Make WordPress Core


Ignore:
Timestamp:
10/11/2022 01:43:20 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Users: Fetch user by login in retrieve_password() if not found by email.

This ensures that sending a password reset link works as expected if the user's login and email were initially the same, but the email address was subsequently updated and no longer matches the login, which is still set to the old address.

Follow-up to [6643], [18513], [19056], [37474], [50129], [50140].

Props donmhico, pbearne, azouamauriac, boblindner, daxelrod, audrasjb, SergeyBiryukov.
Fixes #53634.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user/retrievePassword.php

    r52606 r54477  
    4848     */
    4949    public function test_retrieve_password_reset_notification_email() {
    50         $message = 'Sending password reset notification email failed.';
    51         $this->assertNotWPError( retrieve_password( $this->user->user_login ), $message );
     50        $this->assertNotWPError( retrieve_password( $this->user->user_login ), 'Sending password reset notification email failed.' );
    5251    }
    5352
     
    6564        );
    6665
    67         $message = 'Sending password reset notification email succeeded.';
    68         $this->assertWPError( retrieve_password( $this->user->user_login ), $message );
     66        $this->assertWPError( retrieve_password( $this->user->user_login ), 'Sending password reset notification email succeeded.' );
     67    }
     68
     69    /**
     70     * @ticket 53634
     71     */
     72    public function test_retrieve_password_should_fetch_user_by_login_if_not_found_by_email() {
     73        self::factory()->user->create(
     74            array(
     75                'user_login' => 'foo@example.com',
     76                'user_email' => 'bar@example.com',
     77            )
     78        );
     79
     80        $this->assertTrue( retrieve_password( 'foo@example.com' ), 'Fetching user by login failed.' );
     81        $this->assertTrue( retrieve_password( 'bar@example.com' ), 'Fetching user by email failed.' );
    6982    }
    7083}
Note: See TracChangeset for help on using the changeset viewer.