public function testChangePasswordFromLostPassword() { $admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'test'); $admin->FailedLoginCount = 99; $admin->LockedOutUntil = DBDatetime::now()->Format('Y-m-d H:i:s'); $admin->write(); $this->assertNull($admin->AutoLoginHash, 'Hash is empty before lost password'); // Request new password by email $response = $this->get('Security/lostpassword'); $response = $this->post('Security/LostPasswordForm', array('Email' => '*****@*****.**')); $this->assertEmailSent('*****@*****.**'); // Load password link from email $admin = DataObject::get_by_id('SilverStripe\\Security\\Member', $admin->ID); $this->assertNotNull($admin->AutoLoginHash, 'Hash has been written after lost password'); // We don't have access to the token - generate a new token and hash pair. $token = $admin->generateAutologinTokenAndStoreHash(); // Check. $response = $this->get('Security/changepassword/?m=' . $admin->ID . '&t=' . $token); $this->assertEquals(302, $response->getStatusCode()); $this->assertEquals(Director::baseUrl() . 'Security/changepassword', $response->getHeader('Location')); // Follow redirection to form without hash in GET parameter $response = $this->get('Security/changepassword'); $changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword'); $this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs')); // Check if we can login with the new password $goodResponse = $this->doTestLoginForm('*****@*****.**', 'changedPassword'); $this->assertEquals(302, $goodResponse->getStatusCode()); $this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs')); $admin = DataObject::get_by_id('SilverStripe\\Security\\Member', $admin->ID, false); $this->assertNull($admin->LockedOutUntil); $this->assertEquals(0, $admin->FailedLoginCount); }