drupal_set_message($this->t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href=":logout">log out</a> and try using the link again.',
drupal_set_message($this->t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'),'error');
return$this->redirect('user.pass');
}
if($user===NULL||!$user->isActive()){
// Blocked or invalid user ID, so deny access. The parameters will be in
// the watchdog's URL for the administrator to check.
thrownewAccessDeniedHttpException();
}
// Blocked or invalid user ID, so deny access. The parameters will be in the
$this->logger->notice('User %name used one-time login link at time %timestamp.',['%name'=>$user->getDisplayName(),'%timestamp'=>$timestamp]);
drupal_set_message($this->t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.'));
// Let the user's password be changed without the current password
// check.
$token=Crypt::randomBytesBase64(55);
$_SESSION['pass_reset_'.$user->id()]=$token;
return$this->redirect(
'entity.user.edit_form',
['user'=>$user->id()],
[
'query'=>['pass-reset-token'=>$token],
'absolute'=>TRUE,
]
);
}
drupal_set_message($this->t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'),'error');
$this->logger->notice('User %name used one-time login link at time %timestamp.',array('%name'=>$user->getUsername(),'%timestamp'=>$form_state->getValue('timestamp')));
drupal_set_message($this->t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.'));
// Let the user's password be changed without the current password check.
$token=Crypt::randomBytesBase64(55);
$_SESSION['pass_reset_'.$user->id()]=$token;
$form_state->setRedirect(
'entity.user.edit_form',
array('user'=>$user->id()),
array(
'query'=>array('pass-reset-token'=>$token),
'absolute'=>TRUE,
)
);
// This form works by submitting the hash and timestamp to the user.reset
@@ -125,6 +135,7 @@ function testUserPasswordReset() {
// Log out, and try to log in again using the same one-time link.
$this->drupalLogout();
$this->drupalGet($resetURL);
$this->drupalPostForm(NULL,NULL,t('Log in'));
$this->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'),'One-time link is no longer valid.');
// Request a new password again, this time using the email address.
...
...
@@ -149,6 +160,7 @@ function testUserPasswordReset() {
$this->assertText(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'),'Expired password reset request rejected.');
// Create a user, block the account, and verify that a login link is denied.
...
...
@@ -175,7 +187,31 @@ function testUserPasswordReset() {
$this->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'),'One-time link is no longer valid.');
// Verify a password reset link will automatically log a user when /login is
$this->assertTitle(t('@name | @site',array('@name'=>$this->account->getUsername(),'@site'=>$this->config('system.site')->get('name'))),'Logged in using password reset link.');
// Ensure blocked and deleted accounts can't access the user.reset.login
@@ -195,6 +231,25 @@ public function getResetURL() {
* Test user password reset while logged in.
*/
publicfunctiontestUserPasswordResetLoggedIn(){
$another_account=$this->drupalCreateUser();
$this->drupalLogin($another_account);
$this->drupalGet('user/password');
$this->drupalPostForm(NULL,NULL,t('Submit'));
// Click the reset URL while logged and change our password.
$resetURL=$this->getResetURL();
// Log in as a different user.
$this->drupalLogin($this->account);
$this->drupalGet($resetURL);
$this->assertRaw(newFormattableMarkup(
'Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href=":logout">log out</a> and try using the link again.',
$this->assertNoText($user2->getUsername(),'The invalid password reset page does not show the user name.');
$this->assertUrl('user/password',array(),'The user is redirected to the password reset request page.');
$this->assertText('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');
$this->assertIdentical(array('migrate test role 1 test permission','use text format full_html','use text format php_code'),$migrate_test_role_1->getPermissions());
$this->assertSame(array('migrate test role 1 test permission','use text format full_html','use text format php_code'),$migrate_test_role_1->getPermissions());