diff options
| -rw-r--r-- | modules/user/user.module | 83 | ||||
| -rw-r--r-- | modules/user/user.test | 183 |
2 files changed, 136 insertions, 130 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index e2aa808c8..13479217f 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -2221,7 +2221,7 @@ function user_roles($membersonly = FALSE, $permission = NULL) { * @param $role * A string with the role name, or an integer with the role ID. * @return - * A fully-loaded role object if a role with the given name or ID + * A fully-loaded role object if a role with the given name or ID * exists, FALSE otherwise. */ function user_role_load($role) { @@ -2241,7 +2241,7 @@ function user_role_load($role) { * @return * Status constant indicating if role was created or updated. * Failure to write the user role record will return FALSE. Otherwise. - * SAVED_NEW or SAVED_UPDATED is returned depending on the operation + * SAVED_NEW or SAVED_UPDATED is returned depending on the operation * performed. */ function user_role_save($role) { @@ -2257,7 +2257,7 @@ function user_role_save($role) { $status = drupal_write_record('role', $role); module_invoke_all('user_role_insert', $role); } - + return $status; } @@ -2280,10 +2280,10 @@ function user_role_delete($role) { db_delete('users_roles') ->condition('rid', $role->rid) ->execute(); - + // Clear the user access cache. user_access(NULL, NULL, TRUE); - + module_invoke_all('user_role_delete', $role); } @@ -2295,7 +2295,7 @@ function user_role_delete($role) { * @param $permissions * An array of permissions strings. * @param $merge - * A boolean indicating whether to add permissions or to merge + * A boolean indicating whether to add permissions or to merge * with all existing permissions. */ function user_role_set_permissions($role, array $permissions = array(), $merge = FALSE) { @@ -2971,57 +2971,42 @@ function user_register_submit($form, &$form_state) { watchdog('user', 'New user: %name (%email).', array('%name' => $name, '%email' => $mail), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $account->uid . '/edit')); - // The first user may login immediately, and receives a customized welcome e-mail. - if ($account->uid == 1) { - drupal_set_message(t('Welcome to Drupal. You are now logged in as user #1, which gives you full control over your website.')); - if (variable_get('user_email_verification', TRUE)) { - drupal_set_message(t('</p><p> Your password is <strong>%pass</strong>. You may change your password below.</p>', array('%pass' => $pass))); - } - - $form_state['values'] += $merge_data; - user_authenticate(array_merge($form_state)); - - $form_state['redirect'] = 'user/1/edit'; + // Add plain text password into user account to generate mail tokens. + $account->password = $pass; + if ($admin && !$notify) { + drupal_set_message(t('Created a new user account for <a href="@url">%name</a>. No e-mail has been sent.', array('@url' => url("user/$account->uid"), '%name' => $account->name))); + } + elseif (!variable_get('user_email_verification', TRUE) && $account->status && !$admin) { + // No e-mail verification is required, create new user account, and login + // user immediately. + _user_mail_notify('register_no_approval_required', $account); + $form_state['uid'] = $account->uid; + user_login_submit(array(), $form_state); + drupal_set_message(t('Registration successful. You are now logged in.')); + $form_state['redirect'] = ''; return; } - else { - // Add plain text password into user account to generate mail tokens. - $account->password = $pass; - if ($admin && !$notify) { - drupal_set_message(t('Created a new user account for <a href="@url">%name</a>. No e-mail has been sent.', array('@url' => url("user/$account->uid"), '%name' => $account->name))); - } - elseif (!variable_get('user_email_verification', TRUE) && $account->status && !$admin) { - // No e-mail verification is required, create new user account, and login - // user immediately. - _user_mail_notify('register_no_approval_required', $account); - if (user_authenticate(array_merge($form_state['values'], $merge_data))) { - drupal_set_message(t('Registration successful. You are now logged in.')); - } - $form_state['redirect'] = ''; - return; - } - elseif ($account->status || $notify) { - // Create new user account, no administrator approval required. - $op = $notify ? 'register_admin_created' : 'register_no_approval_required'; - _user_mail_notify($op, $account); - if ($notify) { - drupal_set_message(t('Password and further instructions have been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url("user/$account->uid"), '%name' => $account->name))); - } - else { - drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.')); - $form_state['redirect'] = ''; - return; - } + elseif ($account->status || $notify) { + // Create new user account, no administrator approval required. + $op = $notify ? 'register_admin_created' : 'register_no_approval_required'; + _user_mail_notify($op, $account); + if ($notify) { + drupal_set_message(t('Password and further instructions have been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url("user/$account->uid"), '%name' => $account->name))); } else { - // Create new user account, administrator approval required. - _user_mail_notify('register_pending_approval', $account); - drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.