| 1 user_password_reset.test | public UserPasswordResetTest::testPasswordResetFloodControlPerIp() |
Test IP-based flood control on password reset.
File
- core/
modules/ user/ tests/ user_password_reset.test, line 294 - Tests for resetting the password.
Class
Code
public function testPasswordResetFloodControlPerIp() {
// Set a very low limit for testing.
$limit = 2;
config_set('user.flood', 'flood_ip_limit', $limit);
// Try 2 requests that should not trigger flood control.
for ($i = 0; $i < $limit; $i++) {
$name = $this->randomName();
$edit = array('name' => $name);
$this->backdropPost('user/password', $edit, t('Reset password'));
// Confirm the password reset was not blocked. Note that @name is used
// instead of %name as assertText() works with plain text not HTML.
$this->assertText(t('Sorry, @name is not recognized as a user name or an email address.', array('@name' => $name)), 'User name not recognized message displayed.');
// Ensure that flood control was not triggered.
$this->assertNoText('Sorry, too many password reset attempts', 'Flood control was not triggered by password reset.');
}
// The next request should trigger flood control
$name = $this->randomName();
$edit = array('name' => $name);
$this->backdropPost('user/password', $edit, t('Reset password'));
// Confirm the password reset was blocked early. Note that @name is used
// instead of %name as assertText() works with plain text not HTML.
$this->assertNoText(t('Sorry, @name is not recognized as a user name or an email address.', array('@name' => $name)), 'User name not recognized message not displayed.');
// Ensure that flood control was triggered.
$this->assertText('Sorry, too many password reset attempts', 'Flood control was triggered by excessive password resets from one IP.');
}