CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
user_pass_reset_url example
$edit['name'] = $name = $this->randomMachineName();
$edit['mail'] = $mail = $edit['name'] . '@example.com';
$this->drupalGet('user/register');
$this->submitForm($edit, 'Create new account');
$this->assertSession()->pageTextContains('A welcome message with further instructions has been sent to your email address.');
/** @var EntityStorageInterface $storage */
$storage = $this->container->get('entity_type.manager')->getStorage('user');
$accounts = $storage->loadByProperties(['name' => $name, 'mail' => $mail]);
$new_user = reset($accounts);
$this->assertTrue($new_user->isActive(), 'New account is active after registration.');
$resetURL = user_pass_reset_url($new_user);
$this->drupalGet($resetURL);
$this->assertSession()->titleEquals('Set password | Drupal');
// Allow registration by site visitors, but require administrator approval. $config->set('register', UserInterface::REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL)->save();
$edit = [];
$edit['name'] = $name = $this->randomMachineName();
$edit['mail'] = $mail = $edit['name'] . '@example.com';
$this->drupalGet('user/register');
$this->submitForm($edit, 'Create new account');
$this->container->get('entity_type.manager')->getStorage('user')->resetCache();
$edit['mail'] = $mail = $edit['name'] . '@example.com';
$this->drupalGet('user/register');
$this->submitForm($edit, 'Create new account');
$this->assertSession()->pageTextContains('A welcome message with further instructions has been sent to your email address.');
/** @var EntityStorageInterface $storage */
$storage = $this->container->get('entity_type.manager')->getStorage('user');
$accounts = $storage->loadByProperties(['name' => $name, 'mail' => $mail]);
$new_user = reset($accounts);
$this->assertTrue($new_user->isActive(), 'New account is active after registration.');
$resetURL = user_pass_reset_url($new_user);
$this->drupalGet($resetURL);
$this->assertSession()->titleEquals('Set password | Drupal');
// Allow registration by site visitors, but require administrator approval. $config->set('register', UserInterface::REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL)->save();
$edit = [];
$edit['name'] = $name = $this->randomMachineName();
$edit['mail'] = $mail = $edit['name'] . '@example.com';
$this->drupalGet('user/register');
$this->submitForm($edit, 'Create new account');
$this->container->get('entity_type.manager')->getStorage('user')->resetCache();
$kernel->boot();
$kernel->preHandle($request);
$container = $kernel->getContainer();
$uid = $input->getArgument('uid');
if (!is_numeric($uid)) {
throw new InvalidArgumentException(sprintf('The "uid" argument needs to be an integer, but it is "%s".', $uid));
}
$userEntity = $container->get('entity_type.manager')
->getStorage('user')
->load($uid);
$url = user_pass_reset_url($userEntity) . '/login';
$output->writeln($url);
return 0;
}
}
$kernel->preHandle($request);
$container = $kernel->getContainer();
$uid = $input->getArgument('uid');
if (!is_numeric($uid)) {
throw new InvalidArgumentException(sprintf('The "uid" argument needs to be an integer, but it is "%s".', $uid));
}
$userEntity = $container->get('entity_type.manager')
->getStorage('user')
->load($uid);
$url = user_pass_reset_url($userEntity) . '/login';
$output->writeln($url);
return 0;
}
}
/** * Gets a one time login URL for user 1. * * @return string * The one time login URL for user 1. */
protected function getOneTimeLoginUrl() {
$user = User::load(1);
\Drupal::moduleHandler()->load('user');
return user_pass_reset_url($user);
}
/** * Starts up a webserver with a running Drupal. * * @param string $host * The hostname of the webserver. * @param int $port * The port to start the webserver on. * @param \Drupal\Core\DrupalKernelInterface $kernel * The Drupal kernel. * @param \Symfony\Component\Console\Input\InputInterface $input * The input. * @param \Symfony\Component\Console\Style\SymfonyStyle $io * The IO. * * @return int * The exit status of the PHP in-built webserver command. */
->fields(['pass' => NULL])
->condition('uid', [$user1->id(), $user2->id()], 'IN')
->execute();
\Drupal::entityTypeManager()->getStorage('user')->resetCache();
$user1 = User::load($user1->id());
$user2 = User::load($user2->id());
$this->assertEquals($user2->getPassword(), $user1->getPassword(), 'Both users have the same password hash.');
