1 user.test | UserLoginTestCase::testPerUserLoginFloodControl() |
Test the per-user login flood control.
File
- core/
modules/ user/ tests/ user.test, line 519 - Tests for user.module.
Class
- UserLoginTestCase
- Functional tests for user logins, including rate limiting of login attempts.
Code
function testPerUserLoginFloodControl() {
config('user.flood')
// Set a high global limit out so that it is not relevant in the test.
->set('flood_ip_limit', 4000)
->set('flood_user_limit', 3)
->save();
$user1 = $this->backdropCreateUser(array());
$incorrect_user1 = clone $user1;
$incorrect_user1->pass_raw .= 'incorrect';
$user2 = $this->backdropCreateUser(array());
// Try 2 failed logins.
for ($i = 0; $i < 2; $i++) {
$this->assertFailedLogin($incorrect_user1, NULL, TRUE);
}
// A successful login will reset the per-user flood control count.
$this->backdropLogin($user1);
$this->backdropLogout();
// Try 3 failed logins for user 1, they will not trigger flood control.
for ($i = 0; $i < 3; $i++) {
$this->assertFailedLogin($incorrect_user1, NULL, TRUE);
}
// Try one successful attempt for user 2, it should not trigger any
// flood control.
$this->backdropLogin($user2);
$this->backdropLogout();
// Try one more attempt for user 1, it should be rejected, even if the
// correct password has been used.
$this->assertFailedLogin($user1, NULL, TRUE, 'user');
// Resetting the password should clear the flood control for the user.
$new_pass = $this->resetUserPassword($user1);
$this->backdropLogout();
// Try to log in as user 1, it should be successful.
// Need to reload user since the password changed.
$user1->pass_raw = $new_pass;
$this->backdropLogin($user1);
$this->assertRaw('Member for');
}