Implement language aware tokens for one time login link and cancel link

Related: #1754208: Convert hook_mail() and hook_mail_alter() to langcode

+++ b/core/modules/user/user.moduleundefined
@@ -1817,14 +1817,25 @@ function user_external_login_register($name, $module) {
+    $url_options['language'] = language_load($options['langcode']);

it is possible that a language gets disabled, so this will return FALSE

+++ b/core/modules/user/user.moduleundefined
@@ -1844,9 +1859,16 @@ function user_pass_reset_url($account) {
+    $url_options['language'] = language_load($options['langcode']);

same potential problem as above

title fixed

good job

Just a couple of minor things:

+++ b/core/modules/user/lib/Drupal/user/Tests/UserTokenReplaceTest.phpundefined
@@ -21,6 +29,14 @@ class UserTokenReplaceTest extends WebTestBase {
+    $language = (object) array(
+      'langcode' => 'de',
+    );

Let's switch this to the "new Language" method like we have in http://drupal.org/node/1739994 so we don't create more clean-up to do.

+++ b/core/modules/user/lib/Drupal/user/Tests/UserTokenReplaceTest.phpundefined
@@ -71,5 +87,35 @@ class UserTokenReplaceTest extends WebTestBase {
+    // Generate tokens with the users preferred language.

"user's"

+++ b/core/modules/user/lib/Drupal/user/Tests/UserTokenReplaceTest.phpundefined
@@ -71,5 +87,35 @@ class UserTokenReplaceTest extends WebTestBase {
+      $this->assertTrue(strpos($output, $link) === 0, 'Generated URL the users preferred language.');

That's not quite a sentence. Do you mean "Generated URL of the user's preferred language"?

+++ b/core/modules/user/lib/Drupal/user/Tests/UserTokenReplaceTest.phpundefined
@@ -71,5 +87,35 @@ class UserTokenReplaceTest extends WebTestBase {
+        $this->assertTrue(strpos($output, $link) === 0, 'Generated URL the requested language.');

Same thing here.

Fixed all requested changes.

use-ing the Language class helps :)

Looks good to me!

Committed and pushed to 8.x. Thanks!

Marked #1253336: user_pass_reset_url() does not pass language to url() as duplicate.

Reworked the patch from #12 for D7.

Tested this patch. It works fine by me.

#15 seems to work for me to.

#15 seems to work for me on Drupal 7.26, 7.27 now 7.28

any chance this will make it into core? What needs to happen to get into core? Can I help?

any chance this will make it into core? What needs to happen to get into core? Can I help?

Yes. Saying "it seems to work for me" is not very useful to the committer. There are things you can do to improve the situation.

1. Provide any documentation you can about how you tested the problem.
2. I just did a quick scan of the issue and saw no steps to reproduce the issue. Maybe you could add them. It will help the committer and anyone else who might happen upon this issue and want to review the patch.
3. Upload before and after screenshots if the change is visible in the UI (it seems like this would be). Embedding the screenshots in the comment is always best practice if you want them to get noticed. Install the Dreditor browser extension to make embedding quick and easy.
4. Update the issue summary with any details that would be relevant to the committer so they can make their decision about the patch. Again, install Dreditor. After you do, an Insert Template button will appear above the Issue summary form field (which is right below the new comment field). Fill out the template with all the info you can find about the issue.
5. Following a more detailed review, set the issue status to Reviewed and Tested by the Community (RTBC). Given that multiple people have reported this patch as working, it should be ok for you to do it.

@dcam - this was already brought into Core in D8. One would hope that all of this rigor of #21 was done in D8, but there is no evidence of this.

4 people are saying the patch in 15 works for them in D7. Not that any of them have said that they are using this in production, but there's a reasonable chance.

It needed a re-roll, but people follow examples. If we haven't followed those steps in getting a patch in D8, we shouldn't expect people to follow the same steps to backport a solution we've already agreed to.

So to load this patch on SimplyTest.me

I think I would see it admin/config/people/accounts

But I'm not seeing any multilingual information on that page after adding Abkhazian to the default install.

I use patch #15 in production since release 7.26. It is working fine.

Here is how you can reproduce the issue:
1/ You need a website with multiple languages enabled (For example default language is EN (english) and NL (dutch))
2/ Create an account for a new user and select a non-default language (NL in our case)
3/ The email sent out to the user will be in the correct language, but will have the tokens [user:one-time-login-url] and [user:cancel-url] with the default language, not the language of your user. Meaning that when a user verifies his email address he will be automaticually send to the website in the wrong language.

There is nothing in the UI configurations that will change or is worth a screenshot I think.

@rvb want to test the patch I rolled in #23 (or for that matter #15 if you want to try the original first) and apply it to the git Core repository? I can't mark my own patch RTBC, but you can.

When checking this patch for drupal7, I noticed that 'language' => $language was removed from the options-array of the token_replace call. This triggered some warnings and after a bit of testing, I found that the site:url-login token (system module) is broken because of this. I attached a new patch with the language inserted in the $options-array again.

For drupal8, I have not tested this. But as that patch (already applied in d8) is quite similar, it might need a bit of testing.

Note: this site:login-url token is used in the mail sent to a newly created user.

Thanks for catching that @SpadXIII - interdiffs are always good, but..

@@ -2822,7 +2843,7 @@ Your account on [site:name] has been canceled.
   if ($replace) {
     // We do not sanitize the token replacement, since the output of this
     // replacement is intended for an e-mail message, not a web browser.
-    return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
+    return token_replace($text, $variables, array('language' => $language, 'langcode' => $langcode, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
   }

This applies nicely. Bot likes it. Applying it to SimplyTest.me doesn't help though as it doesn't send the emails.

In testing this, it's also going to be important to configure the User interface text language detection here admin/config/regional/language/configure as by default it isn't set up.

[site:login-url] is on admin/config/people/accounts in the Vertical tabs: Welcome (new user created by administrator)

Rerolled the patch after the last update (7.35).

Only change is the addition of $account->uid in the user_pass_rehash calls.

@webflo last touched this 3 years ago so unassigning.

Hi,

thanks for this patch.
I patched the current Drupal 7.53 with patch #29 and now my password reset link had the right language prefix.
In a rule I'm using print user_pass_reset_url($user); and that works great now.

I see this is committed to D8, will this also be committed to D7 ?

Regenerated the patch for Drupal 7.95

The patch in #38 is wrong, as it removes code from this issues: #3306390: [D7] Changing email address should invalidate one-time login links, specifically the $account->mail parameters:

+function user_pass_reset_url($account, $options = array()) {
   $timestamp = REQUEST_TIME;
-  return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid, $account->mail), array('absolute' => TRUE));
...
+  return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), $url_options);

+function user_cancel_url($account, $options = array()) {
   $timestamp = REQUEST_TIME;
-  return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid, $account->mail), array('absolute' => TRUE));
...
+  return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), $url_options);