function CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnNodeForm in CAPTCHA 7
Same name and namespace in other branches
- 6.2 captcha.test \CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnNodeForm()
File
- ./
captcha.test, line 1032 - Tests for CAPTCHA module.
Class
Code
function testCaptchaSessionReuseAttackDetectionOnNodeForm() {
// Set CAPTCHA on page form.
captcha_set_form_id_setting('page_node_form', 'captcha/Math');
variable_set('captcha_persistence', CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM_INSTANCE);
// Log in as normal user.
$this
->drupalLogin($this->normal_user);
// Go to node add form.
$this
->drupalGet('node/add/page');
$this
->assertCaptchaPresence(TRUE);
// Get CAPTCHA session ID and solution of the challenge.
$captcha_sid = $this
->getCaptchaSidFromForm();
$captcha_token = $this
->getCaptchaTokenFromForm();
$solution = $this
->getMathCaptchaSolutionFromForm();
// Page settings to post, with correct CAPTCHA answer.
$edit = $this
->getNodeFormValues();
$edit['captcha_response'] = $solution;
// Preview the node
$this
->drupalPost(NULL, $edit, t('Preview'));
// Answer should be accepted.
$this
->assertCaptchaResponseAccepted();
// Check that there is no CAPTCHA after preview.
$this
->assertCaptchaPresence(FALSE);
// Post a new comment, reusing the previous CAPTCHA session.
$edit = $this
->getNodeFormValues();
$edit['captcha_sid'] = $captcha_sid;
$edit['captcha_token'] = $captcha_token;
$edit['captcha_response'] = $solution;
$this
->drupalPost('node/add/page', $edit, t('Preview'));
// CAPTCHA session reuse attack should be detected.
$this
->assertCaptchaSessionIdReuseAttackDetection();
// There should be a CAPTCHA.
$this
->assertCaptchaPresence(TRUE);
}