<br />In the meantime, a welcome message with further instructions has been sent to your e-mail address.')); + drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.')); $form_state['redirect'] = ''; return; - } } + else { + // Create new user account, administrator approval required. + _user_mail_notify('register_pending_approval', $account); + drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.<br />In the meantime, a welcome message with further instructions has been sent to your e-mail address.')); + $form_state['redirect'] = ''; + return; + + } } /** diff --git a/modules/user/user.test b/modules/user/user.test index 9be01f80e..7cba7c065 100644 --- a/modules/user/user.test +++ b/modules/user/user.test @@ -5,109 +5,130 @@ class UserRegistrationTestCase extends DrupalWebTestCase { public static function getInfo() { return array( 'name' => 'User registration', - 'description' => 'Registers a user, fails login, resets password, successfully logs in with the one time password, fails password change, changes password, logs out, successfully logs in with the new password, visits profile page.', + 'description' => 'Test registration of user under different configurations.', 'group' => 'User' ); } - - /** - * Registers a user, fails login, resets password, successfully logs in with the one time password, - * changes password, logs out, successfully logs in with the new password, visits profile page. - * - * Assumes that the profile module is disabled. - */ - function testUserRegistration() { - // Set user registration to "Visitors can create accounts and no administrator approval is required." + + function testRegistrationWithEmailVerification() { + // Require e-mail verification. + variable_set('user_email_verification', TRUE); + + // Set registration to administrator only. + variable_set('user_register', 0); + $this->drupalGet('user/register'); + $this->assertResponse(403, t('Registration page is inaccessible when only administrators can create accounts.')); + + // Allow registration by site visitors without administrator approval. variable_set('user_register', 1); - - // Enable user-configurable time zones, and set the default time zone to Brussels time. - variable_set('configurable_timezones', 1); - variable_set('date_default_timezone', 'Europe/Brussels'); - $edit = array(); $edit['name'] = $name = $this->randomName(); $edit['mail'] = $mail = $edit['name'] . '@example.com'; $this->drupalPost('user/register', $edit, t('Create new account')); $this->assertText(t('Your password and further instructions have been sent to your e-mail address.'), t('User registered successfully.')); - - // Check database for created user. - $users = user_load_multiple(array(), array('name' => $name, 'mail' => $mail)); - $user = reset($users); - $this->assertTrue($user, t('User found in database.')); - $this->assertTrue($user->uid > 0, t('User has valid user id.')); - - // Check user fields. - $this->assertEqual($user->name, $name, t('Username matches.')); - $this->assertEqual($user->mail, $mail, t('E-mail address matches.')); - $this->assertEqual($user->theme, '', t('Correct theme field.')); - $this->assertEqual($user->signature, '', t('Correct signature field.')); - $this->assertTrue(($user->created > REQUEST_TIME - 20 ), t('Correct creation time.')); - $this->assertEqual($user->status, variable_get('user_register', 1) == 1 ? 1 : 0, t('Correct status field.')); - $this->assertEqual($user->timezone, variable_get('date_default_timezone'), t('Correct time zone field.')); - $this->assertEqual($user->language, '', t('Correct language field.')); - $this->assertEqual($user->picture, '', t('Correct picture field.')); - $this->assertEqual($user->init, $mail, t('Correct init field.')); - - // Attempt to login with incorrect password. + $new_user = reset(user_load_multiple(array(), array('name' => $name, 'mail' => $mail))); + $this->assertTrue($new_user->status, t('New account is active after registration.')); + + // Allow registration by site visitors, but require administrator approval. + variable_set('user_register', 2); $edit = array(); - $edit['name'] = $name; - $edit['pass'] = 'foo'; - $this->drupalPost('user', $edit, t('Log in')); - $this->assertText(t('Sorry, unrecognized username or password. Have you forgotten your password?'), t('Invalid login attempt failed.')); - - // Login using password reset page. - $url = user_pass_reset_url($user); - $this->drupalGet($url); - $this->assertText(t('This login can be used only once.'), t('Login can be used only once.')); - - $this->drupalPost(NULL, NULL, t('Log in')); - $this->assertText(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'), t('This link is no longer valid.')); - - // Check password type validation + $edit['name'] = $name = $this->randomName(); + $edit['mail'] = $mail = $edit['name'] . '@example.com'; + $this->drupalPost('user/register', $edit, t('Create new account')); + $new_user = reset(user_load_multiple(array(), array('name' => $name, 'mail' => $mail))); + $this->assertFalse($new_user->status, t('New account is blocked until approved by an administrator.')); + } + + function testRegistrationWithoutEmailVerification() { + // Don't require e-mail verification. + variable_set('user_email_verification', FALSE); + + // Allow registration by site visitors without administrator approval. + variable_set('user_register', 1); $edit = array(); + $edit['name'] = $name = $this->randomName(); + $edit['mail'] = $mail = $edit['name'] . '@example.com'; + + // Try entering