From 5feda4e2a84a63353177629643393b8380f1fcb4 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 5 Jun 2009 09:26:06 +0000
Subject: [PATCH] - Patch #481794 by mr.baileys: made the one-time link be
 active immediately so we can remove a hack from the tests.

---
 modules/user/user.pages.inc | 4 ++--
 modules/user/user.test      | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc
index 6cdc30c341bf..2547b7bc8879 100644
--- a/modules/user/user.pages.inc
+++ b/modules/user/user.pages.inc
@@ -89,13 +89,13 @@ function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action =
     $current = REQUEST_TIME;
     // Some redundant checks for extra security ?
     $users = user_load_multiple(array($uid), array('status' => '1'));
-    if ($timestamp < $current && $account = reset($users)) {
+    if ($timestamp <= $current && $account = reset($users)) {
       // No time out for first time login.
       if ($account->login && $current - $timestamp > $timeout) {
         drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
         drupal_goto('user/password');
       }
-      elseif ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) {
+      elseif ($account->uid && $timestamp >= $account->login && $timestamp <= $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) {
         // First stage is a confirmation form, then login
         if ($action == 'login') {
           watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp));
diff --git a/modules/user/user.test b/modules/user/user.test
index e12294a3a389..028d06e07940 100644
--- a/modules/user/user.test
+++ b/modules/user/user.test
@@ -57,7 +57,6 @@ class UserRegistrationTestCase extends DrupalWebTestCase {
 
     // Login using password reset page.
     $url = user_pass_reset_url($user);
-    sleep(1); // TODO Find better way.
     $this->drupalGet($url);
     $this->assertText(t('This login can be used only once.'), t('Login can be used only once.'));
 
-- 
GitLab