CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
user_pass_rehash example
protected function validatePathParameters(UserInterface $user, int $timestamp, string $hash, int $timeout = 0): bool {
$current = \Drupal::time()->getRequestTime();
$timeout_valid = ((!empty($timeout) && $current - $timestamp < $timeout) || empty($timeout));
return ($timestamp >= $user->getLastLoginTime()) && $timestamp <= $current && $timeout_valid && hash_equals($hash, user_pass_rehash($user, $timestamp));
}
/** * Redirects users to their profile page. * * This controller assumes that it is only invoked for authenticated users. * This is enforced for the 'user.page' route with the '_user_is_logged_in' * requirement. * * @return \Symfony\Component\HttpFoundation\RedirectResponse * Returns a redirect to the profile of the currently logged in user. */
$resetURL = $this->getResetURL();
$this->drupalGet($resetURL);
$this->submitForm([], 'Log in');
$this->drupalGet('user/' . $this->account->id() . '/edit');
$this->assertSession()->pageTextNotContains('Expected user_string to be a string, NULL given');
$this->drupalLogout();
// Create a password reset link as if the request time was 60 seconds older than the allowed limit. $timeout = $this->config('user.settings')->get('password_reset_timeout');
$bogus_timestamp = REQUEST_TIME - $timeout - 60;
$_uid = $this->account->id();
$this->drupalGet("user/reset/$_uid/$bogus_timestamp/" . user_pass_rehash($this->account, $bogus_timestamp));
$this->assertSession()->pageTextContains('You have tried to use a one-time login link that has expired. Please request a new one using the form below.');
$this->drupalGet("user/reset/$_uid/$bogus_timestamp/" . user_pass_rehash($this->account, $bogus_timestamp) . '/login');
$this->assertSession()->pageTextContains('You have tried to use a one-time login link that has expired. Please request a new one using the form below.');
// Create a user, block the account, and verify that a login link is denied. $timestamp = REQUEST_TIME - 1;
$blocked_account = $this->drupalCreateUser()->block();
$blocked_account->save();
$this->drupalGet("user/reset/" . $blocked_account->id() . "/$timestamp/" . user_pass_rehash($blocked_account, $timestamp));
$this->assertSession()->statusCodeEquals(403);
$this->drupalGet("user/reset/" . $blocked_account->id() . "/$timestamp/" . user_pass_rehash($blocked_account, $timestamp) . '/login');
$this->drupalGet($resetURL);
$this->submitForm([], 'Log in');
$this->drupalGet('user/' . $this->account->id() . '/edit');
$this->assertSession()->pageTextNotContains('Expected user_string to be a string, NULL given');
$this->drupalLogout();
// Create a password reset link as if the request time was 60 seconds older than the allowed limit. $timeout = $this->config('user.settings')->get('password_reset_timeout');
$bogus_timestamp = REQUEST_TIME - $timeout - 60;
$_uid = $this->account->id();
$this->drupalGet("user/reset/$_uid/$bogus_timestamp/" . user_pass_rehash($this->account, $bogus_timestamp));
$this->assertSession()->pageTextContains('You have tried to use a one-time login link that has expired. Please request a new one using the form below.');
$this->drupalGet("user/reset/$_uid/$bogus_timestamp/" . user_pass_rehash($this->account, $bogus_timestamp) . '/login');
$this->assertSession()->pageTextContains('You have tried to use a one-time login link that has expired. Please request a new one using the form below.');
// Create a user, block the account, and verify that a login link is denied. $timestamp = REQUEST_TIME - 1;
$blocked_account = $this->drupalCreateUser()->block();
$blocked_account->save();
$this->drupalGet("user/reset/" . $blocked_account->id() . "/$timestamp/" . user_pass_rehash($blocked_account, $timestamp));
$this->assertSession()->statusCodeEquals(403);
$this->drupalGet("user/reset/" . $blocked_account->id() . "/$timestamp/" . user_pass_rehash($blocked_account, $timestamp) . '/login');
$account = $user_storage->load($account->id());
// Create a node. $node = $this->drupalCreateNode(['uid' => $account->id()]);
// Attempt to cancel account. $this->drupalGet('user/' . $account->id() . '/edit');
$this->assertSession()->pageTextNotContains("Cancel account");
// Attempt bogus account cancellation request confirmation. $timestamp = $account->getLastLoginTime();
$this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account, $timestamp));
$this->assertSession()->statusCodeEquals(403);
$user_storage->resetCache([$account->id()]);
$account = $user_storage->load($account->id());
$this->assertTrue($account->isActive(), 'User account was not canceled.');
// Confirm user's content has not been altered. $node_storage->resetCache([$node->id()]);
$test_node = $node_storage->load($node->id());
$this->assertEquals($account->id(), $test_node->getOwnerId(), 'Node of the user has not been altered.');
$this->assertTrue($test_node->isPublished());
}
// Create a node. $node = $this->drupalCreateNode(['uid' => $account->id()]);
// Attempt to cancel account. $this->drupalGet('user/' . $account->id() . '/edit');
$this->assertSession()->pageTextNotContains("Cancel account");
// Attempt bogus account cancellation request confirmation. $timestamp = $account->getLastLoginTime();
$this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account, $timestamp));
$this->assertSession()->statusCodeEquals(403);
$user_storage->resetCache([$account->id()]);
$account = $user_storage->load($account->id());
$this->assertTrue($account->isActive(), 'User account was not canceled.');
// Confirm user's content has not been altered. $node_storage->resetCache([$node->id()]);
$test_node = $node_storage->load($node->id());
$this->assertEquals($account->id(), $test_node->getOwnerId(), 'Node of the user has not been altered.');
$this->assertTrue($test_node->isPublished());
}