Issue #3018673 by nicksanta, dhirendra.mishra, jibran: Add support for RFC5785...

Issue #3018673 by nicksanta, dhirendra.mishra, jibran: Add support for RFC5785 change password well known resource

Issue #3018673 by nicksanta, dhirendra.mishra, jibran: Add support for RFC5785...
3b6f89ba · Lee Rowlands · 37d2299b · 3b6f89ba · 3b6f89ba · 3b6f89ba
Verified Commit 3b6f89ba authored 5 years ago by Lee Rowlands
--- a/core/modules/user/src/Controller/UserController.php
+++ b/core/modules/user/src/Controller/UserController.php
@@ -262,6 +262,21 @@ public function userPage() {
    return $this->redirect('entity.user.canonical', ['user' => $this->currentUser()->id()]);
  }

+  /**
+   * Redirects users to their profile edit page.
+   *
+   * This controller assumes that it is only invoked for authenticated users.
+   * This is enforced for the 'user.well-known.change_password' route with the
+   * '_user_is_logged_in' requirement.
+   *
+   * @return \Symfony\Component\HttpFoundation\RedirectResponse
+   *   Returns a redirect to the profile edit form of the currently logged in
+   *   user.
+   */
+  public function userEditPage() {
+    return $this->redirect('entity.user.edit_form', ['user' => $this->currentUser()->id()], [], 301);
+  }
+
  /**
   * Route title callback.
   *

--- a/core/modules/user/tests/src/Functional/UserEditTest.php
+++ b/core/modules/user/tests/src/Functional/UserEditTest.php
@@ -151,4 +151,22 @@ public function testUserWithoutEmailEdit() {
    $this->assertRaw(t("The changes have been saved."));
  }

+  /**
+   * Tests well known change password route redirects to user edit form.
+   */
+  public function testUserWellKnownChangePasswordAuth() {
+    $account = $this->drupalCreateUser([]);
+    $this->drupalLogin($account);
+    $this->drupalGet('.well-known/change-password');
+    $this->assertSession()->addressEquals("user/" . $account->id() . "/edit");
+  }
+
+  /**
+   * Tests well known change password route returns 403 to anonymous user.
+   */
+  public function testUserWellKnownChangePasswordAnon() {
+    $this->drupalGet('.well-known/change-password');
+    $this->assertSession()->statusCodeEquals(403);
+  }
+
 }
--- a/core/modules/user/user.routing.yml
+++ b/core/modules/user/user.routing.yml
@@ -209,3 +209,10 @@ user.reset.form:
  options:
    _maintenance_access: TRUE
    no_cache: TRUE
+
+user.well-known.change_password:
+  path: '/.well-known/change-password'
+  defaults:
+    _controller: '\Drupal\user\Controller\UserController::userEditPage'
+  requirements:
+    _user_is_logged_in: 'TRUE'