From 8feebe3d1e940039d90d20b1f517a6d8f5b748f1 Mon Sep 17 00:00:00 2001 From: Bachir Soussi Chiadmi Date: Tue, 25 Jul 2017 19:13:30 +0200 Subject: [PATCH] repatched core with https://www.drupal.org/node/1754162#comment-9737269 --- modules/user/user.module | 38 ++++++++++++++---- modules/user/user.module.orig | 9 +++-- modules/user/user.test | 53 ++++++++++++++++++++++++ modules/user/user.test.orig | 76 +++++++++++++++++++++++++++++++---- 4 files changed, 159 insertions(+), 17 deletions(-) diff --git a/modules/user/user.module b/modules/user/user.module index 12ca2800..cfcd10ba 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -2359,14 +2359,26 @@ function user_external_login_register($name, $module) { * following properties: * - uid: The user ID number. * - login: The UNIX timestamp of the user's last login. + * @param array $options + * (optional) A keyed array of settings. Supported options are: + * - langcode: A language code to be used when generating locale-sensitive + * urls. If langcode is NULL the users preferred language is used. * * @return * A unique URL that provides a one-time log in for the user, from which * they can change their password. */ -function user_pass_reset_url($account) { +function user_pass_reset_url($account, $options = array()) { $timestamp = REQUEST_TIME; - return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE)); + $url_options = array('absolute' => TRUE); + if (isset($options['langcode'])) { + $languages = language_list(); + $url_options['language'] = $languages[$options['langcode']]; + } + else { + $url_options['language'] = user_preferred_language($account); + } + return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), $url_options); } /** @@ -2378,6 +2390,10 @@ function user_pass_reset_url($account) { * - uid: The user ID number. * - pass: The hashed user password string. * - login: The UNIX timestamp of the user's last login. + * @param array $options + * (optional) A keyed array of settings. Supported options are: + * - langcode: A language code to be used when generating locale-sensitive + * urls. If langcode is NULL the users preferred language is used. * * @return * A unique URL that may be used to confirm the cancellation of the user @@ -2386,9 +2402,17 @@ function user_pass_reset_url($account) { * @see user_mail_tokens() * @see user_cancel_confirm() */ -function user_cancel_url($account) { +function user_cancel_url($account, $options = array()) { $timestamp = REQUEST_TIME; - return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE)); + $url_options = array('absolute' => TRUE); + if (isset($options['langcode'])) { + $languages = language_list(); + $url_options['language'] = $languages[$options['langcode']]; + } + else { + $url_options['language'] = user_preferred_language($account); + } + return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), $url_options); } /** @@ -2878,7 +2902,7 @@ Your account on [site:name] has been canceled. if ($replace) { // We do not sanitize the token replacement, since the output of this // replacement is intended for an e-mail message, not a web browser. - return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE)); + return token_replace($text, $variables, array('language' => $language, 'langcode' => $langcode, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE)); } return $text; @@ -2905,8 +2929,8 @@ Your account on [site:name] has been canceled. */ function user_mail_tokens(&$replacements, $data, $options) { if (isset($data['user'])) { - $replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user']); - $replacements['[user:cancel-url]'] = user_cancel_url($data['user']); + $replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user'], $options); + $replacements['[user:cancel-url]'] = user_cancel_url($data['user'], $options); } } diff --git a/modules/user/user.module.orig b/modules/user/user.module.orig index b818d79a..12ca2800 100644 --- a/modules/user/user.module.orig +++ b/modules/user/user.module.orig @@ -1088,13 +1088,16 @@ function user_account_form(&$form, &$form_state) { '#description' => t('To change the current user password, enter the new password in both fields.'), ); // To skip the current password field, the user must have logged in via a - // one-time link and have the token in the URL. - $pass_reset = isset($_SESSION['pass_reset_' . $account->uid]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $_SESSION['pass_reset_' . $account->uid]); + // one-time link and have the token in the URL. Store this in $form_state + // so it persists even on subsequent Ajax requests. + if (!isset($form_state['user_pass_reset'])) { + $form_state['user_pass_reset'] = isset($_SESSION['pass_reset_' . $account->uid]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $_SESSION['pass_reset_' . $account->uid]); + } $protected_values = array(); $current_pass_description = ''; // The user may only change their own password without their current // password if they logged in via a one-time login link. - if (!$pass_reset) { + if (!$form_state['user_pass_reset']) { $protected_values['mail'] = $form['account']['mail']['#title']; $protected_values['pass'] = t('Password'); $request_new = l(t('Request new password'), 'user/password', array('attributes' => array('title' => t('Request new password via e-mail.')))); diff --git a/modules/user/user.test b/modules/user/user.test index 0875e0ac..f26cf260 100644 --- a/modules/user/user.test +++ b/modules/user/user.test @@ -2320,6 +2320,26 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase { ); } + public function setUp() { + parent::setUp('locale'); + + $account = $this->drupalCreateUser(array('access administration pages', 'administer languages')); + $this->drupalLogin($account); + + // Add language. + $edit = array('langcode' => 'de'); + $this->drupalPost('admin/config/regional/language/add', $edit, t('Add language')); + + // Enable URL language detection and selection. + $edit = array('language[enabled][locale-url]' => 1); + $this->drupalPost('admin/config/regional/language/configure', $edit, t('Save settings')); + + // Reset static caching. + drupal_static_reset('language_list'); + drupal_static_reset('locale_url_outbound_alter'); + drupal_static_reset('locale_language_url_rewrite_url'); + } + /** * Creates a user, then tests the tokens generated from it. */ @@ -2370,6 +2390,39 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase { $output = token_replace($input, array('user' => $account), array('language' => $language, 'sanitize' => FALSE)); $this->assertEqual($output, $expected, format_string('Unsanitized user token %token replaced.', array('%token' => $input))); } + + $languages = language_list(); + + // Generate login and cancel link. + $tests = array(); + $tests['[user:one-time-login-url]'] = user_pass_reset_url($account); + $tests['[user:cancel-url]'] = user_cancel_url($account); + + // Generate tokens with interface language. + $link = url('user', array('absolute' => TRUE)); + foreach ($tests as $input => $expected) { + $output = token_replace($input, array('user' => $account), array('langcode' => $language->language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE)); + $this->assertTrue(strpos($output, $link) === 0, 'Generated URL is in interface language.'); + } + + // Generate tokens with the user's preferred language. + $edit['language'] = 'de'; + $account = user_save($account, $edit); + $link = url('user', array('language' => $languages[$account->language], 'absolute' => TRUE)); + foreach ($tests as $input => $expected) { + $output = token_replace($input, array('user' => $account), array('callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE)); + $this->assertTrue(strpos($output, $link) === 0, "Generated URL is in the user's preferred language."); + } + + // Generate tokens with one specific language. + $link = url('user', array('language' => $languages['de'], 'absolute' => TRUE)); + foreach ($tests as $input => $expected) { + foreach (array($user1, $user2) as $account) { + $output = token_replace($input, array('user' => $account), array('langcode' => 'de', 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE)); + $this->assertTrue(strpos($output, $link) === 0, "Generated URL in in the requested language."); + } + } + } } diff --git a/modules/user/user.test.orig b/modules/user/user.test.orig index 63143c3c..0875e0ac 100644 --- a/modules/user/user.test.orig +++ b/modules/user/user.test.orig @@ -465,6 +465,19 @@ class UserPasswordResetTestCase extends DrupalWebTestCase { ); } + /** + * Retrieves password reset email and extracts the login link. + */ + public function getResetURL() { + // Assume the most recent email. + $_emails = $this->drupalGetMails(); + $email = end($_emails); + $urls = array(); + preg_match('#.