a mismatching password. $edit['pass[pass1]'] = '99999.0'; $edit['pass[pass2]'] = '99999'; - $this->drupalPost(NULL, $edit, t('Save')); + $this->drupalPost('user/register', $edit, t('Create new account')); $this->assertText(t('The specified passwords do not match.'), t('Type mismatched passwords display an error message.')); - $this->assertNoText(t('The changes have been saved.'), t('Save user password with mismatched type in password confirm.')); - // Change user password. - $new_pass = user_password(); - $edit = array(); - $edit['pass[pass1]'] = $new_pass; + // Enter a correct password. + $edit['pass[pass1]'] = $new_pass = $this->randomName(); $edit['pass[pass2]'] = $new_pass; - $this->drupalPost(NULL, $edit, t('Save')); - $this->assertText(t('The changes have been saved.'), t('Password changed to @password', array('@password' => $new_pass))); - - // Make sure password changes are present in database. - require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); - - $user = user_load($user->uid, TRUE); - $this->assertTrue(user_check_password($new_pass, $user), t('Correct password in database.')); - - // Logout of user account. - $this->clickLink(t('Log out')); - $this->assertNoText($user->name, t('Logged out.')); - - // Login user. + $this->drupalPost('user/register', $edit, t('Create new account')); + $new_user = reset(user_load_multiple(array(), array('name' => $name, 'mail' => $mail))); + $this->assertText(t('Registration successful. You are now logged in.'), t('Users are logged in after registering.')); + $this->drupalLogout(); + + // Allow registration by site visitors, but require administrator approval. + variable_set('user_register', 2); $edit = array(); - $edit['name'] = $user->name; - $edit['pass'] = $new_pass; - $this->drupalPost('user', $edit, t('Log in')); - $this->assertText(t('Log out'), t('Logged in.')); + $edit['name'] = $name = $this->randomName(); + $edit['mail'] = $mail = $edit['name'] . '@example.com'; + $edit['pass[pass1]'] = $pass = $this->randomName(); + $edit['pass[pass2]'] = $pass; + $this->drupalPost('user/register', $edit, t('Create new account')); + $this->assertText(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.'), t('Users are notified of pending approval')); + + // Try to login before administrator approval. + $auth = array( + 'name' => $name, + 'pass' => $pass, + ); + $this->drupalPost('user/login', $auth, t('Log in')); + $this->assertText(t('The username @name has not been activated or is blocked.', array('@name' => $name)), t('User cannot login yet.')); - $this->assertText($user->name, t('[logged in] Username found.')); - $this->assertNoText(t('Sorry. Unrecognized username or password.'), t('[logged in] No message for unrecognized username or password.')); - $this->assertNoText(t('User login'), t('[logged in] No user login form present.')); + // Activate the new account. + $new_user = reset(user_load_multiple(array(), array('name' => $name, 'mail' => $mail))); + $admin_user = $this->drupalCreateUser(array('administer users')); + $this->drupalLogin($admin_user); + $edit = array( + 'status' => 1, + ); + $this->drupalPost('user/' . $new_user->uid . '/edit', $edit, t('Save')); + $this->drupalLogout(); + + // Login after administrator approval. + $this->drupalPost('user/login', $auth, t('Log in')); + $this->assertText(t('Member for'), t('User can log in after administrator approval.')); + } - $this->drupalGet('user'); - $this->assertText($user->name, t('[user auth] Not login page.')); - $this->assertText(t('View'), t('[user auth] Found view tab on the profile page.')); - $this->assertText(t('Edit'), t('[user auth] Found edit tab on the profile page.')); + function testRegistrationDefaultValues() { + // Allow registration by site visitors without administrator approval. + variable_set('user_register', 1); + + // Don't require e-mail verification. + variable_set('user_email_verification', FALSE); + + // Set the default timezone to Brussels. + variable_set('configurable_timezones', 1); + variable_set('date_default_timezone', 'Europe/Brussels'); + + $edit = array(); + $edit['name'] = $name = $this->randomName(); + $edit['mail'] = $mail = $edit['name'] . '@example.com'; + $edit['pass[pass1]'] = $new_pass = $this->randomName(); + $edit['pass[pass2]'] = $new_pass; + $this->drupalPost('user/register', $edit, t('Create new account')); + + // Check user fields. + $new_user = reset(user_load_multiple(array(), array('name' => $name, 'mail' => $mail))); + $this->assertEqual($new_user->name, $name, t('Username matches.')); + $this->assertEqual($new_user->mail, $mail, t('E-mail address matches.')); + $this->assertEqual($new_user->theme, '', t('Correct theme field.')); + $this->assertEqual($new_user->signature, '', t('Correct signature field.')); + $this->assertTrue(($new_user->created > REQUEST_TIME - 20 ), t('Correct creation time.')); + $this->assertEqual($new_user->status, variable_get('user_register', 1) == 1 ? 1 : 0, t('Correct status field.')); + $this->assertEqual($new_user->timezone, variable_get('date_default_timezone'), t('Correct time zone field.')); + $this->assertEqual($new_user->language, '', t('Correct language field.')); + $this->assertEqual($new_user->picture, '', t('Correct picture field.')); + $this->assertEqual($new_user->init, $mail, t('Correct init field.')); } } - class UserValidationTestCase extends DrupalWebTestCase { public static function getInfo() { return array( |