FIX Message when changing password with invalid token now contains correct links to login

The Security controller should be used to return these links rather than the
ChangePasswordHandler
This commit is contained in:
Robbie Averill 2018-08-20 22:30:12 +12:00
parent 48c6dec47d
commit dbab696690
3 changed files with 57 additions and 3 deletions

View File

@ -74,7 +74,7 @@ class ChangePasswordHandler extends RequestHandler
}
$token = $request->getVar('t');
// Check whether we are merely changin password, or resetting.
// Check whether we are merely changing password, or resetting.
if ($token !== null && $member && $member->validateAutoLoginToken($token)) {
$this->setSessionToken($member, $token);
@ -124,8 +124,8 @@ class ChangePasswordHandler extends RequestHandler
. '<p>You can request a new one <a href="{link1}">here</a> or change your password after'
. ' you <a href="{link2}">logged in</a>.</p>',
[
'link1' => $this->Link('lostpassword'),
'link2' => $this->Link('login')
'link1' => Security::lost_password_url(),
'link2' => Security::login_url(),
]
)
);

View File

@ -0,0 +1,49 @@
<?php
namespace SilverStripe\Security\Tests\MemberAuthenticator;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\Session;
use SilverStripe\Core\Config\Config;
use SilverStripe\Dev\SapphireTest;
use SilverStripe\Security\Member;
use SilverStripe\Security\MemberAuthenticator\ChangePasswordHandler;
use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
use SilverStripe\Security\Security;
class ChangePasswordHandlerTest extends SapphireTest
{
protected static $fixture_file = 'ChangePasswordHandlerTest.yml';
protected function setUp()
{
parent::setUp();
Config::modify()
->set(Security::class, 'login_url', 'Security/login')
->set(Security::class, 'lost_password_url', 'Security/lostpassword');
$this->logOut();
}
public function testExpiredOrInvalidTokenProvidesLostPasswordAndLoginLink()
{
$request = new HTTPRequest('GET', '/Security/changepassword', [
'm' => $this->idFromFixture(Member::class, 'sarah'),
't' => 'an-old-or-expired-hash',
]);
$request->setSession(new Session([]));
/** @var ChangePasswordHandler $handler */
$handler = $this->getMockBuilder(ChangePasswordHandler::class)
->disableOriginalConstructor()
->setMethods(null)
->getMock();
$result = $handler->setRequest($request)->changepassword();
$this->assertInternalType('array', $result, 'An array is returned');
$this->assertContains('Security/lostpassword', $result['Content'], 'Lost password URL is included');
$this->assertContains('Security/login', $result['Content'], 'Login URL is included');
}
}

View File

@ -0,0 +1,5 @@
SilverStripe\Security\Member:
sarah:
FirstName: Sarah
Surname: Smith
AutoLoginToken: foobar