Set author and editor passwords to the admin password in the demo to make demoing easier

+1 from this end. Unami can add an install task which copies the admin user's `passRaw`, if available or copies the hash over to the other users. I'm not sure if the data could be retrieved from the form in later tasks.

This would make the demo much easier to interact with.

The users are currently indeed created without a password: https://git.drupalcode.org/project/drupal/blob/8.8.x/core/profiles/demo_... — this was done in #2809635: Create experimental installation profile, so you can't log in with them. To log in as these users, have the admin user assign them a password first (or use drush uli).

+1 to the proposed solution from Gábor: that seems entirely reasonable for demo installs.

I created a function that gets all users in the system with roles 'author' and 'editor' and sets their password to be the same as the admin's password.

This function is called in 2 places:

1. At the end of demo_umami_content module installation (to set users password when reinstalling demo_umami_content).
2. As the last task of demo_umami installation profile (after admin set password).

I have tested this patch locally with Drupal 8.7, and have been able to login with the generated password for all six generated users:

Samuel Adamson
Megan Collins Quinlan
Holly Foat
Umami
Grace Hamilton
Margaret Hopper

There were multiple ` PDOStatement::execute(): MySQL server has gone away` statements in the test run output.

Retriggering.

Tests pass again, restoring RTBC.

1. +++ b/core/profiles/demo_umami/modules/demo_umami_content/src/InstallHelper.php
   @@ -140,7 +142,50 @@ public function importContent() {
   +
   +    // Get the hashed password of admin
   +    $account = User::load(1);
   +    $admin_password = $account->pass->value;
   +
   +    // During demo_umami profile installation, demo_umami_content module is
   +    // running before admin password was set so we skip setting users' passwords
   +    // at this stage. This function will be called again as the last task of ¶
   +    // demo_umami profile, and whenever demo_umami_content gets reinstalled.
   +    if (isset($admin_password)) {
   +      // Collect the IDs of all users with roles editor or author.
   +      $ids = \Drupal::entityQuery('user')
   +        ->condition('roles', ['author', 'editor'], 'IN')
   +        ->execute();
   +
   +      // Unique password hashes are automatically generated, the only way to
   +      // change that is to update it directly in the database.
   +      Database::getConnection()->update('users_field_data')
   +        ->fields(['pass' => $admin_password])
   +        ->condition('uid', $ids, 'IN')
   +        ->execute();
   +
   +      // Flush the cache of user entity because login system reads from cache and
   +      // not from the table users_field_data.
   +      \Drupal::entityManager()->getStorage('user')->resetCache();
   +    }
   +  }
   

   There are various things here wrong, most importantly, you must never directly write entity tables but use the entity API.

   You can set the pre_hashed attribute to save an already hashed password, you should also use the injected $entityTypeManager to load entities, query for them and so on.

2. +++ b/core/profiles/demo_umami/modules/demo_umami_content/src/InstallHelper.php
   @@ -140,7 +142,50 @@ public function importContent() {
   +   * Sets the password of admin to be the password for all users
   +   *
   +   * @return $this
   +   */
   +  protected function setUsersPasswords() {
   +    \Drupal::classResolver(InstallHelper::class)->set_users_passwords();
   +    return $this;
      }
    
   

   I don't understand what this is doing, just add the code in this method, no need for set_users_passwords()?

We're working on this in the sprint room and have completely changed this around.

It's been simplified to grab the admin's password out of the install form and then apply it to all the users when that form is submitted.

Greatly simplifies the amount of code changed.

I've tested this with both the normal UI installer (user admin/password food) and the drush installer (`drush site-install --account-pass=food demo_umami`), and all users were successfully given the 'food' password.

Please note that it's not entirely clear on how to test this one. Is it necessary?

Removed unused use statement.

I left a debugging variable in :-(....

Took it out in this patch (#14)

Thanks a lot for working on this, @partyka! 👍

1. +++ b/core/profiles/demo_umami/demo_umami.profile
   @@ -24,6 +24,38 @@ function demo_umami_form_install_configure_form_alter(&$form, FormStateInterface
   +/**
   + * Implements hook_install_tasks().
   + */
   +function demo_umami_install_tasks(&$install_state) {
   +  return array();
   +}
   

   This is not doing anything anymore, I think we can probably remove it?

2. +++ b/core/profiles/demo_umami/demo_umami.profile
   @@ -24,6 +24,38 @@ function demo_umami_form_install_configure_form_alter(&$form, FormStateInterface
   +  global $x;
   

   I think this is a debug leftover :)
   Hah, you fixed that while I was writing this, awesome! 👏

3. +++ b/core/profiles/demo_umami/demo_umami.profile
   @@ -24,6 +24,38 @@ function demo_umami_form_install_configure_form_alter(&$form, FormStateInterface
   +  // Collect the IDs of all users with roles editor or author.
   +  $ids = \Drupal::entityQuery('user')
   +    ->condition('roles', ['author', 'editor'], 'IN')
   +    ->execute();
   

   This can become even simpler: \Drupal\demo_umami_content\InstallHelper::importEditors() always creates the same two users, with the same two names and the same two IDs. So we don't even need an entity query :)

4. +++ b/core/profiles/demo_umami/demo_umami.profile
   --- a/core/profiles/demo_umami/modules/demo_umami_content/src/InstallHelper.php
   +++ b/core/profiles/demo_umami/modules/demo_umami_content/src/InstallHelper.php
   

   The changes in this class can be reverted now! :)

Uploaded a new patch and a test thanks to tedbow's help :-)

I've removed the old code no longer needed.

But I think it makes sense to say to add everyone in the author or editor roles, as there are currently six users.

And @Wim Leers, thank you for your review!

@tedbow also needs credit on this, he helped me with the test.

Great work, thanks for working on this patch! From a functional point of view, this patch applied cleanly and I've been able to log in to all the accounts, both editors and authors, using the same password created for admin.

Code style cleanup.

Thanks for bearing with us and fixing those nitpicks! 🙏 😃

+1 RTBC

I tested it with Drupal installation using the GUI, and then tested it using drush si demo_umami.
Both methods worked as planned, all users got the same password as admin.