function BotchaSessionReuseAttackTestCase::testBotchaSessionReuseAttackDetectionOnCommentPreview in BOTCHA Spam Prevention 6
Same name and namespace in other branches
- 7 botcha.test \BotchaSessionReuseAttackTestCase::testBotchaSessionReuseAttackDetectionOnCommentPreview()
File
- ./
botcha.test, line 886 - Tests for BOTCHA module.
Class
Code
function testBotchaSessionReuseAttackDetectionOnCommentPreview() {
// Create commentable node
$node = $this
->createNodeWithCommentsEnabled();
// Set Test BOTCHA on comment form.
botcha_set_form_id_setting(self::COMMENT_FORM_ID, 'test');
// Log in as normal user.
$this
->drupalLogin($this->normal_user);
// Go to comment form of commentable node.
$this
->drupalGet('comment/reply/' . $node->nid);
$this
->assertBotchaPresence(TRUE);
// Get form_build_id.
$form_build_id = $this
->getFormBuildIdFromForm();
// Post the form with the solution.
$edit = $this
->setCommentFormValues();
$this
->drupalPost(NULL, $edit, t('Preview'));
// Answer should be accepted and further BOTCHA ommitted.
$this
->assertBotchaResponseAccepted();
$this
->assertBotchaPresence(TRUE);
// Post a new comment, reusing the previous BOTCHA session.
$edit = $this
->setCommentFormValues();
$edit['form_build_id'] = $form_build_id;
$this
->drupalPost('comment/reply/' . $node->nid, $edit, t('Preview'));
// BOTCHA session reuse attack should be detected.
$this
->assertBotchaSessionIdReuseAttackDetection();
// There should be a BOTCHA.
$this
->assertBotchaPresence(TRUE);
// Verify that values that user posted are preserved in the new form
$values = $this
->getCommentFormValuesFromForm();
$this
->assertEqual($values['subject'], $edit['subject'], 'Subject should be preserved');
$this
->assertEqual($values['comment'], $edit['comment'], 'Comment body should be preserved');
// And verify new form can be re-submitted
unset($edit['form_build_id']);
$this
->drupalPost('comment/reply/' . $node->nid, $edit, t('Preview'));
$this
->assertBotchaResponseAccepted();
$this
->assertBotchaPresence(TRUE);
}