You are here

Home » API reference » Drupal 9 » UserPasswordResetTest.php » UserPasswordResetTest

public function UserPasswordResetTest::testUserResetPasswordIpFloodControl in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserResetPasswordIpFloodControl()

Tests password reset flood control for one IP.

File

core/modules/user/tests/src/Functional/UserPasswordResetTest.php, line 424

Class

UserPasswordResetTest
Ensure that password reset methods work as expected.

Namespace

Drupal\Tests\user\Functional

Code

public function testUserResetPasswordIpFloodControl() {
  \Drupal::configFactory()
    ->getEditable('user.flood')
    ->set('ip_limit', 3)
    ->save();

  // Try 3 requests that should not trigger flood control.
  for ($i = 0; $i < 3; $i++) {
    $this
      ->drupalGet('user/password');
    $random_name = $this
      ->randomMachineName();
    $edit = [
      'name' => $random_name,
    ];
    $this
      ->submitForm($edit, 'Submit');

    // Because we're testing with a random name, the password reset will not be valid.
    $this
      ->assertNoValidPasswordReset($random_name);
    $this
      ->assertNoPasswordIpFlood();
  }

  // The next request should trigger flood control.
  $this
    ->drupalGet('user/password');
  $edit = [
    'name' => $this
      ->randomMachineName(),
  ];
  $this
    ->submitForm($edit, 'Submit');
  $this
    ->assertPasswordIpFlood();
}