/** * {@inheritdoc} */ public function setUp() { parent::setUp(); // Add a field to both entities. $this->addField('string', 'field_shared', 'user'); $this->addField('string', 'field_shared', 'simplenews_subscriber'); // Create a user. $this->user = $this->drupalCreateUser(array('administer simplenews subscriptions', 'administer simplenews settings')); $this->user->setEmail('*****@*****.**'); $this->user->set('field_shared', $this->randomMachineName()); $this->user->save(); }
/** * Tests access to the personal contact form. */ function testPersonalContactAccess() { // Test allowed access to admin user's contact form. $this->drupalLogin($this->webUser); $this->drupalGet('user/' . $this->adminUser->id() . '/contact'); $this->assertResponse(200); // Check the page title is properly displayed. $this->assertRaw(t('Contact @username', array('@username' => $this->adminUser->getDisplayName()))); // Test denied access to admin user's own contact form. $this->drupalLogout(); $this->drupalLogin($this->adminUser); $this->drupalGet('user/' . $this->adminUser->id() . '/contact'); $this->assertResponse(403); // Test allowed access to user with contact form enabled. $this->drupalLogin($this->webUser); $this->drupalGet('user/' . $this->contactUser->id() . '/contact'); $this->assertResponse(200); // Test that there is no access to personal contact forms for users // without an email address configured. $original_email = $this->contactUser->getEmail(); $this->contactUser->setEmail(FALSE)->save(); $this->drupalGet('user/' . $this->contactUser->id() . '/contact'); $this->assertResponse(404, 'Not found (404) returned when visiting a personal contact form for a user with no email address'); // Test that the 'contact tab' does not appear on the user profiles // for users without an email address configured. $this->drupalGet('user/' . $this->contactUser->id()); $contact_link = '/user/' . $this->contactUser->id() . '/contact'; $this->assertResponse(200); $this->assertNoLinkByHref($contact_link, 'The "contact" tab is hidden on profiles for users with no email address'); // Restore original email address. $this->contactUser->setEmail($original_email)->save(); // Test denied access to the user's own contact form. $this->drupalGet('user/' . $this->webUser->id() . '/contact'); $this->assertResponse(403); // Test always denied access to the anonymous user contact form. $this->drupalGet('user/0/contact'); $this->assertResponse(403); // Test that anonymous users can access the contact form. $this->drupalLogout(); user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, array('access user contact forms')); $this->drupalGet('user/' . $this->contactUser->id() . '/contact'); $this->assertResponse(200); // Test that anonymous users can access admin user's contact form. $this->drupalGet('user/' . $this->adminUser->id() . '/contact'); $this->assertResponse(200); $this->assertCacheContext('user'); // Revoke the personal contact permission for the anonymous user. user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, array('access user contact forms')); $this->drupalGet('user/' . $this->contactUser->id() . '/contact'); $this->assertResponse(403); $this->assertCacheContext('user'); $this->drupalGet('user/' . $this->adminUser->id() . '/contact'); $this->assertResponse(403); // Disable the personal contact form. $this->drupalLogin($this->adminUser); $edit = array('contact_default_status' => FALSE); $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration')); $this->assertText(t('The configuration options have been saved.'), 'Setting successfully saved.'); $this->drupalLogout(); // Re-create our contacted user with personal contact forms disabled by // default. $this->contactUser = $this->drupalCreateUser(); // Test denied access to a user with contact form disabled. $this->drupalLogin($this->webUser); $this->drupalGet('user/' . $this->contactUser->id() . '/contact'); $this->assertResponse(403); // Test allowed access for admin user to a user with contact form disabled. $this->drupalLogin($this->adminUser); $this->drupalGet('user/' . $this->contactUser->id() . '/contact'); $this->assertResponse(200); // Re-create our contacted user as a blocked user. $this->contactUser = $this->drupalCreateUser(); $this->contactUser->block(); $this->contactUser->save(); // Test that blocked users can still be contacted by admin. $this->drupalGet('user/' . $this->contactUser->id() . '/contact'); $this->assertResponse(200); // Test that blocked users cannot be contacted by non-admins. $this->drupalLogin($this->webUser); $this->drupalGet('user/' . $this->contactUser->id() . '/contact'); $this->assertResponse(403); // Test enabling and disabling the contact page through the user profile // form. $this->drupalGet('user/' . $this->webUser->id() . '/edit'); $this->assertNoFieldChecked('edit-contact--2'); $this->assertFalse(\Drupal::service('user.data')->get('contact', $this->webUser->id(), 'enabled'), 'Personal contact form disabled'); $this->drupalPostForm(NULL, array('contact' => TRUE), t('Save')); $this->assertFieldChecked('edit-contact--2'); $this->assertTrue(\Drupal::service('user.data')->get('contact', $this->webUser->id(), 'enabled'), 'Personal contact form enabled'); // Test with disabled global default contact form in combination with a user // that has the contact form enabled. $this->config('contact.settings')->set('user_default_enabled', FALSE)->save(); $this->contactUser = $this->drupalCreateUser(); \Drupal::service('user.data')->set('contact', $this->contactUser->id(), 'enabled', 1); $this->drupalGet('user/' . $this->contactUser->id() . '/contact'); $this->assertResponse(200); }
