From 101d3b763308efe823d03c09bd0a4a109d19fc26 Mon Sep 17 00:00:00 2001
From: Jakub Senko <jakubsenko@gmail.com>
Date: Mon, 14 Mar 2016 14:42:48 +0100
Subject: [ticket/10432] Don't require username when user forgets password

PHPBB3-10432
---
 tests/functional/user_password_reset_test.php | 45 ++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 12 deletions(-)

(limited to 'tests/functional')

diff --git a/tests/functional/user_password_reset_test.php b/tests/functional/user_password_reset_test.php
index 3da78407cf..af53ba2b0d 100644
--- a/tests/functional/user_password_reset_test.php
+++ b/tests/functional/user_password_reset_test.php
@@ -21,25 +21,46 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 	public function test_password_reset()
 	{
 		$this->add_lang('ucp');
-		$user_id = $this->create_user('reset-password-test-user');
+		$user_id = $this->create_user('reset-password-test-user', 'reset-password-test-user@test.com');
+
+		$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
+		$form = $crawler->selectButton('submit')->form();
+		$crawler = self::submit($form);
+		$this->assertContainsLang('NO_EMAIL_USER', $crawler->text());
 
 		$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
 		$form = $crawler->selectButton('submit')->form(array(
-			'username'	=> 'reset-password-test-user',
+			'email'		=> 'reset-password-test-user@test.com',
 		));
 		$crawler = self::submit($form);
-		$this->assertContainsLang('NO_EMAIL_USER', $crawler->text());
+		$this->assertContainsLang('PASSWORD_UPDATED', $crawler->text());
 
+		// Check if columns in database were updated for password reset
+		$this->get_user_data('reset-password-test-user');
+		$this->assertNotNull($this->user_data['user_actkey']);
+		$this->assertNotNull($this->user_data['user_newpasswd']);
+
+		// Create another user with the same email
+		$this->create_user('reset-password-test-user1', 'reset-password-test-user@test.com');
+
+		// Test that username is now also required
 		$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
 		$form = $crawler->selectButton('submit')->form(array(
-			'username'	=> 'reset-password-test-user',
-			'email'		=> 'nobody@example.com',
+			'email'		=> 'reset-password-test-user@test.com',
+		));
+		$crawler = self::submit($form);
+		$this->assertContainsLang('EMAIL_NOT_UNIQUE', $crawler->text());
+
+		// Provide both username and email
+		$form = $crawler->selectButton('submit')->form(array(
+			'email'		=> 'reset-password-test-user@test.com',
+			'username'	=> 'reset-password-test-user1',
 		));
 		$crawler = self::submit($form);
 		$this->assertContainsLang('PASSWORD_UPDATED', $crawler->text());
 
 		// Check if columns in database were updated for password reset
-		$this->get_user_data();
+		$this->get_user_data('reset-password-test-user1');
 		$this->assertNotNull($this->user_data['user_actkey']);
 		$this->assertNotNull($this->user_data['user_newpasswd']);
 
@@ -73,7 +94,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 	public function test_activate_new_password($expected, $user_id, $act_key)
 	{
 		$this->add_lang('ucp');
-		$this->get_user_data();
+		$this->get_user_data('reset-password-test-user');
 		$user_id = (!$user_id) ? $this->user_data['user_id'] : $user_id;
 		$act_key = (!$act_key) ? $this->user_data['user_actkey'] : $act_key;
 
@@ -119,7 +140,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 	public function test_acivateAfterDeactivate()
 	{
 		// User is active, actkey should not exist
-		$this->get_user_data();
+		$this->get_user_data('reset-password-test-user');
 		$this->assertEmpty($this->user_data['user_actkey']);
 
 		$this->login();
@@ -143,7 +164,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 		$crawler = self::request('GET', preg_replace('#(.+)(adm/index.php.+)#', '$2', $link->getUri()));
 
 		// Ensure again that actkey is empty after deactivation
-		$this->get_user_data();
+		$this->get_user_data('reset-password-test-user');
 		$this->assertEmpty($this->user_data['user_actkey']);
 
 		// Force reactivation of account and check that act key is not empty anymore
@@ -152,16 +173,16 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 		$crawler = self::submit($form, array('action' => 'reactivate'));
 		$this->assertContainsLang('FORCE_REACTIVATION_SUCCESS', $crawler->filter('html')->text());
 
-		$this->get_user_data();
+		$this->get_user_data('reset-password-test-user');
 		$this->assertNotEmpty($this->user_data['user_actkey']);
 	}
 
-	protected function get_user_data()
+	protected function get_user_data($username)
 	{
 		$db = $this->get_db();
 		$sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason
 			FROM ' . USERS_TABLE . "
-			WHERE username = 'reset-password-test-user'";
+			WHERE username = '$username'";
 		$result = $db->sql_query($sql);
 		$this->user_data = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
-- 
cgit v1.2.1