function CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnCommentPreview in CAPTCHA 7
Same name and namespace in other branches
- 6.2 captcha.test \CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnCommentPreview()
File
- ./
captcha.test, line 992 - Tests for CAPTCHA module.
Class
Code
function testCaptchaSessionReuseAttackDetectionOnCommentPreview() {
// Create commentable node
$node = $this
->createNodeWithCommentsEnabled();
// Set Test CAPTCHA on comment form.
captcha_set_form_id_setting(self::COMMENT_FORM_ID, 'captcha/Math');
variable_set('captcha_persistence', CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM_INSTANCE);
// Log in as normal user.
$this
->drupalLogin($this->normal_user);
// Go to comment form of commentable node.
$this
->drupalGet('comment/reply/' . $node->nid);
$this
->assertCaptchaPresence(TRUE);
// Get CAPTCHA session ID and solution of the challenge.
$captcha_sid = $this
->getCaptchaSidFromForm();
$captcha_token = $this
->getCaptchaTokenFromForm();
$solution = $this
->getMathCaptchaSolutionFromForm();
// Post the form with the solution.
$edit = $this
->getCommentFormValues();
$edit['captcha_response'] = $solution;
$this
->drupalPost(NULL, $edit, t('Preview'));
// Answer should be accepted and further CAPTCHA ommitted.
$this
->assertCaptchaResponseAccepted();
$this
->assertCaptchaPresence(FALSE);
// Post a new comment, reusing the previous CAPTCHA session.
$edit = $this
->getCommentFormValues();
$edit['captcha_sid'] = $captcha_sid;
$edit['captcha_token'] = $captcha_token;
$edit['captcha_response'] = $solution;
$this
->drupalPost('comment/reply/' . $node->nid, $edit, t('Preview'));
// CAPTCHA session reuse attack should be detected.
$this
->assertCaptchaSessionIdReuseAttackDetection();
// There should be a CAPTCHA.
$this
->assertCaptchaPresence(TRUE);
}