diff --git a/core/modules/user/config/install/user.settings.yml b/core/modules/user/config/install/user.settings.yml index 8372ccd..e3397ef 100644 --- a/core/modules/user/config/install/user.settings.yml +++ b/core/modules/user/config/install/user.settings.yml @@ -1,5 +1,6 @@ anonymous: Anonymous verify_mail: true +verify_email_match: true notify: cancel_confirm: true password_reset: true diff --git a/core/modules/user/config/schema/user.schema.yml b/core/modules/user/config/schema/user.schema.yml index 627d8a6..79a3d83 100644 --- a/core/modules/user/config/schema/user.schema.yml +++ b/core/modules/user/config/schema/user.schema.yml @@ -10,6 +10,9 @@ user.settings: verify_mail: type: boolean label: 'Require email verification when a visitor creates an account' + verify_email_match: + type: boolean + label: 'Require email and username match when email is used as username.' notify: type: mapping label: 'Notify user' diff --git a/core/modules/user/src/AccountSettingsForm.php b/core/modules/user/src/AccountSettingsForm.php index 6cdc238..c50de0d 100644 --- a/core/modules/user/src/AccountSettingsForm.php +++ b/core/modules/user/src/AccountSettingsForm.php @@ -165,6 +165,11 @@ public function buildForm(array $form, FormStateInterface $form_state) { '#default_value' => $config->get('verify_mail'), '#description' => $this->t('New users will be required to validate their email address prior to logging into the site, and will be assigned a system-generated password. With this setting disabled, users will be logged in immediately upon registering, and may select their own passwords during registration.') ); + $form['registration_cancellation']['user_email_match_verification'] = array( + '#type' => 'checkbox', + '#title' => $this->t('When an email address is used as username, require a matching email address.'), + '#default_value' => $config->get('verify_email_match'), + ); $form['registration_cancellation']['user_password_strength'] = array( '#type' => 'checkbox', '#title' => $this->t('Enable password strength indicator'), @@ -435,6 +440,7 @@ public function submitForm(array &$form, FormStateInterface $form_state) { ->set('register', $form_state->getValue('user_register')) ->set('password_strength', $form_state->getValue('user_password_strength')) ->set('verify_mail', $form_state->getValue('user_email_verification')) + ->set('verify_email_match', $form_state->getValue('user_email_match_verification')) ->set('cancel_method', $form_state->getValue('user_cancel_method')) ->set('notify.status_activated', $form_state->getValue('user_mail_status_activated_notify')) ->set('notify.status_blocked', $form_state->getValue('user_mail_status_blocked_notify')) diff --git a/core/modules/user/src/Tests/UserEditedOwnAccountTest.php b/core/modules/user/src/Tests/UserEditedOwnAccountTest.php index 65282c0..f5da2b5 100644 --- a/core/modules/user/src/Tests/UserEditedOwnAccountTest.php +++ b/core/modules/user/src/Tests/UserEditedOwnAccountTest.php @@ -16,7 +16,10 @@ */ class UserEditedOwnAccountTest extends WebTestBase { - function testUserEditedOwnAccount() { + /** + * Tests a user editing their own account. + */ + public function testUserEditedOwnAccount() { // Change account setting 'Who can register accounts?' to Administrators // only. $this->config('user.settings')->set('register', USER_REGISTER_ADMINISTRATORS_ONLY)->save(); @@ -36,5 +39,28 @@ function testUserEditedOwnAccount() { // Set the new name on the user account and attempt to log back in. $account->name = $edit['name']; $this->drupalLogin($account); + + // Attempt to change username to an email other than my own. + $edit['name'] = $this->randomMachineName() . '@example.com'; + $this->drupalPostForm('user/' . $account->id() . '/edit', $edit, t('Save')); + $this->assertText(t('An email address was provided as a username, but does not match the account email address.'), 'Error message found when an email username does not match user email.'); + $this->assertNoText(t('The changes have been saved.'), 'The user account was not saved.'); + + // Lookup user by name to make sure we didn't actually change the name. + $accounts = \Drupal::entityManager()->getStorage('user')->loadByProperties(array('name' => $edit['name'])); + $this->assertTrue(empty($accounts), 'Username was