You are here

Home » API reference » Drupal 8 » UserPasswordResetTest.php » UserPasswordResetTest

public function UserPasswordResetTest::testUserResetPasswordIpFloodControl in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserResetPasswordIpFloodControl()

Tests password reset flood control for one IP.

File

core/modules/user/tests/src/Functional/UserPasswordResetTest.php, line 318

Class

UserPasswordResetTest
Ensure that password reset methods work as expected.

Namespace

Drupal\Tests\user\Functional

Code

public function testUserResetPasswordIpFloodControl() {
  \Drupal::configFactory()
    ->getEditable('user.flood')
    ->set('ip_limit', 3)
    ->save();

  // Try 3 requests that should not trigger flood control.
  for ($i = 0; $i < 3; $i++) {
    $this
      ->drupalGet('user/password');
    $edit = [
      'name' => $this
        ->randomMachineName(),
    ];
    $this
      ->drupalPostForm(NULL, $edit, t('Submit'));

    // Because we're testing with a random name, the password reset will not be valid.
    $this
      ->assertNoValidPasswordReset($edit['name']);
    $this
      ->assertNoPasswordIpFlood();
  }

  // The next request should trigger flood control.
  $this
    ->drupalGet('user/password');
  $edit = [
    'name' => $this
      ->randomMachineName(),
  ];
  $this
    ->drupalPostForm(NULL, $edit, t('Submit'));
  $this
    ->assertPasswordIpFlood();
}