+user/reset/.+#', $email['body'], $urls); + + return $urls[0]; + } + /** * Tests password reset functionality. */ @@ -478,6 +491,49 @@ class UserPasswordResetTestCase extends DrupalWebTestCase { $this->drupalPost('user/password', $edit, t('E-mail new password')); // Confirm the password reset. $this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.'); + + // Create an image field to enable an Ajax request on the user profile page. + $field = array( + 'field_name' => 'field_avatar', + 'type' => 'image', + 'settings' => array(), + 'cardinality' => 1, + ); + field_create_field($field); + + $instance = array( + 'field_name' => $field['field_name'], + 'entity_type' => 'user', + 'label' => 'Avatar', + 'bundle' => 'user', + 'required' => FALSE, + 'settings' => array(), + 'widget' => array( + 'type' => 'image_image', + 'settings' => array(), + ), + ); + field_create_instance($instance); + + $resetURL = $this->getResetURL(); + $this->drupalGet($resetURL); + + // Check successful login. + $this->drupalPost(NULL, NULL, t('Log in')); + + // Make sure the Ajax request from uploading a file does not invalidate the + // reset token. + $image = current($this->drupalGetTestFiles('image')); + $edit = array( + 'files[field_avatar_und_0]' => drupal_realpath($image->uri), + ); + $this->drupalPostAJAX(NULL, $edit, 'field_avatar_und_0_upload_button'); + + // Change the forgotten password. + $password = user_password(); + $edit = array('pass[pass1]' => $password, 'pass[pass2]' => $password); + $this->drupalPost(NULL, $edit, t('Save')); + $this->assertText(t('The changes have been saved.'), 'Forgotten password changed.'); } /** @@ -1529,7 +1585,13 @@ class UserTimeZoneFunctionalTest extends DrupalWebTestCase { // Setup date/time settings for Los Angeles time. variable_set('date_default_timezone', 'America/Los_Angeles'); variable_set('configurable_timezones', 1); - variable_set('date_format_medium', 'Y-m-d H:i T'); + + // Override the 'medium' date format, which is the default for node + // creation time. Since we are testing time zones with Daylight Saving + // Time, and need to future proof against changes to the zoneinfo database, + // we choose the 'I' format placeholder instead of a human-readable zone + // name. With 'I', a 1 means the date is in DST, and 0 if not. + variable_set('date_format_medium', 'Y-m-d H:i I'); // Create a user account and login. $web_user = $this->drupalCreateUser(); @@ -1547,11 +1609,11 @@ class UserTimeZoneFunctionalTest extends DrupalWebTestCase { // Confirm date format and time zone. $this->drupalGet("node/$node1->nid"); - $this->assertText('2007-03-09 21:00 PST', 'Date should be PST.'); + $this->assertText('2007-03-09 21:00 0', 'Date should be PST.'); $this->drupalGet("node/$node2->nid"); - $this->assertText('2007-03-11 01:00 PST', 'Date should be PST.'); + $this->assertText('2007-03-11 01:00 0', 'Date should be PST.'); $this->drupalGet("node/$node3->nid"); - $this->assertText('2007-03-20 21:00 PDT', 'Date should be PDT.'); + $this->assertText('2007-03-20 21:00 1', 'Date should be PDT.'); // Change user time zone to Santiago time. $edit = array(); @@ -1562,11 +1624,11 @@ class UserTimeZoneFunctionalTest extends DrupalWebTestCase { // Confirm date format and time zone. $this->drupalGet("node/$node1->nid"); - $this->assertText('2007-03-10 02:00 CLST', 'Date should be Chile summer time; five hours ahead of PST.'); + $this->assertText('2007-03-10 02:00 1', 'Date should be Chile summer time; five hours ahead of PST.'); $this->drupalGet("node/$node2->nid"); - $this->assertText('2007-03-11 05:00 CLT', 'Date should be Chile time; four hours ahead of PST'); + $this->assertText('2007-03-11 05:00 0', 'Date should be Chile time; four hours ahead of PST'); $this->drupalGet("node/$node3->nid"); - $this->assertText('2007-03-21 00:00 CLT', 'Date should be Chile time; three hours ahead of PDT.'); + $this->assertText('2007-03-21 00:00 0', 'Date should be Chile time; three hours ahead of PDT.'); } }