1 user.test UserLoginTestCase::testGlobalLoginFloodControl()

Test the global login flood control.


core/modules/user/tests/user.test, line 466
Tests for user.module.


Functional tests for user logins, including rate limiting of login attempts.


function testGlobalLoginFloodControl() {
    ->set('flood_ip_limit', 10)
    // Set a high per-user limit out so that it is not relevant in the test.
    ->set('flood_user_limit', 4000)

  $user1 = $this->backdropCreateUser(array());
  $incorrect_user1 = clone $user1;
  $incorrect_user1->pass_raw .= 'incorrect';

  // Try 2 failed logins.
  for ($i = 0; $i < 2; $i++) {
    $this->assertFailedLogin($incorrect_user1, NULL, TRUE);

  // A successful login will not reset the IP-based flood control count.

  // Try 8 more failed logins, they should not trigger the flood control
  // mechanism.
  for ($i = 0; $i < 8; $i++) {
    $this->assertFailedLogin($incorrect_user1, NULL, TRUE);

  // The next login trial should result in an IP-based flood error message.
  $this->assertFailedLogin($incorrect_user1, NULL, TRUE, 'ip');

  // A login with the correct password should also result in a flood error
  // message.
  $this->assertFailedLogin($user1, NULL, TRUE, 'ip');