user_pass_rehash example


  protected function validatePathParameters(UserInterface $user, int $timestamp, string $hash, int $timeout = 0): bool {
    $current = \Drupal::time()->getRequestTime();
    $timeout_valid = ((!empty($timeout) && $current - $timestamp < $timeout) || empty($timeout));
    return ($timestamp >= $user->getLastLoginTime()) && $timestamp <= $current && $timeout_valid && hash_equals($hashuser_pass_rehash($user$timestamp));
  }

  /** * Redirects users to their profile page. * * This controller assumes that it is only invoked for authenticated users. * This is enforced for the 'user.page' route with the '_user_is_logged_in' * requirement. * * @return \Symfony\Component\HttpFoundation\RedirectResponse * Returns a redirect to the profile of the currently logged in user. */
    $resetURL = $this->getResetURL();
    $this->drupalGet($resetURL);
    $this->submitForm([], 'Log in');
    $this->drupalGet('user/' . $this->account->id() . '/edit');
    $this->assertSession()->pageTextNotContains('Expected user_string to be a string, NULL given');
    $this->drupalLogout();

    // Create a password reset link as if the request time was 60 seconds older than the allowed limit.     $timeout = $this->config('user.settings')->get('password_reset_timeout');
    $bogus_timestamp = REQUEST_TIME - $timeout - 60;
    $_uid = $this->account->id();
    $this->drupalGet("user/reset/$_uid/$bogus_timestamp/" . user_pass_rehash($this->account, $bogus_timestamp));
    $this->assertSession()->pageTextContains('You have tried to use a one-time login link that has expired. Please request a new one using the form below.');
    $this->drupalGet("user/reset/$_uid/$bogus_timestamp/" . user_pass_rehash($this->account, $bogus_timestamp) . '/login');
    $this->assertSession()->pageTextContains('You have tried to use a one-time login link that has expired. Please request a new one using the form below.');

    // Create a user, block the account, and verify that a login link is denied.     $timestamp = REQUEST_TIME - 1;
    $blocked_account = $this->drupalCreateUser()->block();
    $blocked_account->save();
    $this->drupalGet("user/reset/" . $blocked_account->id() . "/$timestamp/" . user_pass_rehash($blocked_account$timestamp));
    $this->assertSession()->statusCodeEquals(403);
    $this->drupalGet("user/reset/" . $blocked_account->id() . "/$timestamp/" . user_pass_rehash($blocked_account$timestamp) . '/login');
    
$account = $user_storage->load($account->id());

    // Create a node.     $node = $this->drupalCreateNode(['uid' => $account->id()]);

    // Attempt to cancel account.     $this->drupalGet('user/' . $account->id() . '/edit');
    $this->assertSession()->pageTextNotContains("Cancel account");

    // Attempt bogus account cancellation request confirmation.     $timestamp = $account->getLastLoginTime();
    $this->drupalGet("user/" . $account->id() . "/cancel/confirm/$timestamp/" . user_pass_rehash($account$timestamp));
    $this->assertSession()->statusCodeEquals(403);
    $user_storage->resetCache([$account->id()]);
    $account = $user_storage->load($account->id());
    $this->assertTrue($account->isActive(), 'User account was not canceled.');

    // Confirm user's content has not been altered.     $node_storage->resetCache([$node->id()]);
    $test_node = $node_storage->load($node->id());
    $this->assertEquals($account->id()$test_node->getOwnerId(), 'Node of the user has not been altered.');
    $this->assertTrue($test_node->isPublished());
  }

  
Home | Imprint | This part of the site doesn't use cookies.