You are here

Home » API reference » Drupal 8 » UserLoginHttpTest.php » UserLoginHttpTest

public function UserLoginHttpTest::testGlobalLoginFloodControl in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/user/tests/src/Functional/UserLoginHttpTest.php \Drupal\Tests\user\Functional\UserLoginHttpTest::testGlobalLoginFloodControl()

Tests the global login flood control.

See also

\Drupal\basic_auth\Tests\Authentication\BasicAuthTest::testGlobalLoginFloodControl

\Drupal\user\Tests\UserLoginTest::testGlobalLoginFloodControl

File

core/modules/user/tests/src/Functional/UserLoginHttpTest.php, line 290

Class

UserLoginHttpTest
Tests login and password reset via direct HTTP.

Namespace

Drupal\Tests\user\Functional

Code

public function testGlobalLoginFloodControl() {
  $this
    ->config('user.flood')
    ->set('ip_limit', 2)
    ->set('user_limit', 4000)
    ->save();
  $user = $this
    ->drupalCreateUser([]);
  $incorrect_user = clone $user;
  $incorrect_user->passRaw .= 'incorrect';

  // Try 2 failed logins.
  for ($i = 0; $i < 2; $i++) {
    $response = $this
      ->loginRequest($incorrect_user
      ->getAccountName(), $incorrect_user->passRaw);
    $this
      ->assertEquals('400', $response
      ->getStatusCode());
  }

  // IP limit has reached to its limit. Even valid user credentials will fail.
  $response = $this
    ->loginRequest($user
    ->getAccountName(), $user->passRaw);
  $this
    ->assertHttpResponseWithMessage($response, '403', 'Access is blocked because of IP based flood prevention.');
}