Created
August 29, 2017 16:11
-
-
Save mickadoo/2083f8bb671715212885998d8ca5a955 to your computer and use it in GitHub Desktop.
Revisions
-
mickadoo created this gist
Aug 29, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,22 @@ ## Scenario 1: - Created user account but no email sent - Come back and send the email RESULT: Welcome email received, login sucessful ## Scenario 2: - Created user account and email sent - user used the link in the email - Come back and send the email again RESULT: Email was resent. In cases where the user hasn't logged in normally since the email was sent the link to reset password works fine. However Drupal uses a hash of the users password, most recent login time and uid to create the link used in the email. If any of these change (e.g. if the user logs in again) then this link breaks. ## Scenario 3: - Created user account and email sent - user didn't used the link in the email - Come back and send the email again RESULT: Email is resent. Either link is still valid until the user uses one of them to login. At this point both links become invalid because login (which is used in the hash) is updated.