repatched core with https://www.drupal.org/node/1754162#comment-9737269
This commit is contained in:
Bachir Soussi Chiadmi
parent
5c7f02554f
commit
8feebe3d1e
@ -2359,14 +2359,26 @@ function user_external_login_register($name, $module) {
|
||||
* following properties:
|
||||
* - uid: The user ID number.
|
||||
* - login: The UNIX timestamp of the user's last login.
|
||||
* @param array $options
|
||||
* (optional) A keyed array of settings. Supported options are:
|
||||
* - langcode: A language code to be used when generating locale-sensitive
|
||||
* urls. If langcode is NULL the users preferred language is used.
|
||||
*
|
||||
* @return
|
||||
* A unique URL that provides a one-time log in for the user, from which
|
||||
* they can change their password.
|
||||
*/
|
||||
function user_pass_reset_url($account) {
|
||||
function user_pass_reset_url($account, $options = array()) {
|
||||
$timestamp = REQUEST_TIME;
|
||||
return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
|
||||
$url_options = array('absolute' => TRUE);
|
||||
if (isset($options['langcode'])) {
|
||||
$languages = language_list();
|
||||
$url_options['language'] = $languages[$options['langcode']];
|
||||
}
|
||||
else {
|
||||
$url_options['language'] = user_preferred_language($account);
|
||||
}
|
||||
return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), $url_options);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -2378,6 +2390,10 @@ function user_pass_reset_url($account) {
|
||||
* - uid: The user ID number.
|
||||
* - pass: The hashed user password string.
|
||||
* - login: The UNIX timestamp of the user's last login.
|
||||
* @param array $options
|
||||
* (optional) A keyed array of settings. Supported options are:
|
||||
* - langcode: A language code to be used when generating locale-sensitive
|
||||
* urls. If langcode is NULL the users preferred language is used.
|
||||
*
|
||||
* @return
|
||||
* A unique URL that may be used to confirm the cancellation of the user
|
||||
@ -2386,9 +2402,17 @@ function user_pass_reset_url($account) {
|
||||
* @see user_mail_tokens()
|
||||
* @see user_cancel_confirm()
|
||||
*/
|
||||
function user_cancel_url($account) {
|
||||
function user_cancel_url($account, $options = array()) {
|
||||
$timestamp = REQUEST_TIME;
|
||||
return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
|
||||
$url_options = array('absolute' => TRUE);
|
||||
if (isset($options['langcode'])) {
|
||||
$languages = language_list();
|
||||
$url_options['language'] = $languages[$options['langcode']];
|
||||
}
|
||||
else {
|
||||
$url_options['language'] = user_preferred_language($account);
|
||||
}
|
||||
return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), $url_options);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -2878,7 +2902,7 @@ Your account on [site:name] has been canceled.
|
||||
if ($replace) {
|
||||
// We do not sanitize the token replacement, since the output of this
|
||||
// replacement is intended for an e-mail message, not a web browser.
|
||||
return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
|
||||
return token_replace($text, $variables, array('language' => $language, 'langcode' => $langcode, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
|
||||
}
|
||||
|
||||
return $text;
|
||||
@ -2905,8 +2929,8 @@ Your account on [site:name] has been canceled.
|
||||
*/
|
||||
function user_mail_tokens(&$replacements, $data, $options) {
|
||||
if (isset($data['user'])) {
|
||||
$replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user']);
|
||||
$replacements['[user:cancel-url]'] = user_cancel_url($data['user']);
|
||||
$replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user'], $options);
|
||||
$replacements['[user:cancel-url]'] = user_cancel_url($data['user'], $options);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1088,13 +1088,16 @@ function user_account_form(&$form, &$form_state) {
|
||||
'#description' => t('To change the current user password, enter the new password in both fields.'),
|
||||
);
|
||||
// To skip the current password field, the user must have logged in via a
|
||||
// one-time link and have the token in the URL.
|
||||
$pass_reset = isset($_SESSION['pass_reset_' . $account->uid]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $_SESSION['pass_reset_' . $account->uid]);
|
||||
// one-time link and have the token in the URL. Store this in $form_state
|
||||
// so it persists even on subsequent Ajax requests.
|
||||
if (!isset($form_state['user_pass_reset'])) {
|
||||
$form_state['user_pass_reset'] = isset($_SESSION['pass_reset_' . $account->uid]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $_SESSION['pass_reset_' . $account->uid]);
|
||||
}
|
||||
$protected_values = array();
|
||||
$current_pass_description = '';
|
||||
// The user may only change their own password without their current
|
||||
// password if they logged in via a one-time login link.
