8 files changed, 66 insertions, 111 deletions
diff --git a/tests/RUNNING_TESTS.md b/tests/RUNNING_TESTS.md
index 56f2818078..516541151c 100644
--- a/tests/RUNNING_TESTS.md
+++ b/tests/RUNNING_TESTS.md
@@ -30,11 +30,9 @@ Some of the functionality in phpBB and/or the test suite uses additional
 PHP extensions. If these extensions are not loaded, respective tests
 will be skipped:
 
-- apc (APC cache driver, php5 only)
 - apcu (APCu cache driver - native API, php7+)
 - apcu_bc, apcu (APCu cache driver - APC API, php7+)
 - bz2 (compress tests)
-- mysql, pdo_mysql (MySQL database driver)
 - mysqli, pdo_mysql (MySQLi database driver)
 - pcntl (flock class)
 - pdo (any database tests)
diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php
index 0c26a0a186..58d6354228 100644
--- a/tests/auth/provider_apache_test.php
+++ b/tests/auth/provider_apache_test.php
@@ -202,6 +202,8 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case
 			'user_new' => '1',
 			'user_reminded' => '0',
 			'user_reminded_time' => '0',
+			'reset_token' => '',
+			'reset_token_expiration' => '0',
 		);
 
 		$this->assertEquals($expected, $this->provider->autologin());
diff --git a/tests/cache/apc_driver_test.php b/tests/cache/apc_driver_test.php
deleted file mode 100644
index 276cbeb3e1..0000000000
--- a/tests/cache/apc_driver_test.php
+++ /dev/null
@@ -1,56 +0,0 @@
-<?php
-/**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
-
-// Important: apc.enable_cli=1 must be in php.ini.
-// http://forums.devshed.com/php-development-5/apc-problem-561290.html
-// http://php.net/manual/en/apc.configuration.php
-
-require_once dirname(__FILE__) . '/common_test_case.php';
-
-class phpbb_cache_apc_driver_test extends phpbb_cache_common_test_case
-{
-	protected static $config;
-
-	public function getDataSet()
-	{
-		return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/config.xml');
-	}
-
-	static public function setUpBeforeClass()
-	{
-		if (!extension_loaded('apc'))
-		{
-			self::markTestSkipped('APC extension is not loaded');
-		}
-
-		$php_ini = new \bantu\IniGetWrapper\IniGetWrapper;
-
-		if (!$php_ini->getBool('apc.enabled'))
-		{
-			self::markTestSkipped('APC is not enabled. Make sure apc.enabled=1 in php.ini');
-		}
-
-		if (PHP_SAPI == 'cli' && !$php_ini->getBool('apc.enable_cli'))
-		{
-			self::markTestSkipped('APC is not enabled for CLI. Set apc.enable_cli=1 in php.ini');
-		}
-	}
-
-	protected function setUp(): void
-	{
-		parent::setUp();
-
-		$this->driver = new \phpbb\cache\driver\apc;
-		$this->driver->purge();
-	}
-}
diff --git a/tests/console/user/base.php b/tests/console/user/base.php
index 94a51eb896..b845ab1639 100644
--- a/tests/console/user/base.php
+++ b/tests/console/user/base.php
@@ -51,7 +51,6 @@ abstract class phpbb_console_user_base extends phpbb_database_test_case
 			'min_name_chars'	=> 3,
 			'max_name_chars'	=> 10,
 			'min_pass_chars'	=> 3,
-			'max_pass_chars'	=> 10,
 			'pass_complex'		=> 'PASS_TYPE_ANY',
 		));
 
diff --git a/tests/functional/forgot_password_test.php b/tests/functional/forgot_password_test.php
index 2fd5b45f7d..10946fe5a9 100644
--- a/tests/functional/forgot_password_test.php
+++ b/tests/functional/forgot_password_test.php
@@ -20,8 +20,8 @@ class phpbb_functional_forgot_password_test extends phpbb_functional_test_case
 	{
 		global $config;
 		$this->add_lang('ucp');
-		$crawler = self::request('GET', 'ucp.php?mode=sendpassword');
-		$this->assertEquals($this->lang('SEND_PASSWORD'), $crawler->filter('h2')->text());
+		$crawler = self::request('GET', 'app.php/user/forgot_password');
+		$this->assertEquals($this->lang('RESET_PASSWORD'), $crawler->filter('h2')->text());
 	}
 
 	public function test_forgot_password_disabled()
@@ -40,7 +40,7 @@ class phpbb_functional_forgot_password_test extends phpbb_functional_test_case
 
 		$this->logout();
 
-		$crawler = self::request('GET', 'ucp.php?mode=sendpassword');
+		$crawler = self::request('GET', 'app.php/user/forgot_password');
 		$this->assertContains($this->lang('UCP_PASSWORD_RESET_DISABLED', '', ''), $crawler->text());
 
