function BotchaSessionReuseAttackTestCase::testBotchaSessionReuseAttackDetectionOnLoginForm in BOTCHA Spam Prevention 7
Same name and namespace in other branches
- 6 botcha.test \BotchaSessionReuseAttackTestCase::testBotchaSessionReuseAttackDetectionOnLoginForm()
File
- ./
botcha.test, line 965 - Tests for BOTCHA module.
Class
Code
function testBotchaSessionReuseAttackDetectionOnLoginForm() {
// Set BOTCHA on login form.
botcha_set_form_id_setting('user_login', 'test');
// Go to log in form.
$this
->drupalGet('user');
$this
->assertBotchaPresence(TRUE);
// Get form_build_id.
$form_build_id = $this
->getFormBuildIdFromForm();
// Log in through form.
$edit = array(
'name' => $this->normal_user->name,
'pass' => $this->normal_user->pass_raw,
);
$this
->drupalPost(NULL, $edit, t('Log in'));
$this
->assertBotchaResponseAccepted();
$this
->assertBotchaPresence(FALSE);
// If a "log out" link appears on the page, it is almost certainly because
// the login was successful.
$pass = $this
->assertLink(t('Log out'), 0, t('User %name successfully logged in.', array(
'%name' => $this->normal_user->name,
)), t('User login'));
// Log out again.
$this
->drupalLogout();
// Try to log in again, reusing the previous BOTCHA session.
$edit += array(
'form_build_id' => $form_build_id,
);
$this
->drupalPost('user', $edit, t('Log in'));
// BOTCHA session reuse attack should be detected.
$this
->assertBotchaSessionIdReuseAttackDetection();
// There should be a BOTCHA.
$this
->assertBotchaPresence(TRUE);
}