|
||||
if (!$pass_reset) {
|
||||
if (!$form_state['user_pass_reset']) {
|
||||
$protected_values['mail'] = $form['account']['mail']['#title'];
|
||||
$protected_values['pass'] = t('Password');
|
||||
$request_new = l(t('Request new password'), 'user/password', array('attributes' => array('title' => t('Request new password via e-mail.'))));
|
||||
|
||||
@ -2320,6 +2320,26 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase {
|
||||
);
|
||||
}
|
||||
|
||||
public function setUp() {
|
||||
parent::setUp('locale');
|
||||
|
||||
$account = $this->drupalCreateUser(array('access administration pages', 'administer languages'));
|
||||
$this->drupalLogin($account);
|
||||
|
||||
// Add language.
|
||||
$edit = array('langcode' => 'de');
|
||||
$this->drupalPost('admin/config/regional/language/add', $edit, t('Add language'));
|
||||
|
||||
// Enable URL language detection and selection.
|
||||
$edit = array('language[enabled][locale-url]' => 1);
|
||||
$this->drupalPost('admin/config/regional/language/configure', $edit, t('Save settings'));
|
||||
|
||||
// Reset static caching.
|
||||
drupal_static_reset('language_list');
|
||||
drupal_static_reset('locale_url_outbound_alter');
|
||||
drupal_static_reset('locale_language_url_rewrite_url');
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a user, then tests the tokens generated from it.
|
||||
*/
|
||||
@ -2370,6 +2390,39 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase {
|
||||
$output = token_replace($input, array('user' => $account), array('language' => $language, 'sanitize' => FALSE));
|
||||
$this->assertEqual($output, $expected, format_string('Unsanitized user token %token replaced.', array('%token' => $input)));
|
||||
}
|
||||
|
||||
$languages = language_list();
|
||||
|
||||
// Generate login and cancel link.
|
||||
$tests = array();
|
||||
$tests['[user:one-time-login-url]'] = user_pass_reset_url($account);
|
||||
$tests['[user:cancel-url]'] = user_cancel_url($account);
|
||||
|
||||
// Generate tokens with interface language.
|
||||
$link = url('user', array('absolute' => TRUE));
|
||||
foreach ($tests as $input => $expected) {
|
||||
$output = token_replace($input, array('user' => $account), array('langcode' => $language->language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
|
||||
$this->assertTrue(strpos($output, $link) === 0, 'Generated URL is in interface language.');
|
||||
}
|
||||
|
||||
// Generate tokens with the user's preferred language.
|
||||
$edit['language'] = 'de';
|
||||
$account = user_save($account, $edit);
|
||||
$link = url('user', array('language' => $languages[$account->language], 'absolute' => TRUE));
|
||||
foreach ($tests as $input => $expected) {
|
||||
$output = token_replace($input, array('user' => $account), array('callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
|
||||
$this->assertTrue(strpos($output, $link) === 0, "Generated URL is in the user's preferred language.");
|
||||
}
|
||||
|
||||
// Generate tokens with one specific language.
|
||||
$link = url('user', array('language' => $languages['de'], 'absolute' => TRUE));
|
||||
foreach ($tests as $input => $expected) {
|
||||
foreach (array($user1, $user2) as $account) {
|
||||
$output = token_replace($input, array('user' => $account), array('langcode' => 'de', 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
|
||||
$this->assertTrue(strpos($output, $link) === 0, "Generated URL in in the requested language.");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -465,6 +465,19 @@ class UserPasswordResetTestCase extends DrupalWebTestCase {
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves password reset email and extracts the login link.
|
||||
*/
|
||||
public function getResetURL() {
|
||||
// Assume the most recent email.
|
||||
$_emails = $this->drupalGetMails();
|
||||
$email = end($_emails);
|
||||
$urls = array();
|
||||
preg_match('#.+user/reset/.+#', $email['body'], $urls);
|
||||
|
||||
return $urls[0];
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests password reset functionality.
|
||||
*/
|
||||
@ -478,6 +491,49 @@ class UserPasswordResetTestCase extends DrupalWebTestCase {
|
||||
$this->drupalPost('user/password', $edit, t('E-mail new password'));
|
||||
// Confirm the password reset.
|
||||
$this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.');
|
||||
|
||||
// Create an image field to enable an Ajax request on the user profile page.