 	}
diff --git a/tests/functional/user_password_reset_test.php b/tests/functional/user_password_reset_test.php
index 2361eed066..a97300b9ee 100644
--- a/tests/functional/user_password_reset_test.php
+++ b/tests/functional/user_password_reset_test.php
@@ -25,36 +25,53 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 
 		// test without email
 		$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
+		$this->assertContains('app.php/user/forgot_password', $crawler->getUri());
 		$form = $crawler->selectButton('submit')->form();
 		$crawler = self::submit($form);
 		$this->assertContainsLang('NO_EMAIL_USER', $crawler->text());
 
 		// test with non-existent email
-		$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
+		$crawler = self::request('GET', "app.php/user/forgot_password?sid={$this->sid}");
 		$form = $crawler->selectButton('submit')->form(array(
 			'email'	=> 'non-existent@email.com',
 		));
 		$crawler = self::submit($form);
-		$this->assertContainsLang('PASSWORD_UPDATED_IF_EXISTED', $crawler->text());
+		$this->assertContainsLang('PASSWORD_RESET_LINK_SENT', $crawler->text());
 
 		// test with correct email
-		$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
+		$crawler = self::request('GET', "app.php/user/forgot_password?sid={$this->sid}");
 		$form = $crawler->selectButton('submit')->form(array(
 			'email'		=> 'reset-password-test-user@test.com',
 		));
 		$crawler = self::submit($form);
-		$this->assertContainsLang('PASSWORD_UPDATED_IF_EXISTED', $crawler->text());
+		$this->assertContainsLang('PASSWORD_RESET_LINK_SENT', $crawler->text());
 
 		// Check if columns in database were updated for password reset
 		$this->get_user_data('reset-password-test-user');
-		$this->assertNotNull($this->user_data['user_actkey']);
-		$this->assertNotNull($this->user_data['user_newpasswd']);
+		$this->assertNotEmpty($this->user_data['reset_token']);
+		$this->assertNotEmpty($this->user_data['reset_token_expiration']);
+		$reset_token = $this->user_data['reset_token'];
+		$reset_token_expiration = $this->user_data['reset_token_expiration'];
+
+		// Check that reset token is only created once per day
+		$crawler = self::request('GET', "app.php/user/forgot_password?sid={$this->sid}");
+		$form = $crawler->selectButton('submit')->form(array(
+			'email'		=> 'reset-password-test-user@test.com',
+		));
+		$crawler = self::submit($form);
+		$this->assertContainsLang('PASSWORD_RESET_LINK_SENT', $crawler->text());
+
+		$this->get_user_data('reset-password-test-user');
+		$this->assertNotEmpty($this->user_data['reset_token']);
+		$this->assertNotEmpty($this->user_data['reset_token_expiration']);
+		$this->assertEquals($reset_token, $this->user_data['reset_token']);
+		$this->assertEquals($reset_token_expiration, $this->user_data['reset_token_expiration']);
 
 		// Create another user with the same email
 		$this->create_user('reset-password-test-user1', 'reset-password-test-user@test.com');
 
 		// Test that username is now also required
-		$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
+		$crawler = self::request('GET', "app.php/user/forgot_password?sid={$this->sid}");
 		$form = $crawler->selectButton('submit')->form(array(
 			'email'		=> 'reset-password-test-user@test.com',
 		));
@@ -67,20 +84,13 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 			'username'	=> 'reset-password-test-user1',
 		));
 		$crawler = self::submit($form);
-		$this->assertContainsLang('PASSWORD_UPDATED_IF_EXISTED', $crawler->text());
+		$this->assertContainsLang('PASSWORD_RESET_LINK_SENT', $crawler->text());
 
 		// Check if columns in database were updated for password reset
 		$this->get_user_data('reset-password-test-user1');
-		$this->assertNotNull($this->user_data['user_actkey']);
-		$this->assertNotNull($this->user_data['user_newpasswd']);
-
-		// Make sure we know the password
-		$db = $this->get_db();
-		$this->passwords_manager = $this->get_passwords_manager();
-		$sql = 'UPDATE ' . USERS_TABLE . "
-			SET user_newpasswd = '" . $db->sql_escape($this->passwords_manager->hash('reset-password-test-user')) . "'
-			WHERE user_id = " . $user_id;
-		$db->sql_query($sql);
+		$this->assertNotEmpty($this->user_data['reset_token']);
+		$this->assertNotEmpty($this->user_data['reset_token_expiration']);
+		$this->assertGreaterThan(time(), $this->user_data['reset_token_expiration']);
 	}
 
 	public function test_login_after_reset()
@@ -88,28 +98,45 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 		$this->login('reset-password-test-user');
 	}
 
