From 975bd112581497f4f3f4c043fde5aed83e0d9b07 Mon Sep 17 00:00:00 2001 From: Gilles-Philippe Leblanc Date: Mon, 30 May 2016 11:50:31 -0400 Subject: [PATCH] MDL-54755 core: Incorrect redirection after password change --- lib/moodlelib.php | 3 +- login/tests/behat/behat_login.php | 52 ++++++++++++++++++ login/tests/behat/change_password.feature | 65 +++++++++++++++++++++++ 3 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 login/tests/behat/behat_login.php create mode 100644 login/tests/behat/change_password.feature diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 33569f63ed7..056c08d2bc3 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -4302,7 +4302,7 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f * @return stdClass A {@link $USER} object - BC only, do not use */ function complete_user_login($user) { - global $CFG, $USER; + global $CFG, $USER, $SESSION; \core\session\manager::login_user($user); @@ -4345,6 +4345,7 @@ function complete_user_login($user) { if ($changeurl = $userauth->change_password_url()) { redirect($changeurl); } else { + $SESSION->wantsurl = core_login_get_return_url(); redirect($CFG->httpswwwroot.'/login/change_password.php'); } } else { diff --git a/login/tests/behat/behat_login.php b/login/tests/behat/behat_login.php new file mode 100644 index 00000000000..cd2cb5ffecd --- /dev/null +++ b/login/tests/behat/behat_login.php @@ -0,0 +1,52 @@ +. + +/** + * Behat login related steps definitions. + * + * @package core + * @category test + * @copyright 2016 Universite de Montreal + * @author Gilles-Philippe Leblanc + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +// NOTE: no MOODLE_INTERNAL used, this file may be required by behat before including /config.php. + +require_once(__DIR__ . '/../../../lib/behat/behat_base.php'); + +/** + * Contains functions used by behat to test functionality. + * + * @package core + * @category test + * @copyright 2016 Universite de Montreal + * @author Gilles-Philippe Leblanc + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ +class behat_login extends behat_base { + + /** + * Force a password change for a specific user. + * + * @Given /^I force a password change for user "([^"]*)"$/ + * @param string $username The username of the user whose password will expire + */ + public function i_force_a_password_change_for_user($username) { + $user = core_user::get_user_by_username($username, 'id', null, MUST_EXIST); + set_user_preference("auth_forcepasswordchange", true, $user); + } +} diff --git a/login/tests/behat/change_password.feature b/login/tests/behat/change_password.feature new file mode 100644 index 00000000000..79f866abf83 --- /dev/null +++ b/login/tests/behat/change_password.feature @@ -0,0 +1,65 @@ +@core +Feature: Change password + In order to ensure the password change works as expected + As a user + I need to test all the way to change my password + + Background: + Given the following "users" exist: + | username | firstname | lastname | email | + | testuser | Test | User | moodle@example.com | + + Scenario: A user can change his password manually + Given I am on site homepage + When I log in as "testuser" + And I follow "Preferences" in the user menu + And I follow "Change password" + And I set the field "Current password" to "testuser" + And I set the field "New password" to "NewPassword1*" + And I set the field "New password (again)" to "NewPassword1*" + And I click on "Save changes" "button" + And I should see "Password has been changed" + And I click on "Continue" "button" + And I should see "Preferences" in the "#region-main" "css_element" + And I log out + And I follow "Log in" + And I set the field "Username" to "testuser" + And I set the field "Password" to "NewPassword1*" + And I press "Log in" + Then I should see "You are logged in as Test User" in the "page-footer" "region" + + Scenario: A user with expired password must change it when log in directly and then be redirected to the home page + Given I force a password change for user "testuser" + When I log in as "testuser" + Then I should see "You must change your password to proceed" + And I set the field "Current password" to "testuser" + And I set the field "New password" to "NewPassword1*" + And I set the field "New password (again)" to "NewPassword1*" + And I click on "Save changes" "button" + And I should see "Password has been changed" + And I click on "Continue" "button" + And I am on site homepage + + @javascript + Scenario: A user with expired password trying to visit a required login page must change and it and then be redirected to this page + Given I force a password change for user "testuser" + And the following "courses" exist: + | fullname | shortname | visible | + | Course 1 | c1 | 1 | + And the following "course enrolments" exist: + | user | course | role | + | testuser | c1 | student | + And I am on site homepage + And I expand "Courses" node + When I follow "Course 1" + And I set the field "Username" to "testuser" + And I set the field "Password" to "testuser" + And I press "Log in" + Then I should see "You must change your password to proceed" + And I set the field "Current password" to "testuser" + And I set the field "New password" to "NewPassword1*" + And I set the field "New password (again)" to "NewPassword1*" + And I click on "Save changes" "button" + And I should see "Password has been changed" + And I click on "Continue" "button" + And I should see "Course 1"