You are here

Home » API reference » BOTCHA Spam Prevention 6 » botcha.test » BotchaSessionReuseAttackTestCase

function BotchaSessionReuseAttackTestCase::testBotchaSessionReuseAttackDetectionOnCommentPreview in BOTCHA Spam Prevention 6

Same name and namespace in other branches
  1. 7 botcha.test \BotchaSessionReuseAttackTestCase::testBotchaSessionReuseAttackDetectionOnCommentPreview()

File

./botcha.test, line 886
Tests for BOTCHA module.

Class

BotchaSessionReuseAttackTestCase

Code

function testBotchaSessionReuseAttackDetectionOnCommentPreview() {

  // Create commentable node
  $node = $this
    ->createNodeWithCommentsEnabled();

  // Set Test BOTCHA on comment form.
  botcha_set_form_id_setting(self::COMMENT_FORM_ID, 'test');

  // Log in as normal user.
  $this
    ->drupalLogin($this->normal_user);

  // Go to comment form of commentable node.
  $this
    ->drupalGet('comment/reply/' . $node->nid);
  $this
    ->assertBotchaPresence(TRUE);

  // Get form_build_id.
  $form_build_id = $this
    ->getFormBuildIdFromForm();

  // Post the form with the solution.
  $edit = $this
    ->setCommentFormValues();
  $this
    ->drupalPost(NULL, $edit, t('Preview'));

  // Answer should be accepted and further BOTCHA ommitted.
  $this
    ->assertBotchaResponseAccepted();
  $this
    ->assertBotchaPresence(TRUE);

  // Post a new comment, reusing the previous BOTCHA session.
  $edit = $this
    ->setCommentFormValues();
  $edit['form_build_id'] = $form_build_id;
  $this
    ->drupalPost('comment/reply/' . $node->nid, $edit, t('Preview'));

  // BOTCHA session reuse attack should be detected.
  $this
    ->assertBotchaSessionIdReuseAttackDetection();

  // There should be a BOTCHA.
  $this
    ->assertBotchaPresence(TRUE);

  // Verify that values that user posted are preserved in the new form
  $values = $this
    ->getCommentFormValuesFromForm();
  $this
    ->assertEqual($values['subject'], $edit['subject'], 'Subject should be preserved');
  $this
    ->assertEqual($values['comment'], $edit['comment'], 'Comment body should be preserved');

  // And verify new form can be re-submitted
  unset($edit['form_build_id']);
  $this
    ->drupalPost('comment/reply/' . $node->nid, $edit, t('Preview'));
  $this
    ->assertBotchaResponseAccepted();
  $this
    ->assertBotchaPresence(TRUE);
}