diff options
| -rw-r--r-- | modules/user/user.module | 29 | ||||
| -rw-r--r-- | modules/user/user.test | 80 |
2 files changed, 26 insertions, 83 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index 50bf43fdd..f1a8593b7 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -139,6 +139,9 @@ function user_external_login($account, $edit = array()) { * An associative array of attributes to search for in selecting the * user, such as user name or e-mail address. * + * @return + * A fully-loaded $user object upon successful user load or FALSE if user + * cannot be loaded. */ function user_load($array = array()) { // Dynamically compose a SQL query: @@ -209,7 +212,7 @@ function user_load($array = array()) { * (optional) The category for storing profile information in. * * @return - * A fully-loaded $user object. + * A fully-loaded $user object upon successful save or FALSE if the save failed. */ function user_save($account, $edit = array(), $category = 'account') { $table = drupal_get_schema('users'); @@ -253,7 +256,11 @@ function user_save($account, $edit = array(), $category = 'account') { $edit['data'] = $data; $edit['uid'] = $account->uid; // Save changes to the users table. - drupal_write_record('users', $edit, 'uid'); + $success = drupal_write_record('users', $edit, 'uid'); + if (!$success) { + // The query failed - better to abort the save than risk further data loss. + return FALSE; + } // Reload user roles if provided. if (isset($edit['roles']) && is_array($edit['roles'])) { @@ -301,7 +308,12 @@ function user_save($account, $edit = array(), $category = 'account') { $edit['access'] = REQUEST_TIME; } - drupal_write_record('users', $edit); + $success = drupal_write_record('users', $edit); + if (!$success) { + // On a failed INSERT some other existing user's uid may be returned. + // We must abort to avoid overwriting their account. + return FALSE; + } // Build the initial user object. $user = user_load(array('uid' => $edit['uid'])); @@ -1401,6 +1413,11 @@ function user_external_login_register($name, $module) { 'access' => REQUEST_TIME ); $account = user_save('', $userinfo); + // Terminate if an error occured during user_save(). + if (!$account) { + drupal_set_message(t("Error saving user account."), 'error'); + return; + } user_set_authmaps($account, array("authname_$module" => $name)); $user = $account; watchdog('user', 'New external user: %name using module %module.', array('%name' => $name, '%module' => $module), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $user->uid . '/edit')); @@ -2270,6 +2287,12 @@ function user_register_submit($form, &$form_state) { $merge_data['status'] = variable_get('user_register', 1) == 1; } $account = user_save('', array_merge($form_state['values'], $merge_data)); + // Terminate if an error occured during user_save(). + if (!$account) { + drupal_set_message(t("Error saving user account."), 'error'); + $form_state['redirect'] = ''; + return; + } $form_state['user'] = $account; watchdog('user', 'New user: %name (%email).', array('%name' => $name, '%email' => $mail), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $account->uid . '/edit')); diff --git a/modules/user/user.test b/modules/user/user.test index 82f1ca66e..91e1df32e 100644 --- a/modules/user/user.test +++ b/modules/user/user.test @@ -570,83 +570,3 @@ class UserAutocompleteTestCase extends DrupalWebTestCase { $this->assertRaw($this->unprivileged_user->name, t('User name found in autocompletion results.')); } } - -/** - * Test user roles. - */ -class RoleAdministrationTestCase extends DrupalWebTestCase { - - /** - * Implementation of getInfo(). - */ - function getInfo() { - return array( - 'name' => t('Role administration'), - 'description' => t('Tests addition and deletion of roles and whether users can be assigned and removed from roles.'), - 'group' => t('User') - ); - } - - /** - * Implementation of setUp(). - */ - function setUp() { - parent::setUp(); - $this->admin_user = $this->drupalCreateUser(array('administer users', 'administer permissions')); - $this->drupalLogin($this->admin_user); - } - - /** - * Add a role to the site. - */ - function testAddRole() { - $edit['name'] = 'test_role'; - $this->drupalPost('admin/user/roles', $edit, t('Add role')); - $this->assertText(t('The role has been added.'), t('New role submitted through form.')); - - $result = db_query('SELECT rid FROM {role} WHERE name = "test_role"'); - $this->assertTrue($result->fetch(), 'New role added to database.'); - } - - /** - * Delete a role from the site. - */ - function testDeleteRole() { - // Determine largest rid - $rid = db_query('SELECT max(rid) FROM {role}')->fetchField(); - - $this->drupalPost('admin/user/roles/edit/' . $rid, array(), t('Delete role')); - $this->assertText(t('The role has been deleted.'), t('Role deleted through form.')); - $result = db_query('SELECT rid FROM {role} WHERE rid = :rid', array(':rid' => $rid)); - $this->assertFalse($result->fetch(), 'Role deleted from database.'); - } - - /** - * Adds a user to an existing role and removes them from the role. - */ - function testAddAndRemoveUserFromRole() { - // Add a user to an existing role - $regular_user = $this->drupalCreateUser(array()); - $rid = db_query('SELECT max(rid) FROM {role}')->fetchField(); - $uid = $regular_user->uid; - $edit['roles[' . $rid . ']'] = $rid; - $this->drupalPost("user/$uid/edit", $edit, t('Save')); - $this->assertText(t('The changes have been saved.'), t('User added to role through form.')); - $result = db_query('SELECT * FROM {users_roles} WHERE uid = :uid AND rid = :rid', - array(':uid' => $uid, - ':rid' => $rid) - ); - $this->assertTrue($result->fetch(), 'Assigned user to a role'); - - // Remove a user from an existing role - $edit['roles[' . $rid . ']'] = FALSE; - $this->drupalPost("user/$uid/edit", $edit, t('Save')); - $this->assertText(t('The changes have been saved.'), t('User removed from role through form.')); - $result = db_query('SELECT * FROM {users_roles} WHERE uid = :uid AND rid = :rid', - array(':uid' => $uid, - ':rid' => $rid) - ); - $this->assertFalse($result->fetch(), 'Removed user from a role'); - } - -} |