core security update
This commit is contained in:
Bachir Soussi Chiadmi
@@ -480,6 +480,34 @@ class UserPasswordResetTestCase extends DrupalWebTestCase {
|
||||
$this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.');
|
||||
}
|
||||
|
||||
/**
|
||||
* Test user password reset while logged in.
|
||||
*/
|
||||
function testUserPasswordResetLoggedIn() {
|
||||
$account = $this->drupalCreateUser();
|
||||
$this->drupalLogin($account);
|
||||
// Make sure the test account has a valid password.
|
||||
user_save($account, array('pass' => user_password()));
|
||||
|
||||
// Generate one time login link.
|
||||
$reset_url = user_pass_reset_url($account);
|
||||
$this->drupalGet($reset_url);
|
||||
|
||||
$this->assertText('Reset password');
|
||||
$this->drupalPost(NULL, NULL, t('Log in'));
|
||||
|
||||
$this->assertText('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.');
|
||||
|
||||
$pass = user_password();
|
||||
$edit = array(
|
||||
'pass[pass1]' => $pass,
|
||||
'pass[pass2]' => $pass,
|
||||
);
|
||||
$this->drupalPost(NULL, $edit, t('Save'));
|
||||
|
||||
$this->assertText('The changes have been saved.');
|
||||
}
|
||||
|
||||
/**
|
||||
* Attempts login using an expired password reset link.
|
||||
*/
|
||||
@@ -1849,6 +1877,19 @@ class UserCreateTestCase extends DrupalWebTestCase {
|
||||
$this->drupalGet('admin/people');
|
||||
$this->assertText($edit['name'], 'User found in list of users');
|
||||
}
|
||||
|
||||
// Test that the password '0' is considered a password.
|
||||
$name = $this->randomName();
|
||||
$edit = array(
|
||||
'name' => $name,
|
||||
'mail' => $name . '@example.com',
|
||||
'pass[pass1]' => 0,
|
||||
'pass[pass2]' => 0,
|
||||
'notify' => FALSE,
|
||||
);
|
||||
$this->drupalPost('admin/people/create', $edit, t('Create new account'));
|
||||
$this->assertText(t('Created a new user account for @name. No e-mail has been sent.', array('@name' => $edit['name'])), 'User created with password 0');
|
||||
$this->assertNoText('Password field is required');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1926,6 +1967,74 @@ class UserEditTestCase extends DrupalWebTestCase {
|
||||
$this->drupalLogin($user1);
|
||||
$this->drupalLogout();
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests setting the password to "0".
|
||||
*/
|
||||
public function testUserWith0Password() {
|
||||
$admin = $this->drupalCreateUser(array('administer users'));
|
||||
$this->drupalLogin($admin);
|
||||
// Create a regular user.
|
||||
$user1 = $this->drupalCreateUser(array());
|
||||
|
||||
$edit = array('pass[pass1]' => '0', 'pass[pass2]' => '0');
|
||||
$this->drupalPost("user/" . $user1->uid . "/edit", $edit, t('Save'));
|
||||
$this->assertRaw(t("The changes have been saved."));
|
||||
|
||||
$this->drupalLogout();
|
||||
$user1->pass_raw = '0';
|
||||
$this->drupalLogin($user1);
|
||||
$this->drupalLogout();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests editing a user account with and without a form rebuild.
|
||||
*/
|
||||
class UserEditRebuildTestCase extends DrupalWebTestCase {
|
||||
|
||||
public static function getInfo() {
|
||||
return array(
|
||||
'name' => 'User edit with form rebuild',
|
||||
'description' => 'Test user edit page when a form rebuild is triggered.',
|
||||
'group' => 'User',
|
||||
);
|
||||
}
|
||||
|
||||
function setUp() {
|
||||
parent::setUp('user_form_test');
|
||||
}
|
||||
|
||||
/**
|
||||
* Test user edit page when the form is set to rebuild.
|
||||
*/
|
||||
function testUserEditFormRebuild() {
|
||||
$user1 = $this->drupalCreateUser(array('change own username'));
|
||||
$this->drupalLogin($user1);
|
||||
|
||||
$roles = array_keys($user1->roles);
|
||||
// Save the user form twice.
