You are here

function BotchaSessionReuseAttackTestCase::testBotchaSessionReuseAttackDetectionOnNodeForm in BOTCHA Spam Prevention 7

Same name and namespace in other branches
  1. 6 botcha.test \BotchaSessionReuseAttackTestCase::testBotchaSessionReuseAttackDetectionOnNodeForm()

File

./botcha.test, line 932
Tests for BOTCHA module.

Class

BotchaSessionReuseAttackTestCase

Code

function testBotchaSessionReuseAttackDetectionOnNodeForm() {

  // Set BOTCHA on page form.
  botcha_set_form_id_setting('page_node_form', 'test');

  // Log in as normal user.
  $this
    ->drupalLogin($this->normal_user);

  // Go to node add form.
  $this
    ->drupalGet('node/add/page');
  $this
    ->assertBotchaPresence(TRUE);

  // Get form_build_id.
  $form_build_id = $this
    ->getFormBuildIdFromForm();

  // Page settings to post, with correct BOTCHA answer.
  $edit = $this
    ->setNodeFormValues();

  // Preview the node
  $this
    ->drupalPost(NULL, $edit, t('Preview'));

  // Answer should be accepted.
  $this
    ->assertBotchaResponseAccepted();
  $this
    ->assertBotchaPresence(TRUE);

  // Post a new node, reusing the previous BOTCHA session.
  $edit = $this
    ->setNodeFormValues();
  $edit['form_build_id'] = $form_build_id;
  $this
    ->drupalPost('node/add/page', $edit, t('Preview'));

  // BOTCHA session reuse attack should be detected.
  $this
    ->assertBotchaSessionIdReuseAttackDetection();

  // There should be a BOTCHA.
  $this
    ->assertBotchaPresence(TRUE);
}