$resetURL =
$this->
getResetURL();
$this->
drupalGet($resetURL);
$this->
submitForm([], 'Log in'
);
$this->
drupalGet('user/' .
$this->account->
id() . '/edit'
);
$this->
assertSession()->
pageTextNotContains('Expected user_string to be a string, NULL given'
);
$this->
drupalLogout();
// Create a password reset link as if the request time was 60 seconds older than the allowed limit.
$timeout =
$this->
config('user.settings'
)->
get('password_reset_timeout'
);
$bogus_timestamp = REQUEST_TIME -
$timeout - 60;
$_uid =
$this->account->
id();
$this->
drupalGet("user/reset/
$_uid/
$bogus_timestamp/" .
user_pass_rehash($this->account,
$bogus_timestamp));
$this->
assertSession()->
pageTextContains('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'
);
$this->
drupalGet("user/reset/
$_uid/
$bogus_timestamp/" .
user_pass_rehash($this->account,
$bogus_timestamp) . '/login'
);
$this->
assertSession()->
pageTextContains('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'
);
// Create a user, block the account, and verify that a login link is denied.
$timestamp = REQUEST_TIME - 1;
$blocked_account =
$this->
drupalCreateUser()->
block();
$blocked_account->
save();
$this->
drupalGet("user/reset/" .
$blocked_account->
id() . "/
$timestamp/" .
user_pass_rehash($blocked_account,
$timestamp));
$this->
assertSession()->
statusCodeEquals(403
);
$this->
drupalGet("user/reset/" .
$blocked_account->
id() . "/
$timestamp/" .
user_pass_rehash($blocked_account,
$timestamp) . '/login'
);