diff --git a/core/modules/user/config/install/user.settings.yml b/core/modules/user/config/install/user.settings.yml index fbb0d98..742a6b3 100644 --- a/core/modules/user/config/install/user.settings.yml +++ b/core/modules/user/config/install/user.settings.yml @@ -1,6 +1,7 @@ admin_role: '' anonymous: Anonymous verify_mail: true +verify_email_match: true notify: cancel_confirm: true password_reset: true diff --git a/core/modules/user/config/schema/user.schema.yml b/core/modules/user/config/schema/user.schema.yml index 5419c55..dde7476 100644 --- a/core/modules/user/config/schema/user.schema.yml +++ b/core/modules/user/config/schema/user.schema.yml @@ -13,6 +13,9 @@ user.settings: verify_mail: type: boolean label: 'Require email verification when a visitor creates an account.' + verify_email_match: + type: boolean + label: 'Require e-mail and username match when e-mail is used as username.' notify: type: mapping label: 'Notify user' diff --git a/core/modules/user/src/AccountForm.php b/core/modules/user/src/AccountForm.php index 15df478..e86e980 100644 --- a/core/modules/user/src/AccountForm.php +++ b/core/modules/user/src/AccountForm.php @@ -324,9 +324,13 @@ public function validate(array $form, FormStateInterface $form_state) { parent::validate($form, $form_state); $account = $this->entity; + $mail = $form_state->getValue('mail'); + // Validate new or changing username. if ($form_state->hasValue('name')) { - if ($error = user_validate_name($form_state->getValue('name'))) { + $name = $form_state->getValue('name'); + + if ($error = user_validate_name($name)) { $form_state->setErrorByName('name', $error); } // Cast the user ID as an integer. It might have been set to NULL, which @@ -334,19 +338,24 @@ public function validate(array $form, FormStateInterface $form_state) { else { $name_taken = (bool) $this->entityQuery->get('user') ->condition('uid', (int) $account->id(), '<>') - ->condition('name', $form_state->getValue('name')) + ->condition('name', $name) + ->range(0, 1) ->count() ->execute(); if ($name_taken) { - $form_state->setErrorByName('name', $this->t('The name %name is already taken.', array('%name' => $form_state->getValue('name')))); + $form_state->setErrorByName('name', $this->t('The name %name is already taken.', array('%name' => $name))); + } + + // Check whether the user name provided is an email address, if so, make + // sure it matches the mail value. + if (\Drupal::config('user.settings')->get('verify_email_match') && (filter_var($name, FILTER_VALIDATE_EMAIL) && ($name !== $mail))) { + $this->setFormError('name', $form_state, $this->t('You have provided an email address as a username, but this does not match your email address.')); } } } - $mail = $form_state->getValue('mail'); - if (!empty($mail)) { $mail_taken = (bool) $this->entityQuery->get('user') ->condition('uid', (int) $account->id(), '<>') diff --git a/core/modules/user/src/AccountSettingsForm.php b/core/modules/user/src/AccountSettingsForm.php index 8fc998b..4e60dd4 100644 --- a/core/modules/user/src/AccountSettingsForm.php +++ b/core/modules/user/src/AccountSettingsForm.php @@ -132,6 +132,11 @@ public function buildForm(array $form, FormStateInterface $form_state) { '#default_value' => $config->get('verify_mail'), '#description' => $this->t('New users will be required to validate their email address prior to logging into the site, and will be assigned a system-generated password. With this setting disabled, users will be logged in immediately upon registering, and may select their own passwords during registration.') ); + $form['registration_cancellation']['user_email_match_verification'] = array( + '#type' => 'checkbox', + '#title' => $this->t('When an email address is used as username, require a matching email address.'), + '#default_value' => $config->get('verify_email_match'), + ); $form['registration_cancellation']['user_password_strength'] = array( '#type' => 'checkbox', '#title' => $this->t('Enable password strength indicator'), @@ -418,6 +423,7 @@ public function submitForm(array &$form, FormStateInterface $form_state) { ->set('register', $form_state->getValue('user_register')) ->set('password_strength', $form_state->getValue('user_password_strength')) ->set('verify_mail', $form_state->getValue('user_email_verification')) + ->set('verify_email_match', $form_state->getValue('user_email_match_verification')) ->set('signatures', $form_state->getValue('user_signatures')) ->set('cancel_method', $form_state->getValue('user_cancel_method')) ->set('notify.status_activated', $form_state->getValue('user_mail_status_activated_notify')) diff --git a/core/modules/user/src/Tests/UserEditedOwnAccountTest.php b/core/modules/user/src/Tests/UserEditedOwnAccountTest.php index 6da8015..5934db8 100644 --- a/core/modules/user/src/Tests/UserEditedOwnAccountTest.php +++ b/core/modules/user/src/Tests/UserEditedOwnAccountTest.php @@ -16,7 +16,10 @@ */ class UserEditedOwnAccountTest extends WebTestBase { - function testUserEditedOwnAccount() { + /** + * Tests a user editing their own account. + */ + public function testUserEditedOwnAccount() { // Change account setting 'Who can register accounts?' to Administrators // only. \Drupal::config('user.settings')->set('register', USER_REGISTER_ADMINISTRATORS_ONLY)->save(); @@ -36,5 +39,28 @@ function testUserEditedOwnAccount() { // Set the new name on the user account and attempt to log back in. $account->name = $edit['name']; $this->drupalLogin($account); + + // Attempt to change username to an email other than my own. + $edit['name'] = $this->randomMachineName() . '@example.com'; + $this->drupalPostForm('user/' . $account->id() . '/edit', $edit, t('Save')); + $this->assertText(t('You have provided an email address as a username, but this does not match your email address.'), 'Error message found when an email username does not match user email.'); + $this->assertNoText(t('The changes have been saved.'), 'The user account was not saved.'); + + // Lookup user by name to make sure we didn't actually change the name. + $accounts = \Drupal::entityManager()->getStorage('user')->loadByProperties(array('name' => $edit['name'])); + $this->assertTrue(empty($accounts), 'Username was not changed to email address other than my own.'); + + // Change username to my email address. + $edit['name'] = $account->getEmail(); + $this->drupalPostForm('user/' . $account->id() . '/edit', $edit, t('Save')); + $this->assertText(t('The changes have been saved.'), 'The user account was saved.'); + + // Test that 'verify_email_match' turned off allows emails that don't match. + \Drupal::config('user.settings')->set('verify_email_match', FALSE)->save(); + + // Change username to my email address. + $edit['name'] = $this->randomMachineName() . '@example.com'; + $this->drupalPostForm('user/' . $account->id() . '/edit', $edit, t('Save')); + $this->assertText(t('The changes have been saved.'), 'The user account was saved.'); } } diff --git a/core/modules/user/src/Tests/UserRegistrationTest.php b/core/modules/user/src/Tests/UserRegistrationTest.php index cc025c8..158fae8 100644 --- a/core/modules/user/src/Tests/UserRegistrationTest.php +++ b/core/modules/user/src/Tests/UserRegistrationTest.php @@ -147,6 +147,68 @@ function testRegistrationEmailDuplicates() { $this->assertText(t('The email address @email is already registered.', array('@email' => $duplicate_user->getEmail())), 'Supplying a duplicate email address with added whitespace displays an error message'); } + /** + * Tests new users username matches their email if username is an email. + */ + public function testRegistrationEmailAsUsername() { + // Don't require e-mail verification. + // Allow registration by site visitors without administrator approval. + \Drupal::config('user.settings') + ->set('verify_mail', FALSE) + ->set('register', USER_REGISTER_VISITORS) + ->save(); + + $mail = $this->randomMachineName() . '@example.com'; + $different = $this->randomMachineName() . $mail; + + // Set up edit array. + $edit = array(); + $edit['mail'] = $mail; + $edit['name'] = $different; + $edit['pass[pass1]'] = $edit['pass[pass2]'] = $this->randomMachineName(); + + // Attempt to create an account using an email that doesn't match the name. + $this->drupalPostForm('user/register', $edit, t('Create new account')); + $this->assertText(t('You have provided an e-mail address as a username, but this does not match your e-mail address.'), 'Email username does not match user email error message found.'); + $this->assertNoText(t('Registration successful. You are now logged in.'), 'The user was not created and logged in.'); + + // Attempt to create new account using matching email address. + $edit['name'] = $edit['mail'] = $this->randomMachineName() . '@example.com'; + + $this->drupalPostForm('user/register', $edit, t('Create new account')); + $this->assertText(t('Registration successful. You are now logged in.'), 'The user was created and logged in with matching email.'); + + $accounts = \Drupal::entityManager()->getStorage('user')->loadByProperties(array('name' => $edit['name'])); + $new_user = reset($accounts); + $this->assertTrue(($new_user->getUsername() === $edit['name']) && ($new_user->getEmail() === $edit['mail']), 'Created user with matching username and email address.'); + } + + /** + * Tests new users username not matching their email if username is an email. + */ + public function testRegistrationEmailAsUsernameDisabled() { + // Test that 'verify_email_match' turned off allows emails that don't match. + \Drupal::config('user.settings') + ->set('verify_email_match', FALSE) + ->set('verify_mail', FALSE) + ->set('register', USER_REGISTER_VISITORS) + ->save(); + + $mail = $this->randomMachineName() . '@example.com'; + $different = $this->randomMachineName() . $mail; + + $edit = array(); + $edit['mail'] = $mail; + $edit['name'] = $different; + $edit['pass[pass1]'] = $edit['pass[pass2]'] = $this->randomMachineName(); + + // Attempt to create an account using an email that doesn't match the name. + // This should be OK, as 'verify_email_match' is disabled. + $this->drupalPostForm('user/register', $edit, t('Create new account')); + $this->assertNoText(t('If your username is an email address, it must match your email.'), 'Email username does not match user email error message found.'); + $this->assertText(t('Registration successful. You are now logged in.'), 'The user was not created and logged in.'); + } + function testRegistrationDefaultValues() { // Don't require email verification and allow registration by site visitors // without administrator approval.