mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
FIX Message when changing password with invalid token now contains correct links to login
The Security controller should be used to return these links rather than the ChangePasswordHandler
This commit is contained in:
parent
48c6dec47d
commit
dbab696690
@ -74,7 +74,7 @@ class ChangePasswordHandler extends RequestHandler
|
||||
}
|
||||
$token = $request->getVar('t');
|
||||
|
||||
// Check whether we are merely changin password, or resetting.
|
||||
// Check whether we are merely changing password, or resetting.
|
||||
if ($token !== null && $member && $member->validateAutoLoginToken($token)) {
|
||||
$this->setSessionToken($member, $token);
|
||||
|
||||
@ -124,8 +124,8 @@ class ChangePasswordHandler extends RequestHandler
|
||||
. '<p>You can request a new one <a href="{link1}">here</a> or change your password after'
|
||||
. ' you <a href="{link2}">logged in</a>.</p>',
|
||||
[
|
||||
'link1' => $this->Link('lostpassword'),
|
||||
'link2' => $this->Link('login')
|
||||
'link1' => Security::lost_password_url(),
|
||||
'link2' => Security::login_url(),
|
||||
]
|
||||
)
|
||||
);
|
||||
|
@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
namespace SilverStripe\Security\Tests\MemberAuthenticator;
|
||||
|
||||
use SilverStripe\Control\HTTPRequest;
|
||||
use SilverStripe\Control\Session;
|
||||
use SilverStripe\Core\Config\Config;
|
||||
use SilverStripe\Dev\SapphireTest;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\MemberAuthenticator\ChangePasswordHandler;
|
||||
use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
|
||||
use SilverStripe\Security\Security;
|
||||
|
||||
class ChangePasswordHandlerTest extends SapphireTest
|
||||
{
|
||||
protected static $fixture_file = 'ChangePasswordHandlerTest.yml';
|
||||
|
||||
protected function setUp()
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
Config::modify()
|
||||
->set(Security::class, 'login_url', 'Security/login')
|
||||
->set(Security::class, 'lost_password_url', 'Security/lostpassword');
|
||||
|
||||
$this->logOut();
|
||||
}
|
||||
|
||||
public function testExpiredOrInvalidTokenProvidesLostPasswordAndLoginLink()
|
||||
{
|
||||
$request = new HTTPRequest('GET', '/Security/changepassword', [
|
||||
'm' => $this->idFromFixture(Member::class, 'sarah'),
|
||||
't' => 'an-old-or-expired-hash',
|
||||
]);
|
||||
$request->setSession(new Session([]));
|
||||
|
||||
/** @var ChangePasswordHandler $handler */
|
||||
$handler = $this->getMockBuilder(ChangePasswordHandler::class)
|
||||
->disableOriginalConstructor()
|
||||
->setMethods(null)
|
||||
->getMock();
|
||||
|
||||
$result = $handler->setRequest($request)->changepassword();
|
||||
|
||||
$this->assertInternalType('array', $result, 'An array is returned');
|
||||
$this->assertContains('Security/lostpassword', $result['Content'], 'Lost password URL is included');
|
||||
$this->assertContains('Security/login', $result['Content'], 'Login URL is included');
|
||||
}
|
||||
}
|
@ -0,0 +1,5 @@
|
||||
SilverStripe\Security\Member:
|
||||
sarah:
|
||||
FirstName: Sarah
|
||||
Surname: Smith
|
||||
AutoLoginToken: foobar
|
Loading…
Reference in New Issue
Block a user