Changeset 58333 for trunk/tests/phpunit/tests/auth.php

Timestamp:

06/04/2024 02:42:29 PM (21 months ago)

Author:

audrasjb

Message:

Login and Registration: Flush user_activation_key after successfully login.

This changeset ensures the user_activation_key is flushed after successful login, so reset password links can not be used anymore after the user successfully log into their dashboard.

Props nsinelnikov, rajinsharwar, Rahmohn, oglekler, hellofromTonya.
Fixes #58901.
See #32429

File:

• trunk/tests/phpunit/tests/auth.php (modified) (1 diff)

trunk/tests/phpunit/tests/auth.php

@@ -425 +425 @@
 
     /**
+     * Ensure that the user_activation_key is cleared (if available) after a successful login.
+     *
+     * @ticket 58901
+     */
+    public function test_user_activation_key_after_successful_login() {
+        global $wpdb;
+
+        $reset_key                    = get_password_reset_key( $this->user );
+        $user                         = wp_signon(
+            array(
+                'user_login'    => self::USER_LOGIN,
+                'user_password' => self::USER_PASS,
+            )
+        );
+        $activation_key_from_database = $wpdb->get_var(
+            $wpdb->prepare( "SELECT user_activation_key FROM $wpdb->users WHERE ID = %d", $this->user->ID )
+        );
+
+        $this->assertNotWPError( $reset_key, 'The password reset key was not created.' );
+        $this->assertNotWPError( $user, 'The user was not authenticated.' );
+        $this->assertEmpty( $user->user_activation_key, 'The `user_activation_key` was not empty on the user object returned by `wp_signon` function.' );
+        $this->assertEmpty( $activation_key_from_database, 'The `user_activation_key` was not empty in the database.' );
+    }
+
+    /**
      * Ensure users can log in using both their username and their email address.
      *