1 user_password_reset.test public UserPasswordResetTest::testPasswordResetFloodControlPerIp()

Test IP-based flood control on password reset.

File

core/modules/user/tests/user_password_reset.test, line 294
Tests for resetting the password.

Class

UserPasswordResetTest

Code

public function testPasswordResetFloodControlPerIp() {
  // Set a very low limit for testing.
  $limit = 2;
  config_set('user.flood', 'flood_ip_limit', $limit);

  // Try 2 requests that should not trigger flood control.
  for ($i = 0; $i < $limit; $i++) {
    $name = $this->randomName();
    $edit = array('name' => $name);
    $this->backdropPost('user/password', $edit, t('Reset password'));
    // Confirm the password reset was not blocked. Note that @name is used
    // instead of %name as assertText() works with plain text not HTML.
    $this->assertText(t('Sorry, @name is not recognized as a user name or an email address.', array('@name' => $name)), 'User name not recognized message displayed.');
    // Ensure that flood control was not triggered.
    $this->assertNoText('Sorry, too many password reset attempts', 'Flood control was not triggered by password reset.');
  }

  // The next request should trigger flood control
  $name = $this->randomName();
  $edit = array('name' => $name);
  $this->backdropPost('user/password', $edit, t('Reset password'));
  // Confirm the password reset was blocked early. Note that @name is used
  // instead of %name as assertText() works with plain text not HTML.
  $this->assertNoText(t('Sorry, @name is not recognized as a user name or an email address.', array('@name' => $name)), 'User name not recognized message not displayed.');
  // Ensure that flood control was triggered.
  $this->assertText('Sorry, too many password reset attempts', 'Flood control was triggered by excessive password resets from one IP.');
}