public function UserLoginHttpTest::testGlobalLoginFloodControl in Drupal 8
Same name and namespace in other branches
- 9 core/modules/user/tests/src/Functional/UserLoginHttpTest.php \Drupal\Tests\user\Functional\UserLoginHttpTest::testGlobalLoginFloodControl()
Tests the global login flood control.
See also
\Drupal\basic_auth\Tests\Authentication\BasicAuthTest::testGlobalLoginFloodControl
\Drupal\user\Tests\UserLoginTest::testGlobalLoginFloodControl
File
- core/
modules/ user/ tests/ src/ Functional/ UserLoginHttpTest.php, line 290
Class
- UserLoginHttpTest
- Tests login and password reset via direct HTTP.
Namespace
Drupal\Tests\user\FunctionalCode
public function testGlobalLoginFloodControl() {
$this
->config('user.flood')
->set('ip_limit', 2)
->set('user_limit', 4000)
->save();
$user = $this
->drupalCreateUser([]);
$incorrect_user = clone $user;
$incorrect_user->passRaw .= 'incorrect';
// Try 2 failed logins.
for ($i = 0; $i < 2; $i++) {
$response = $this
->loginRequest($incorrect_user
->getAccountName(), $incorrect_user->passRaw);
$this
->assertEquals('400', $response
->getStatusCode());
}
// IP limit has reached to its limit. Even valid user credentials will fail.
$response = $this
->loginRequest($user
->getAccountName(), $user->passRaw);
$this
->assertHttpResponseWithMessage($response, '403', 'Access is blocked because of IP based flood prevention.');
}