public function UserPasswordResetTest::testPasswordResetFloodControlPerUser

1 user_password_reset.test public UserPasswordResetTest::testPasswordResetFloodControlPerUser()

Test user-based flood control on password reset.

File

core/modules/user/tests/user_password_reset.test, line 240: Tests for resetting the password.

Class

UserPasswordResetTest

Code

public function testPasswordResetFloodControlPerUser() {
  // Set a very low limit for testing.
  $limit = 2;
  config_set('user.flood', 'flood_user_limit', $limit);

  // Create a user.
  $account = $this->backdropCreateUser();
  $this->backdropLogin($account);
  $this->backdropLogout();

  $edit = array('name' => $account->name);

  // Try 2 requests that should not trigger flood control.
  for ($i = 0; $i < $limit; $i++) {
    $this->backdropPost('user/password', $edit, t('Reset password'));
    // Confirm the password reset.
    $this->assertText(t('Further instructions have been sent to your email address.'), 'Password reset instructions mailed message displayed.');
    // Ensure that flood control was not triggered.
    $this->assertNoText('Sorry, too many password reset attempts', 'Flood control was not triggered by password reset.');
  }

  // A successful password reset should clear flood events.
  $resetURL = $this->getResetURL();
  $this->backdropGet($resetURL);

  // Check successful login.
  $new_password = $this->randomName(20);
  $pass_edit = array(
    'pass[pass1]' => $new_password,
    'pass[pass2]' => $new_password,
  );
  $this->backdropPost(NULL, $pass_edit, t('Save password & log in'));
  $this->backdropLogout();

  // Try 2 requests that should not trigger flood control.
  for ($i = 0; $i < $limit; $i++) {
    $this->backdropPost('user/password', $edit, t('Reset password'));
    // Confirm the password reset.
    $this->assertText(t('Further instructions have been sent to your email address.'), 'Password reset instructions mailed message displayed.');
    // Ensure that flood control was not triggered.
    $this->assertNoText('Sorry, too many password reset attempts', 'Flood control was not triggered by password reset.');
  }

  // The next request should trigger flood control
  $this->backdropPost('user/password', $edit, t('Reset password'));
  // Confirm the password reset was blocked.
  $this->assertNoText(t('Further instructions have been sent to your email address.'), 'Password reset instructions mailed message not displayed for excessive password resets.');
  // Ensure that flood control was triggered.
  $this->assertText('Sorry, too many password reset attempts', 'Flood control was triggered by excessive password resets for one user.');
}