function CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnLoginForm in CAPTCHA 7
Same name and namespace in other branches
- 6.2 captcha.test \CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnLoginForm()
File
- ./
captcha.test, line 1072 - Tests for CAPTCHA module.
Class
Code
function testCaptchaSessionReuseAttackDetectionOnLoginForm() {
// Set CAPTCHA on login form.
captcha_set_form_id_setting('user_login', 'captcha/Math');
variable_set('captcha_persistence', CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM_INSTANCE);
// Go to log in form.
$this
->drupalGet('user');
$this
->assertCaptchaPresence(TRUE);
// Get CAPTCHA session ID and solution of the challenge.
$captcha_sid = $this
->getCaptchaSidFromForm();
$captcha_token = $this
->getCaptchaTokenFromForm();
$solution = $this
->getMathCaptchaSolutionFromForm();
// Log in through form.
$edit = array(
'name' => $this->normal_user->name,
'pass' => $this->normal_user->pass_raw,
'captcha_response' => $solution,
);
$this
->drupalPost(NULL, $edit, t('Log in'));
$this
->assertCaptchaResponseAccepted();
$this
->assertCaptchaPresence(FALSE);
// If a "log out" link appears on the page, it is almost certainly because
// the login was successful.
$pass = $this
->assertLink(t('Log out'), 0, t('User %name successfully logged in.', array(
'%name' => $this->normal_user->name,
)), t('User login'));
// Log out again.
$this
->drupalLogout();
// Try to log in again, reusing the previous CAPTCHA session.
$edit += array(
'captcha_sid' => $captcha_sid,
'captcha_token' => $captcha_token,
);
$this
->drupalPost('user', $edit, t('Log in'));
// CAPTCHA session reuse attack should be detected.
$this
->assertCaptchaSessionIdReuseAttackDetection();
// There should be a CAPTCHA.
$this
->assertCaptchaPresence(TRUE);
}