diff options
author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-02-11 03:08:05 +0000 |
---|---|---|
committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-02-11 03:08:05 +0000 |
commit | ae716002a397067a461b2ed21886b121364b0c52 (patch) | |
tree | b83e27f918ef24c7917a3ec91ff87f2fdb212d45 /modules/openid | |
parent | 41019a83628224ffe49f782688c81b889587b2b5 (diff) | |
download | brdo-ae716002a397067a461b2ed21886b121364b0c52.tar.gz brdo-ae716002a397067a461b2ed21886b121364b0c52.tar.bz2 |
#542180 by David_Rothstein and c960657: Fixed OpenID does not deal with blocked users correctly.
Diffstat (limited to 'modules/openid')
-rw-r--r-- | modules/openid/openid.module | 3 | ||||
-rw-r--r-- | modules/openid/openid.test | 36 |
2 files changed, 38 insertions, 1 deletions
diff --git a/modules/openid/openid.module b/modules/openid/openid.module index f24ff75c0..59abd6387 100644 --- a/modules/openid/openid.module +++ b/modules/openid/openid.module @@ -437,7 +437,8 @@ function openid_authentication($response) { if (isset($account->uid)) { if (!variable_get('user_email_verification', TRUE) || $account->login) { // Check if user is blocked. - user_login_name_validate(array(), $state, (array)$account); + $state['values']['name'] = $account->name; + user_login_name_validate(array(), $state); if (!form_get_errors()) { // Load global $user and perform final login tasks. $form_state['uid'] = $account->uid; diff --git a/modules/openid/openid.test b/modules/openid/openid.test index d7cea7fc4..2d20f1dba 100644 --- a/modules/openid/openid.test +++ b/modules/openid/openid.test @@ -131,6 +131,42 @@ class OpenIDFunctionalTest extends DrupalWebTestCase { } /** + * Test that a blocked user cannot log in. + */ + function testBlockedUserLogin() { + // Use a User-supplied Identity that is the URL of an XRDS document. + $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE)); + + // Log in and add an OpenID Identity to the account. + $this->drupalLogin($this->web_user); + $this->addIdentity($identity); + $this->drupalLogout(); + + // Log in as an admin user and block the account. + $admin_user = $this->drupalCreateUser(array('administer users')); + $this->drupalLogin($admin_user); + $this->drupalGet('admin/people'); + $edit = array( + 'operation' => 'block', + 'accounts[' . $this->web_user->uid . ']' => TRUE, + ); + $this->drupalPost('admin/people', $edit, t('Update')); + $this->assertRaw('The update has been performed.', t('Account was blocked.')); + $this->drupalLogout(); + + // Fill out and submit the login form. + $edit = array('openid_identifier' => $identity); + $this->drupalPost(NULL, $edit, t('Log in')); + + // Check we are on the OpenID redirect form. + $this->assertTitle(t('OpenID redirect'), t('OpenID redirect page was displayed.')); + + // Submit form to the OpenID Provider Endpoint. + $this->drupalPost(NULL, array(), t('Send')); + $this->assertRaw(t('The username %name has not been activated or is blocked.', array('%name' => $this->web_user->name)), t('User login was blocked.')); + } + + /** * Add OpenID identity to user's profile. * * @param $identity |