summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries2012-04-09 21:12:37 (GMT)
committerDries2012-04-09 21:12:37 (GMT)
commit2f167bdda3f024829dd9b6d06a38bb23712e6806 (patch)
tree761488211c8c29a8870657cb07bb32a2f3e79fa5
parent1f0a7f6e742e6c498cc8c318f35f43c820c7ce4c (diff)
- Patch #246029 by zserno, rjgoldsborough, blisteringherb, rfay, Alan Evans | izmeez: Added Use variables for timeout values in user module's password reset.
-rw-r--r--core/modules/user/user.pages.inc5
-rw-r--r--core/modules/user/user.test52
2 files changed, 55 insertions, 2 deletions
diff --git a/core/modules/user/user.pages.inc b/core/modules/user/user.pages.inc
index c54bd4c..f24849c 100644
--- a/core/modules/user/user.pages.inc
+++ b/core/modules/user/user.pages.inc
@@ -113,8 +113,9 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
drupal_goto();
}
else {
- // Time out, in seconds, until login URL expires. 24 hours = 86400 seconds.
- $timeout = 86400;
+ // Time out, in seconds, until login URL expires. Defaults to 24 hours =
+ // 86400 seconds.
+ $timeout = variable_get('user_password_reset_timeout', 86400);
$current = REQUEST_TIME;
// Some redundant checks for extra security ?
$users = user_load_multiple(array($uid), array('status' => '1'));
diff --git a/core/modules/user/user.test b/core/modules/user/user.test
index 95b3cce..06fbc95 100644
--- a/core/modules/user/user.test
+++ b/core/modules/user/user.test
@@ -439,6 +439,58 @@ class UserLoginTestCase extends DrupalWebTestCase {
}
/**
+ * Tests resetting a user password.
+ */
+class UserPasswordResetTestCase extends DrupalWebTestCase {
+ protected $profile = 'standard';
+
+ public static function getInfo() {
+ return array(
+ 'name' => 'Reset password',
+ 'description' => 'Ensure that password reset methods work as expected.',
+ 'group' => 'User',
+ );
+ }
+
+ /**
+ * Tests password reset functionality.
+ */
+ function testUserPasswordReset() {
+ // Create a user.
+ $account = $this->drupalCreateUser();
+ $this->drupalLogin($account);
+ $this->drupalLogout();
+ // Attempt to reset password.
+ $edit = array('name' => $account->name);
+ $this->drupalPost('user/password', $edit, t('E-mail new password'));
+ // Confirm the password reset.
+ $this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.');
+ }
+
+ /**
+ * Attempts login using an expired password reset link.
+ */
+ function testUserPasswordResetExpired() {
+ // Set password reset timeout variable to 43200 seconds = 12 hours.
+ $timeout = 43200;
+ variable_set('user_password_reset_timeout', $timeout);
+
+ // Create a user.
+ $account = $this->drupalCreateUser();
+ $this->drupalLogin($account);
+ // Load real user object.
+ $account = user_load($account->uid, TRUE);
+ $this->drupalLogout();
+
+ // To attempt an expired password reset, create a password reset link as if
+ // its request time was 60 seconds older than the allowed limit of timeout.
+ $bogus_timestamp = REQUEST_TIME - variable_get('user_password_reset_timeout', 86400) - 60;
+ $this->drupalGet("user/reset/$account->uid/$bogus_timestamp/" . user_pass_rehash($account->pass, $bogus_timestamp, $account->login));
+ $this->assertText(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.');
+ }
+}
+
+/**
* Test cancelling a user.
*/
class UserCancelTestCase extends DrupalWebTestCase {