You are here

function CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnNodeForm in CAPTCHA 7

Same name and namespace in other branches
  1. 6.2 captcha.test \CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnNodeForm()

File

./captcha.test, line 1032
Tests for CAPTCHA module.

Class

CaptchaSessionReuseAttackTestCase

Code

function testCaptchaSessionReuseAttackDetectionOnNodeForm() {

  // Set CAPTCHA on page form.
  captcha_set_form_id_setting('page_node_form', 'captcha/Math');
  variable_set('captcha_persistence', CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM_INSTANCE);

  // Log in as normal user.
  $this
    ->drupalLogin($this->normal_user);

  // Go to node add form.
  $this
    ->drupalGet('node/add/page');
  $this
    ->assertCaptchaPresence(TRUE);

  // Get CAPTCHA session ID and solution of the challenge.
  $captcha_sid = $this
    ->getCaptchaSidFromForm();
  $captcha_token = $this
    ->getCaptchaTokenFromForm();
  $solution = $this
    ->getMathCaptchaSolutionFromForm();

  // Page settings to post, with correct CAPTCHA answer.
  $edit = $this
    ->getNodeFormValues();
  $edit['captcha_response'] = $solution;

  // Preview the node
  $this
    ->drupalPost(NULL, $edit, t('Preview'));

  // Answer should be accepted.
  $this
    ->assertCaptchaResponseAccepted();

  // Check that there is no CAPTCHA after preview.
  $this
    ->assertCaptchaPresence(FALSE);

  // Post a new comment, reusing the previous CAPTCHA session.
  $edit = $this
    ->getNodeFormValues();
  $edit['captcha_sid'] = $captcha_sid;
  $edit['captcha_token'] = $captcha_token;
  $edit['captcha_response'] = $solution;
  $this
    ->drupalPost('node/add/page', $edit, t('Preview'));

  // CAPTCHA session reuse attack should be detected.
  $this
    ->assertCaptchaSessionIdReuseAttackDetection();

  // There should be a CAPTCHA.
  $this
    ->assertCaptchaPresence(TRUE);
}