public function BasicAuthTest::testPerUserLoginFloodControl in Drupal 9
Same name and namespace in other branches
- 8 core/modules/basic_auth/tests/src/Functional/BasicAuthTest.php \Drupal\Tests\basic_auth\Functional\BasicAuthTest::testPerUserLoginFloodControl()
Tests the per-user login flood control.
File
- core/
modules/ basic_auth/ tests/ src/ Functional/ BasicAuthTest.php, line 121
Class
- BasicAuthTest
- Tests for BasicAuth authentication provider.
Namespace
Drupal\Tests\basic_auth\FunctionalCode
public function testPerUserLoginFloodControl() {
$this
->config('user.flood')
->set('ip_limit', 4000)
->set('user_limit', 2)
->save();
$user = $this
->drupalCreateUser([]);
$incorrect_user = clone $user;
$incorrect_user->pass_raw .= 'incorrect';
$user2 = $this
->drupalCreateUser([]);
$url = Url::fromRoute('router_test.11');
// Try a failed login.
$this
->basicAuthGet($url, $incorrect_user
->getAccountName(), $incorrect_user->pass_raw);
// A successful login will reset the per-user flood control count.
$this
->basicAuthGet($url, $user
->getAccountName(), $user->pass_raw);
$this
->assertSession()
->statusCodeEquals(200);
// Try 2 failed logins for a user. They will trigger flood control.
for ($i = 0; $i < 2; $i++) {
$this
->basicAuthGet($url, $incorrect_user
->getAccountName(), $incorrect_user->pass_raw);
}
// Now the user account is blocked.
$this
->basicAuthGet($url, $user
->getAccountName(), $user->pass_raw);
$this
->assertSession()
->statusCodeEquals(403);
// Try one successful attempt for a different user, it should not trigger
// any flood control.
$this
->basicAuthGet($url, $user2
->getAccountName(), $user2->pass_raw);
$this
->assertSession()
->statusCodeEquals(200);
}