// The password reset URL must not be valid for the second user when only // the user ID is changed in the URL. $reset_url = user_pass_reset_url($user1);
$attack_reset_url = str_replace("user/reset/{$user1->id()}", "user/reset/{$user2->id()}", $reset_url);
$this->drupalGet($attack_reset_url);
// Verify that the invalid password reset page does not show the user name. $this->assertSession()->pageTextNotContains($user2->getAccountName());
$this->assertSession()->addressEquals('user/password');
$this->assertSession()->pageTextContains('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');
$this->drupalGet($attack_reset_url . '/login');
// Verify that the invalid password reset page does not show the user name. $this->assertSession()->pageTextNotContains($user2->getAccountName());
$this->assertSession()->addressEquals('user/password');
$this->assertSession()->pageTextContains('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');
}
->condition('uid', [$user1->id(), $user2->id()], 'IN')
->execute();
\Drupal::entityTypeManager()->getStorage('user')->resetCache();
$user1 = User::load($user1->id());
$user2 = User::load($user2->id());
$this->assertEquals($user2->getPassword(), $user1->getPassword(), 'Both users have the same password hash.');
// The password reset URL must not be valid for the second user when only // the user ID is changed in the URL. $reset_url = user_pass_reset_url($user1);
$attack_reset_url = str_replace("user/reset/{$user1->id()}", "user/reset/{$user2->id()}", $reset_url);
$this->drupalGet($attack_reset_url);
// Verify that the invalid password reset page does not show the user name. $this->assertSession()->pageTextNotContains($user2->getAccountName());
$this->assertSession()->addressEquals('user/password');
$this->assertSession()->pageTextContains('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');
$this->drupalGet($attack_reset_url . '/login');
// Verify that the invalid password reset page does not show the user name. $this->assertSession()->pageTextNotContains($user2->getAccountName());
$this->assertSession()->addressEquals('user/password');
$this->assertSession()->pageTextContains('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');
}
$metadata_tests['[user:display-name]'] = $bubbleable_metadata;
foreach ($tests as $input => $expected) {
$bubbleable_metadata = new BubbleableMetadata();
$output = $token_service->replace($input, ['user' => $anonymous_user], ['langcode' => $language_interface->getId()], $bubbleable_metadata);
$this->assertSame((string) $expected, (string) $output, "Failed test case: {$input}");
$this->assertEquals($metadata_tests[$input], $bubbleable_metadata);
}
// Generate login and cancel link. $tests = [];
$tests['[user:one-time-login-url]'] = user_pass_reset_url($account);
$tests['[user:cancel-url]'] = user_cancel_url($account);
// Generate tokens with interface language. $link = Url::fromRoute('user.page', [], ['absolute' => TRUE])->toString();
foreach ($tests as $input => $expected) {
$output = $token_service->replace($input, ['user' => $account], ['langcode' => $language_interface->getId(), 'callback' => 'user_mail_tokens', 'clear' => TRUE]);
$this->assertStringStartsWith($link, $output, 'Generated URL is in interface language.');
}
// Generate tokens with the user's preferred language. $account->preferred_langcode = 'de';
foreach ($tests as $input => $expected) {
$bubbleable_metadata = new BubbleableMetadata();
$output = $token_service->replace($input, ['user' => $anonymous_user], ['langcode' => $language_interface->getId()], $bubbleable_metadata);
$this->assertSame((string) $expected, (string) $output, "Failed test case: {$input}");
$this->assertEquals($metadata_tests[$input], $bubbleable_metadata);
}
// Generate login and cancel link. $tests = [];
$tests['[user:one-time-login-url]'] = user_pass_reset_url($account);
$tests['[user:cancel-url]'] = user_cancel_url($account);
// Generate tokens with interface language. $link = Url::fromRoute('user.page', [], ['absolute' => TRUE])->toString();
foreach ($tests as $input => $expected) {
$output = $token_service->replace($input, ['user' => $account], ['langcode' => $language_interface->getId(), 'callback' => 'user_mail_tokens', 'clear' => TRUE]);
$this->assertStringStartsWith($link, $output, 'Generated URL is in interface language.');
}
// Generate tokens with the user's preferred language. $account->preferred_langcode = 'de';