not changed to email address other than my own.'); + + // Change username to my email address. + $edit['name'] = $account->getEmail(); + $this->drupalPostForm('user/' . $account->id() . '/edit', $edit, t('Save')); + $this->assertText(t('The changes have been saved.'), 'The user account was saved.'); + + // Test that 'verify_email_match' turned off allows emails that don't match. + \Drupal::config('user.settings')->set('verify_email_match', FALSE)->save(); + + // Change username to random, non-matching email address. + $edit['name'] = $this->randomMachineName() . '@example.com'; + $this->drupalPostForm('user/' . $account->id() . '/edit', $edit, t('Save')); + $this->assertText(t('The changes have been saved.'), 'The user account was saved.'); } } diff --git a/core/modules/user/src/Tests/UserRegistrationTest.php b/core/modules/user/src/Tests/UserRegistrationTest.php index 1e16bc7..781948f 100644 --- a/core/modules/user/src/Tests/UserRegistrationTest.php +++ b/core/modules/user/src/Tests/UserRegistrationTest.php @@ -223,6 +223,68 @@ public function testUuidFormState() { $this->assertTrue($user_storage->loadByProperties(['name' => $edit['name']])); } + /** + * Tests new users username matches their email if username is an email. + */ + public function testRegistrationEmailAsUsername() { + // Don't require email verification. + // Allow registration by site visitors without administrator approval. + \Drupal::config('user.settings') + ->set('verify_mail', FALSE) + ->set('register', USER_REGISTER_VISITORS) + ->save(); + + $mail = $this->randomMachineName() . '@example.com'; + $different = $this->randomMachineName() . $mail; + + // Set up edit array. + $edit = array(); + $edit['mail'] = $mail; + $edit['name'] = $different; + $edit['pass[pass1]'] = $edit['pass[pass2]'] = $this->randomMachineName(); + + // Attempt to create an account using an email that doesn't match the name. + $this->drupalPostForm('user/register', $edit, t('Create new account')); + $this->assertText(t('An email address was provided as a username, but does not match the account email address.'), 'Email username does not match user email error message found.'); + $this->assertNoText(t('Registration successful. You are now logged in.'), 'The user was not created and logged in.'); + + // Attempt to create new account using matching email address. + $edit['name'] = $edit['mail'] = $this->randomMachineName() . '@example.com'; + + $this->drupalPostForm('user/register', $edit, t('Create new account')); + $this->assertText(t('Registration successful. You are now logged in.'), 'The user was created and logged in with matching email.'); + + $accounts = \Drupal::entityManager()->getStorage('user')->loadByProperties(array('name' => $edit['name'])); + $new_user = reset($accounts); + $this->assertTrue(($new_user->getUsername() === $edit['name']) && ($new_user->getEmail() === $edit['mail']), 'Created user with matching username and email address.'); + } + + /** + * Tests new users username not matching their email if username is an email. + */ + public function testRegistrationEmailAsUsernameDisabled() { + // Test that 'verify_email_match' turned off allows emails that don't match. + \Drupal::config('user.settings') + ->set('verify_email_match', FALSE) + ->set('verify_mail', FALSE) + ->set('register', USER_REGISTER_VISITORS) + ->save(); + + $mail = $this->randomMachineName() . '@example.com'; + $different = $this->randomMachineName() . $mail; + + $edit = array(); + $edit['mail'] = $mail; + $edit['name'] = $different; + $edit['pass[pass1]'] = $edit['pass[pass2]'] = $this->randomMachineName(); + + // Attempt to create an account using an email that doesn't match the name. + // This should be OK, as 'verify_email_match' is disabled. + $this->drupalPostForm('user/register', $edit, t('Create new account')); + $this->assertNoText(t('An email address was provided as a username, but does not match the account email address.'), 'Email username does not match user email error message found.'); + $this->assertText(t('Registration successful. You are now logged in.'), 'The user was not created and logged in.'); + } + function testRegistrationDefaultValues() { // Don't require email verification and allow registration by site visitors // without administrator approval.