/** * {@inheritdoc} */ public function setEmail($mail) { return $this->subject->setEmail($mail); }
/** * Tests password reset functionality. */ function testUserPasswordReset() { // Try to reset the password for an invalid account. $this->drupalGet('user/password'); $edit = array('name' => $this->randomMachineName(32)); $this->drupalPostForm(NULL, $edit, t('Submit')); $this->assertText(t('Sorry, @name is not recognized as a username or an email address.', array('@name' => $edit['name'])), 'Validation error message shown when trying to request password for invalid account.'); $this->assertEqual(count($this->drupalGetMails(array('id' => 'user_password_reset'))), 0, 'No email was sent when requesting a password for an invalid account.'); // Reset the password by username via the password reset page. $edit['name'] = $this->account->getUsername(); $this->drupalPostForm(NULL, $edit, t('Submit')); // Verify that the user was sent an email. $this->assertMail('to', $this->account->getEmail(), 'Password email sent to user.'); $subject = t('Replacement login information for @username at @site', array('@username' => $this->account->getUsername(), '@site' => $this->config('system.site')->get('name'))); $this->assertMail('subject', $subject, 'Password reset email subject is correct.'); $resetURL = $this->getResetURL(); $this->drupalGet($resetURL); $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache')); // Ensure the password reset URL is not cached. $this->drupalGet($resetURL); $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache')); // Check the one-time login page. $this->assertText($this->account->getUsername(), 'One-time login page contains the correct username.'); $this->assertText(t('This login can be used only once.'), 'Found warning about one-time login.'); $this->assertTitle(t('Reset password | Drupal'), 'Page title is "Reset password".'); // Check successful login. $this->drupalPostForm(NULL, NULL, t('Log in')); $this->assertLink(t('Log out')); $this->assertTitle(t('@name | @site', array('@name' => $this->account->getUsername(), '@site' => $this->config('system.site')->get('name'))), 'Logged in using password reset link.'); // Make sure the ajax request from uploading a user picture does not // invalidate the reset token. $image = current($this->drupalGetTestFiles('image')); $edit = array('files[user_picture_0]' => drupal_realpath($image->uri)); $this->drupalPostAjaxForm(NULL, $edit, 'user_picture_0_upload_button'); // Change the forgotten password. $password = user_password(); $edit = array('pass[pass1]' => $password, 'pass[pass2]' => $password); $this->drupalPostForm(NULL, $edit, t('Save')); $this->assertText(t('The changes have been saved.'), 'Forgotten password changed.'); // Verify that the password reset session has been destroyed. $this->drupalPostForm(NULL, $edit, t('Save')); $this->assertText(t('Your current password is missing or incorrect; it\'s required to change the Password.'), 'Password needed to make profile changes.'); // Log out, and try to log in again using the same one-time link. $this->drupalLogout(); $this->drupalGet($resetURL); $this->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.'); // Request a new password again, this time using the email address. $this->drupalGet('user/password'); // Count email messages before to compare with after. $before = count($this->drupalGetMails(array('id' => 'user_password_reset'))); $edit = array('name' => $this->account->getEmail()); $this->drupalPostForm(NULL, $edit, t('Submit')); $this->assertTrue(count($this->drupalGetMails(array('id' => 'user_password_reset'))) === $before + 1, 'Email sent when requesting password reset using email address.'); // Create a password reset link as if the request time was 60 seconds older than the allowed limit. $timeout = $this->config('user.settings')->get('password_reset_timeout'); $bogus_timestamp = REQUEST_TIME - $timeout - 60; $_uid = $this->account->id(); $this->drupalGet("user/reset/{$_uid}/{$bogus_timestamp}/" . user_pass_rehash($this->account, $bogus_timestamp)); $this->assertText(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.'); // Create a user, block the account, and verify that a login link is denied. $timestamp = REQUEST_TIME - 1; $blocked_account = $this->drupalCreateUser()->block(); $blocked_account->save(); $this->drupalGet("user/reset/" . $blocked_account->id() . "/{$timestamp}/" . user_pass_rehash($blocked_account, $timestamp)); $this->assertResponse(403); // Verify a blocked user can not request a new password. $this->drupalGet('user/password'); // Count email messages before to compare with after. $before = count($this->drupalGetMails(array('id' => 'user_password_reset'))); $edit = array('name' => $blocked_account->getUsername()); $this->drupalPostForm(NULL, $edit, t('Submit')); $this->assertRaw(t('%name is blocked or has not been activated yet.', array('%name' => $blocked_account->getUsername())), 'Notified user blocked accounts can not request a new password'); $this->assertTrue(count($this->drupalGetMails(array('id' => 'user_password_reset'))) === $before, 'No email was sent when requesting password reset for a blocked account'); // Verify a password reset link is invalidated when the user's email address changes. $this->drupalGet('user/password'); $edit = array('name' => $this->account->getUsername()); $this->drupalPostForm(NULL, $edit, t('Submit')); $old_email_reset_link = $this->getResetURL(); $this->account->setEmail("1" . $this->account->getEmail()); $this->account->save(); $this->drupalGet($old_email_reset_link); $this->assertText(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'), 'One-time link is no longer valid.'); }