-	public function data_activate_new_password()
+	public function data_reset_user_password()
 	{
-		return array(
-			array('WRONG_ACTIVATION', false, 'FOOBAR'),
-			array('ALREADY_ACTIVATED', 2, 'FOOBAR'),
-			array('PASSWORD_ACTIVATED', false, false),
-			array('ALREADY_ACTIVATED', false, false),
-		);
+		return [
+			['RESET_TOKEN_EXPIRED_OR_INVALID', 0, 'abcdef'],
+			['NO_USER', ' ', 'abcdef'],
+			['NO_RESET_TOKEN', 0, ' '],
+			['RESET_TOKEN_EXPIRED_OR_INVALID', 2, ''],
+			['RESET_TOKEN_EXPIRED_OR_INVALID', 1e7, ''],
+			['', 0, ''],
+			['NO_RESET_TOKEN', 0, ''], // already reset
+		];
 	}
 
 	/**
-	* @dataProvider data_activate_new_password
-	*/
-	public function test_activate_new_password($expected, $user_id, $act_key)
+	 * @dataProvider data_reset_user_password
+	 */
+	public function test_reset_user_password($expected, $user_id, $token)
 	{
 		$this->add_lang('ucp');
 		$this->get_user_data('reset-password-test-user');
-		$user_id = (!$user_id) ? $this->user_data['user_id'] : $user_id;
-		$act_key = (!$act_key) ? $this->user_data['user_actkey'] : $act_key;
+		$user_id = !$user_id ? $this->user_data['user_id'] : $user_id;
+		$token = !$token ? $this->user_data['reset_token'] : $token;
+
+		$crawler = self::request('GET', "app.php/user/reset_password?u=$user_id&token=$token");
 
-		$crawler = self::request('GET', "ucp.php?mode=activate&u=$user_id&k=$act_key&sid={$this->sid}");
-		$this->assertContainsLang($expected, $crawler->text());
+		if ($expected)
+		{
+			$this->assertContainsLang($expected, $crawler->text());
+		}
+		else
+		{
+			$form = $crawler->filter('input[type=submit]')->form();
+			$values = array_merge($form->getValues(), [
+				'new_password'			=> 'reset-password-test-user',
+				'new_password_confirm'	=> 'reset-password-test-user',
+			]);
+			$crawler = self::submit($form, $values);
+			$this->assertContainsLang('PASSWORD_RESET', $crawler->text());
+		}
 	}
 
 	public function test_login()
@@ -190,7 +217,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 	protected function get_user_data($username)
 	{
 		$db = $this->get_db();
-		$sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason
+		$sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason, reset_token, reset_token_expiration
 			FROM ' . USERS_TABLE . "
 			WHERE username = '" . $db->sql_escape($username) . "'";
 		$result = $db->sql_query($sql);
diff --git a/tests/functions/convert_30_dbms_to_31_test.php b/tests/functions/convert_30_dbms_to_31_test.php
index 456eb64461..05c42610bb 100644
--- a/tests/functions/convert_30_dbms_to_31_test.php
+++ b/tests/functions/convert_30_dbms_to_31_test.php
@@ -18,7 +18,6 @@ class phpbb_convert_30_dbms_to_31_test extends phpbb_test_case
 		return array(
 			array('mssql_odbc'),
 			array('mssqlnative'),
-			array('mysql'),
 			array('mysqli'),
 			array('oracle'),
 			array('postgres'),
diff --git a/tests/test_framework/phpbb_database_test_connection_manager.php b/tests/test_framework/phpbb_database_test_connection_manager.php
index f3adbefc1b..fec4709fbd 100644
--- a/tests/test_framework/phpbb_database_test_connection_manager.php
+++ b/tests/test_framework/phpbb_database_test_connection_manager.php
@@ -150,7 +150,6 @@ class phpbb_database_test_connection_manager
 
 		switch ($this->config['dbms'])
 		{
-			case 'phpbb\db\driver\mysql':
 			case 'phpbb\db\driver\mysqli':
 				$this->pdo->exec('SET NAMES utf8');
 
@@ -270,7 +269,6 @@ class phpbb_database_test_connection_manager
 
 		switch ($this->config['dbms'])
 		{
-			case 'phpbb\db\driver\mysql':
 			case 'phpbb\db\driver\mysqli':
 				$sql = 'SHOW TABLES';
 			break;
@@ -336,14 +334,7 @@ class phpbb_database_test_connection_manager
 			$sth = $this->pdo->query('SELECT VERSION() AS version');
 			$row = $sth->fetch(PDO::FETCH_ASSOC);
 
-			if (version_compare($row['version'], '4.1.3', '>='))
-			{
-				$schema .= '_41';
-			}
-			else
-			{
-				$schema .= '_40';
-			}
+			$schema .= '_41';
 		}
 
 		$filename = $directory . $schema . '_schema.sql';
@@ -424,11 +415,6 @@ class phpbb_database_test_connection_manager
 				'DELIM'			=> ';',
 				'PDO'			=> 'mysql',
 			),
-			'phpbb\db\driver\mysql'		=> array(
-				'SCHEMA'		=> 'mysql',
-				'DELIM'			=> ';',
-				'PDO'			=> 'mysql',
-			),
 			'phpbb\db\driver\mssql'		=> array(
 				'SCHEMA'		=> 'mssql',
 				'DELIM'			=> 'GO',