public function CaptchaSessionReuseAttackTestCase::testCaptchaSessionReuseAttackDetectionOnLoginForm in CAPTCHA 8
Test Captcha attack detection on login form.
File
- tests/
src/ Functional/ CaptchaSessionReuseAttackTestCase.php, line 121
Class
- CaptchaSessionReuseAttackTestCase
- Tests CAPTCHA session reusing.
Namespace
Drupal\Tests\captcha\FunctionalCode
public function testCaptchaSessionReuseAttackDetectionOnLoginForm() {
// Set CAPTCHA on login form.
captcha_set_form_id_setting('user_login_form', 'captcha/Test');
$this
->config('captcha.settings')
->set('persistence', CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM_INSTANCE)
->save();
// Go to log in form.
$this
->drupalGet('<front>');
$this
->assertCaptchaPresence(TRUE);
// Get CAPTCHA session ID and solution of the challenge.
$captcha_sid = $this
->getCaptchaSidFromForm();
$captcha_token = $this
->getCaptchaTokenFromForm();
$solution = "Test 123";
// Log in through form.
$edit = [
'name' => $this->normalUser
->getDisplayName(),
'pass' => $this->normalUser->pass_raw,
'captcha_response' => $solution,
];
$this
->submitForm($edit, 'Log in', self::LOGIN_HTML_FORM_ID);
$this
->assertCaptchaResponseAccepted();
$this
->assertCaptchaPresence(FALSE);
// If a "log out" link appears on the page, it is almost certainly because
// the login was successful.
$this
->assertSession()
->pageTextContains($this->normalUser
->getDisplayName());
// Log out again.
$this
->drupalLogout();
// Go to log in form again.
$this
->drupalGet('<front>');
// Try to log in again, reusing the previous CAPTCHA session.
$this
->assertSession()
->hiddenFieldExists("captcha_sid")
->setValue((string) $captcha_sid);
$this
->assertSession()
->hiddenFieldExists("captcha_token")
->setValue((string) $captcha_token);
$this
->assertNotEmpty(json_encode($edit));
$this
->submitForm($edit, 'Log in');
// CAPTCHA session reuse attack should be detected.
$this
->assertCaptchaSessionIdReuseAttackDetection();
// There should be a CAPTCHA.
$this
->assertCaptchaPresence(TRUE);
}