You are here

Home » API reference » Drupal 9 » UserLoginTest.php » UserLoginTest

public function UserLoginTest::assertFailedLogin in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/user/tests/src/Functional/UserLoginTest.php \Drupal\Tests\user\Functional\UserLoginTest::assertFailedLogin()

Make an unsuccessful login attempt.

Parameters

\Drupal\user\Entity\User $account: A user object with name and passRaw attributes for the login attempt.

mixed $flood_trigger: (optional) Whether or not to expect that the flood control mechanism will be triggered. Defaults to NULL.

  • Set to 'user' to expect a 'too many failed logins error.
  • Set to any value to expect an error for too many failed logins per IP

.

  • Set to NULL to expect a failed login.
2 calls to UserLoginTest::assertFailedLogin()
UserLoginTest::testGlobalLoginFloodControl in core/modules/user/tests/src/Functional/UserLoginTest.php
Tests the global login flood control.
UserLoginTest::testPerUserLoginFloodControl in core/modules/user/tests/src/Functional/UserLoginTest.php
Tests the per-user login flood control.

File

core/modules/user/tests/src/Functional/UserLoginTest.php, line 199

Class

UserLoginTest
Ensure that login works as expected.

Namespace

Drupal\Tests\user\Functional

Code

public function assertFailedLogin($account, $flood_trigger = NULL) {
  $database = \Drupal::database();
  $edit = [
    'name' => $account
      ->getAccountName(),
    'pass' => $account->passRaw,
  ];
  $this
    ->drupalGet('user/login');
  $this
    ->submitForm($edit, 'Log in');
  if (isset($flood_trigger)) {
    $this
      ->assertSession()
      ->statusCodeEquals(403);
    $this
      ->assertSession()
      ->fieldNotExists('pass');
    $last_log = $database
      ->select('watchdog', 'w')
      ->fields('w', [
      'message',
    ])
      ->condition('type', 'user')
      ->orderBy('wid', 'DESC')
      ->range(0, 1)
      ->execute()
      ->fetchField();
    if ($flood_trigger == 'user') {
      $this
        ->assertSession()
        ->pageTextMatches("/There (has|have) been more than \\w+ failed login attempt.* for this account. It is temporarily blocked. Try again later or request a new password./");
      $this
        ->assertSession()
        ->linkExists("request a new password");
      $this
        ->assertSession()
        ->linkByHrefExists(Url::fromRoute('user.pass')
        ->toString());
      $this
        ->assertEquals('Flood control blocked login attempt for uid %uid from %ip', $last_log, 'A watchdog message was logged for the login attempt blocked by flood control per user.');
    }
    else {

      // No uid, so the limit is IP-based.
      $this
        ->assertSession()
        ->pageTextContains("Too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or request a new password.");
      $this
        ->assertSession()
        ->linkExists("request a new password");
      $this
        ->assertSession()
        ->linkByHrefExists(Url::fromRoute('user.pass')
        ->toString());
      $this
        ->assertEquals('Flood control blocked login attempt from %ip', $last_log, 'A watchdog message was logged for the login attempt blocked by flood control per IP.');
    }
  }
  else {
    $this
      ->assertSession()
      ->statusCodeEquals(200);
    $this
      ->assertSession()
      ->fieldValueEquals('pass', '');
    $this
      ->assertSession()
      ->pageTextContains('Unrecognized username or password. Forgot your password?');
  }
}