You are here

Home » API reference » Drupal 8 » UserPasswordResetTest.php » UserPasswordResetTest

public function UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared()

Tests user password reset flood control is cleared on successful reset.

File

core/modules/user/tests/src/Functional/UserPasswordResetTest.php, line 343

Class

UserPasswordResetTest
Ensure that password reset methods work as expected.

Namespace

Drupal\Tests\user\Functional

Code

public function testUserResetPasswordUserFloodControlIsCleared() {
  \Drupal::configFactory()
    ->getEditable('user.flood')
    ->set('user_limit', 3)
    ->save();
  $edit = [
    'name' => $this->account
      ->getAccountName(),
  ];

  // Try 3 requests that should not trigger flood control.
  for ($i = 0; $i < 3; $i++) {
    $this
      ->drupalGet('user/password');
    $this
      ->drupalPostForm(NULL, $edit, t('Submit'));
    $this
      ->assertValidPasswordReset($edit['name']);
    $this
      ->assertNoPasswordUserFlood();
  }

  // Use the last password reset URL which was generated.
  $reset_url = $this
    ->getResetURL();
  $this
    ->drupalGet($reset_url . '/login');
  $this
    ->assertSession()
    ->linkExists(t('Log out'));
  $this
    ->assertTitle($this->account
    ->getAccountName() . ' | Drupal');
  $this
    ->drupalLogout();

  // The next request should *not* trigger flood control, since a successful
  // password reset should have cleared flood events for this user.
  $this
    ->drupalGet('user/password');
  $this
    ->drupalPostForm(NULL, $edit, t('Submit'));
  $this
    ->assertValidPasswordReset($edit['name']);
  $this
    ->assertNoPasswordUserFlood();
}