|
||||
$edit = array();
|
||||
$edit['current_pass'] = $user1->pass_raw;
|
||||
$this->drupalPost("user/$user1->uid/edit", $edit, t('Save'));
|
||||
$this->assertRaw(t("The changes have been saved."));
|
||||
$this->drupalPost(NULL, $edit, t('Save'));
|
||||
$this->assertRaw(t("The changes have been saved."));
|
||||
$saved_user1 = entity_load_unchanged('user', $user1->uid);
|
||||
$this->assertEqual(count($roles), count($saved_user1->roles), 'Count of user roles in database matches original count.');
|
||||
$diff = array_diff(array_keys($saved_user1->roles), $roles);
|
||||
$this->assertTrue(empty($diff), format_string('User roles in database match original: @roles', array('@roles' => implode(', ', $saved_user1->roles))));
|
||||
// Set variable that causes the form to be rebuilt in user_form_test.module.
|
||||
variable_set('user_form_test_user_profile_form_rebuild', TRUE);
|
||||
$this->drupalPost("user/$user1->uid/edit", $edit, t('Save'));
|
||||
$this->assertRaw(t("The changes have been saved."));
|
||||
$this->drupalPost(NULL, $edit, t('Save'));
|
||||
$this->assertRaw(t("The changes have been saved."));
|
||||
$saved_user1 = entity_load_unchanged('user', $user1->uid);
|
||||
$this->assertEqual(count($roles), count($saved_user1->roles), 'Count of user roles in database matches original count.');
|
||||
$diff = array_diff(array_keys($saved_user1->roles), $roles);
|
||||
$this->assertTrue(empty($diff), format_string('User roles in database match original: @roles', array('@roles' => implode(', ', $saved_user1->roles))));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -2095,12 +2204,16 @@ class UserRoleAdminTestCase extends DrupalWebTestCase {
|
||||
$this->assertFalse(user_role_load_by_name($old_name), 'The role can no longer be retrieved from the database using its old name.');
|
||||
$this->assertTrue(is_object(user_role_load_by_name($role_name)), 'The role can be retrieved from the database using its new name.');
|
||||
|
||||
// Test deleting a role.
|
||||
// Test deleting the default administrator role.
|
||||
$role_name = 'administrator';
|
||||
$role = user_role_load_by_name($role_name);
|
||||
$this->drupalPost("admin/people/permissions/roles/edit/{$role->rid}", NULL, t('Delete role'));
|
||||
$this->drupalPost(NULL, NULL, t('Delete'));
|
||||
$this->assertText(t('The role has been deleted.'), 'The role has been deleted');
|
||||
$this->assertNoLinkByHref("admin/people/permissions/roles/edit/{$role->rid}", 'Role edit link removed.');
|
||||
$this->assertFalse(user_role_load_by_name($role_name), 'A deleted role can no longer be loaded.');
|
||||
// Make sure this role is no longer configured as the administrator role.
|
||||
$this->assertNull(variable_get('user_admin_role'), 'The administrator role is no longer configured as the administrator role.');
|
||||
|
||||
// Make sure that the system-defined roles cannot be edited via the user
|
||||
// interface.
|
||||
@@ -2226,6 +2339,20 @@ class UserUserSearchTestCase extends DrupalWebTestCase {
|
||||
$this->drupalPost('search/user/', $edit, t('Search'));
|
||||
$this->assertText($keys);
|
||||
|
||||
// Verify that wildcard search works.
|
||||
$keys = $user1->name;
|
||||
$keys = substr($keys, 0, 2) . '*' . substr($keys, 4, 2);
|
||||
$edit = array('keys' => $keys);
|
||||
$this->drupalPost('search/user/', $edit, t('Search'));
|
||||
$this->assertText($user1->name, 'Search for username wildcard resulted in user name on page for administrative user.');
|
||||
|
||||
// Verify that wildcard search works for email.
|
||||
$keys = $user1->mail;
|
||||
$keys = substr($keys, 0, 2) . '*' . substr($keys, 4, 2);
|
||||
$edit = array('keys' => $keys);
|
||||
$this->drupalPost('search/user/', $edit, t('Search'));
|
||||
$this->assertText($user1->name, 'Search for email wildcard resulted in user name on page for administrative user.');
|
||||
|
||||
// Create a blocked user.
|
||||
$blocked_user = $this->drupalCreateUser();
|
||||
$edit = array('status' => 0);
|
||||
|
||||
Reference in New Issue
Block a user