You are here

public function UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared()

Tests user password reset flood control is cleared on successful reset.

File

core/modules/user/tests/src/Functional/UserPasswordResetTest.php, line 450

Class

UserPasswordResetTest
Ensure that password reset methods work as expected.

Namespace

Drupal\Tests\user\Functional

Code

public function testUserResetPasswordUserFloodControlIsCleared() {
  \Drupal::configFactory()
    ->getEditable('user.flood')
    ->set('user_limit', 3)
    ->save();
  $edit = [
    'name' => $this->account
      ->getAccountName(),
  ];

  // Count email messages before to compare with after.
  $before = count($this
    ->drupalGetMails([
    'id' => 'user_password_reset',
  ]));

  // Try 3 requests that should not trigger flood control.
  for ($i = 0; $i < 3; $i++) {
    $this
      ->drupalGet('user/password');
    $this
      ->submitForm($edit, 'Submit');
    $this
      ->assertValidPasswordReset($edit['name']);
  }

  // Ensure 3 emails were sent.
  $this
    ->assertCount($before + 3, $this
    ->drupalGetMails([
    'id' => 'user_password_reset',
  ]), '3 emails sent without triggering flood control.');

  // Use the last password reset URL which was generated.
  $reset_url = $this
    ->getResetURL();
  $this
    ->drupalGet($reset_url . '/login');
  $this
    ->assertSession()
    ->linkExists('Log out');
  $this
    ->assertSession()
    ->titleEquals($this->account
    ->getAccountName() . ' | Drupal');
  $this
    ->drupalLogout();

  // The next request should *not* trigger flood control, since a successful
  // password reset should have cleared flood events for this user.
  $this
    ->drupalGet('user/password');
  $this
    ->submitForm($edit, 'Submit');
  $this
    ->assertValidPasswordReset($edit['name']);

  // Ensure another email was sent.
  $this
    ->assertCount($before + 4, $this
    ->drupalGetMails([
    'id' => 'user_password_reset',
  ]), 'Another email was sent after clearing flood control.');
}