Make WordPress Core


Ignore:
Timestamp:
03/22/2016 11:06:29 PM (8 years ago)
Author:
ocean90
Message:

Users: In edit_user() check for a blank password when adding a user.

Props wesleye, gitlost, adamsilverstein.
Fixes #35715.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user.php

    r36791 r37059  
    11331133        $this->assertFalse( $was_user_email_sent );
    11341134    }
     1135
     1136    /**
     1137     * Checks that calling edit_user() with no password returns an error when adding, and doesn't when updating.
     1138     *
     1139     * @ticket 35715
     1140     */
     1141    function test_edit_user_blank_pw() {
     1142        $_POST = $_GET = $_REQUEST = array();
     1143        $_POST['role'] = 'subscriber';
     1144        $_POST['email'] = 'user1@example.com';
     1145        $_POST['user_login'] = 'user_login1';
     1146        $_POST['first_name'] = 'first_name1';
     1147        $_POST['last_name'] = 'last_name1';
     1148        $_POST['nickname'] = 'nickname1';
     1149        $_POST['display_name'] = 'display_name1';
     1150
     1151        // Check new user with missing password.
     1152        $response = edit_user();
     1153
     1154        $this->assertInstanceOf( 'WP_Error', $response );
     1155        $this->assertEquals( 'pass', $response->get_error_code() );
     1156
     1157        // Check new user with password set.
     1158        $_POST['pass1'] = $_POST['pass2'] = 'password';
     1159
     1160        $user_id = edit_user();
     1161        $user = get_user_by( 'ID', $user_id );
     1162
     1163        $this->assertInternalType( 'int', $user_id );
     1164        $this->assertInstanceOf( 'WP_User', $user );
     1165        $this->assertEquals( 'nickname1', $user->nickname );
     1166
     1167        // Check updating user with empty password.
     1168        $_POST['nickname'] = 'nickname_updated';
     1169        $_POST['pass1'] = $_POST['pass2'] = '';
     1170
     1171        $user_id = edit_user( $user_id );
     1172
     1173        $this->assertInternalType( 'int', $user_id );
     1174        $this->assertEquals( 'nickname_updated', $user->nickname );
     1175
     1176        // Check updating user with missing second password.
     1177        $_POST['nickname'] = 'nickname_updated2';
     1178        $_POST['pass1'] = 'blank_pass2';
     1179        $_POST['pass2'] = '';
     1180
     1181        $response = edit_user( $user_id );
     1182
     1183        $this->assertInstanceOf( 'WP_Error', $response );
     1184        $this->assertEquals( 'pass', $response->get_error_code() );
     1185        $this->assertEquals( 'nickname_updated', $user->nickname );
     1186
     1187        // Check updating user with empty password via `check_passwords` action.
     1188        add_action( 'check_passwords', array( $this, 'action_check_passwords_blank_pw' ), 10, 2 );
     1189        $user_id = edit_user( $user_id );
     1190        remove_action( 'check_passwords', array( $this, 'action_check_passwords_blank_pw' ) );
     1191
     1192        $this->assertInternalType( 'int', $user_id );
     1193        $this->assertEquals( 'nickname_updated2', $user->nickname );
     1194    }
     1195
     1196    /**
     1197     * Check passwords action for test_edit_user_blank_pw().
     1198     */
     1199    function action_check_passwords_blank_pw( $user_login, &$pass1 ) {
     1200        $pass1 = '';
     1201    }
    11351202}
Note: See TracChangeset for help on using the changeset viewer.