1 user.test UserLoginTestCase::testPerUserLoginFloodControl()

Test the per-user login flood control.

File

core/modules/user/tests/user.test, line 519
Tests for user.module.

Class

UserLoginTestCase
Functional tests for user logins, including rate limiting of login attempts.

Code

function testPerUserLoginFloodControl() {
  config('user.flood')
    // Set a high global limit out so that it is not relevant in the test.
    ->set('flood_ip_limit', 4000)
    ->set('flood_user_limit', 3)
    ->save();

  $user1 = $this->backdropCreateUser(array());
  $incorrect_user1 = clone $user1;
  $incorrect_user1->pass_raw .= 'incorrect';

  $user2 = $this->backdropCreateUser(array());

  // Try 2 failed logins.
  for ($i = 0; $i < 2; $i++) {
    $this->assertFailedLogin($incorrect_user1, NULL, TRUE);
  }

  // A successful login will reset the per-user flood control count.
  $this->backdropLogin($user1);
  $this->backdropLogout();

  // Try 3 failed logins for user 1, they will not trigger flood control.
  for ($i = 0; $i < 3; $i++) {
    $this->assertFailedLogin($incorrect_user1, NULL, TRUE);
  }

  // Try one successful attempt for user 2, it should not trigger any
  // flood control.
  $this->backdropLogin($user2);
  $this->backdropLogout();

  // Try one more attempt for user 1, it should be rejected, even if the
  // correct password has been used.
  $this->assertFailedLogin($user1, NULL, TRUE, 'user');

  // Resetting the password should clear the flood control for the user.
  $new_pass = $this->resetUserPassword($user1);
  $this->backdropLogout();

  // Try to log in as user 1, it should be successful.
  // Need to reload user since the password changed.
  $user1->pass_raw = $new_pass;
  $this->backdropLogin($user1);
  $this->assertRaw('Member for');

}