|
||||
$field = array(
|
||||
'field_name' => 'field_avatar',
|
||||
'type' => 'image',
|
||||
'settings' => array(),
|
||||
'cardinality' => 1,
|
||||
);
|
||||
field_create_field($field);
|
||||
|
||||
$instance = array(
|
||||
'field_name' => $field['field_name'],
|
||||
'entity_type' => 'user',
|
||||
'label' => 'Avatar',
|
||||
'bundle' => 'user',
|
||||
'required' => FALSE,
|
||||
'settings' => array(),
|
||||
'widget' => array(
|
||||
'type' => 'image_image',
|
||||
'settings' => array(),
|
||||
),
|
||||
);
|
||||
field_create_instance($instance);
|
||||
|
||||
$resetURL = $this->getResetURL();
|
||||
$this->drupalGet($resetURL);
|
||||
|
||||
// Check successful login.
|
||||
$this->drupalPost(NULL, NULL, t('Log in'));
|
||||
|
||||
// Make sure the Ajax request from uploading a file does not invalidate the
|
||||
// reset token.
|
||||
$image = current($this->drupalGetTestFiles('image'));
|
||||
$edit = array(
|
||||
'files[field_avatar_und_0]' => drupal_realpath($image->uri),
|
||||
);
|
||||
$this->drupalPostAJAX(NULL, $edit, 'field_avatar_und_0_upload_button');
|
||||
|
||||
// Change the forgotten password.
|
||||
$password = user_password();
|
||||
$edit = array('pass[pass1]' => $password, 'pass[pass2]' => $password);
|
||||
$this->drupalPost(NULL, $edit, t('Save'));
|
||||
$this->assertText(t('The changes have been saved.'), 'Forgotten password changed.');
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1529,7 +1585,13 @@ class UserTimeZoneFunctionalTest extends DrupalWebTestCase {
|
||||
// Setup date/time settings for Los Angeles time.
|
||||
variable_set('date_default_timezone', 'America/Los_Angeles');
|
||||
variable_set('configurable_timezones', 1);
|
||||
variable_set('date_format_medium', 'Y-m-d H:i T');
|
||||
|
||||
// Override the 'medium' date format, which is the default for node
|
||||
// creation time. Since we are testing time zones with Daylight Saving
|
||||
// Time, and need to future proof against changes to the zoneinfo database,
|
||||
// we choose the 'I' format placeholder instead of a human-readable zone
|
||||
// name. With 'I', a 1 means the date is in DST, and 0 if not.
|
||||
variable_set('date_format_medium', 'Y-m-d H:i I');
|
||||
|
||||
// Create a user account and login.
|
||||
$web_user = $this->drupalCreateUser();
|
||||
@ -1547,11 +1609,11 @@ class UserTimeZoneFunctionalTest extends DrupalWebTestCase {
|
||||
|
||||
// Confirm date format and time zone.
|
||||
$this->drupalGet("node/$node1->nid");
|
||||
$this->assertText('2007-03-09 21:00 PST', 'Date should be PST.');
|
||||
$this->assertText('2007-03-09 21:00 0', 'Date should be PST.');
|
||||
$this->drupalGet("node/$node2->nid");
|
||||
$this->assertText('2007-03-11 01:00 PST', 'Date should be PST.');
|
||||
$this->assertText('2007-03-11 01:00 0', 'Date should be PST.');
|
||||
$this->drupalGet("node/$node3->nid");
|
||||
$this->assertText('2007-03-20 21:00 PDT', 'Date should be PDT.');
|
||||
$this->assertText('2007-03-20 21:00 1', 'Date should be PDT.');
|
||||
|
||||
// Change user time zone to Santiago time.
|
||||
$edit = array();
|
||||
@ -1562,11 +1624,11 @@ class UserTimeZoneFunctionalTest extends DrupalWebTestCase {
|
||||
|
||||
// Confirm date format and time zone.
|
||||
$this->drupalGet("node/$node1->nid");
|
||||
$this->assertText('2007-03-10 02:00 CLST', 'Date should be Chile summer time; five hours ahead of PST.');
|
||||
$this->assertText('2007-03-10 02:00 1', 'Date should be Chile summer time; five hours ahead of PST.');
|
||||
$this->drupalGet("node/$node2->nid");
|
||||
$this->assertText('2007-03-11 05:00 CLT', 'Date should be Chile time; four hours ahead of PST');
|
||||
$this->assertText('2007-03-11 05:00 0', 'Date should be Chile time; four hours ahead of PST');
|
||||
$this->drupalGet("node/$node3->nid");
|
||||
$this->assertText('2007-03-21 00:00 CLT', 'Date should be Chile time; three hours ahead of PDT.');
|
||||
$this->assertText('2007-03-21 00:00 0', 'Date should be Chile time; three hours ahead of PDT.');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user