You are here

function CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnCommentPreview in CAPTCHA 7

Same name and namespace in other branches
  1. 6.2 captcha.test \CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnCommentPreview()

File

./captcha.test, line 992
Tests for CAPTCHA module.

Class

CaptchaSessionReuseAttackTestCase

Code

function testCaptchaSessionReuseAttackDetectionOnCommentPreview() {

  // Create commentable node
  $node = $this
    ->createNodeWithCommentsEnabled();

  // Set Test CAPTCHA on comment form.
  captcha_set_form_id_setting(self::COMMENT_FORM_ID, 'captcha/Math');
  variable_set('captcha_persistence', CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM_INSTANCE);

  // Log in as normal user.
  $this
    ->drupalLogin($this->normal_user);

  // Go to comment form of commentable node.
  $this
    ->drupalGet('comment/reply/' . $node->nid);
  $this
    ->assertCaptchaPresence(TRUE);

  // Get CAPTCHA session ID and solution of the challenge.
  $captcha_sid = $this
    ->getCaptchaSidFromForm();
  $captcha_token = $this
    ->getCaptchaTokenFromForm();
  $solution = $this
    ->getMathCaptchaSolutionFromForm();

  // Post the form with the solution.
  $edit = $this
    ->getCommentFormValues();
  $edit['captcha_response'] = $solution;
  $this
    ->drupalPost(NULL, $edit, t('Preview'));

  // Answer should be accepted and further CAPTCHA ommitted.
  $this
    ->assertCaptchaResponseAccepted();
  $this
    ->assertCaptchaPresence(FALSE);

  // Post a new comment, reusing the previous CAPTCHA session.
  $edit = $this
    ->getCommentFormValues();
  $edit['captcha_sid'] = $captcha_sid;
  $edit['captcha_token'] = $captcha_token;
  $edit['captcha_response'] = $solution;
  $this
    ->drupalPost('comment/reply/' . $node->nid, $edit, t('Preview'));

  // CAPTCHA session reuse attack should be detected.
  $this
    ->assertCaptchaSessionIdReuseAttackDetection();

  // There should be a CAPTCHA.
  $this
    ->assertCaptchaPresence(TRUE);
}