n\nThis link can only be used once to log in and will lead you to a page where you can set your password.\n\nAfter setting your password, you will be able to log in at [site:login-url] in the future using:\n\nusername: [user:name]\npassword: Your password\n\n-- [site:name] team\";s:7:\"subject\";s:58:\"An administrator created an account for you at [site:name]\";}s:29:\"register_no_approval_required\";a:2:{s:4:\"body\";s:437:\"[user:name],\n\nThank you for registering at [site:name]. You may now log in by clicking this link or copying and pasting it to your browser:\n\n[user:one-time-login-url]\n\nThis link can only be used once to log in and will lead you to a page where you can set your password.\n\nAfter setting your password, you will be able to log in at [site:login-url] in the future using:\n\nusername: [user:name]\npassword: Your password\n\n-- [site:name] team\";s:7:\"subject\";s:46:\"Account details for [user:name] at [site:name]\";}s:25:\"register_pending_approval\";a:2:{s:4:\"body\";s:281:\"[user:name],\n\nThank you for registering at [site:name]. Your application for an account is currently pending approval. Once it has been approved, you will receive another email containing information about how to log in, set your password, and other details.\n\n\n-- [site:name] team\";s:7:\"subject\";s:71:\"Account details for [user:name] at [site:name] (pending admin approval)\";}s:31:\"register_pending_approval_admin\";a:2:{s:4:\"body\";s:56:\"[user:name] has applied for an account.\n\n[user:edit-url]\";s:7:\"subject\";s:71:\"Account details for [user:name] at [site:name] (pending admin approval)\";}s:16:\"status_activated\";a:2:{s:4:\"body\";s:446:\"[user:name],\n\nYour account at [site:name] has been activated.\n\nYou may now log in by clicking this link or copying and pasting it into your browser:\n\n[user:one-time-login-url]\n\nThis link can only be used once to log in and will lead you to a page where you can set your password.\n\nAfter setting your password, you will be able to log in at [site:login-url] in the future using:\n\nusername: [user:name]\npassword: Your password\n\n-- [site:name] team\";s:7:\"subject\";s:57:\"Account details for [user:name] at [site:name] (approved)\";}s:14:\"status_blocked\";a:2:{s:4:\"body\";s:89:\"[user:name],\n\nYour account on [site:account-name] has been blocked.\n\n-- [site:name] team\";s:7:\"subject\";s:56:\"Account details for [user:name] at [site:name] (blocked)\";}s:15:\"status_canceled\";a:2:{s:4:\"body\";s:82:\"[user:name],\n\nYour account on [site:name] has been canceled.\n\n-- [site:name] team\";s:7:\"subject\";s:57:\"Account details for [user:name] at [site:name] (canceled)\";}s:8:\"langcode\";s:2:\"en\";}"
+))->execute();
diff --git a/core/modules/user/user.install b/core/modules/user/user.install
index 91a908e..7cc46ef 100644
--- a/core/modules/user/user.install
+++ b/core/modules/user/user.install
@@ -85,3 +85,25 @@ function user_install() {
))
->save();
}
+
+/**
+ * @addtogroup updates-8.1.0-beta
+ * @{
+ */
+
+/**
+ * Fix invalid token in the status_blocked email body.
+ */
+function user_update_8100() {
+ $config_factory = \Drupal::configFactory();
+ $config = $config_factory->getEditable('user.mail');
+ $mail = $config->get('status_blocked');
+ if (strpos($mail['body'], '[site:account-name]') !== FALSE) {
+ $mail['body'] = str_replace('[site:account-name]', '[site:name]', $mail['body']);
+ $config->set('status_blocked', $mail)->save(TRUE);
+ }
+}
+
+/**
+ * @} End of "addtogroup updates-8.1.0-beta".
+ */