function UserPasswordResetTestCase::testPasswordResetFloodControlPerIp in Drupal 7

Test IP-based flood control on password reset.

File

modules/user/user.test, line 655

Tests for user.module.

Class

UserPasswordResetTestCase

Tests resetting a user password.

Code

function testPasswordResetFloodControlPerIp() {

  // Set a very low limit for testing.
  variable_set('user_pass_reset_ip_limit', 2);

  // Try 2 requests that should not trigger flood control.
  for ($i = 0; $i < 2; $i++) {
    $name = $this
      ->randomName();
    $edit = array(
      'name' => $name,
    );
    $this
      ->drupalPost('user/password', $edit, t('E-mail new password'));

    // Confirm the password reset was not blocked. Note that @name is used
    // instead of %name as assertText() works with plain text not HTML.
    $this
      ->assertText(t('Sorry, @name is not recognized as a user name or an e-mail address.', array(
      '@name' => $name,
    )), 'User name not recognized message displayed.');

    // Ensure that flood control was not triggered.
    $this
      ->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by password reset.');
  }

  // The next request should trigger flood control
  $name = $this
    ->randomName();
  $edit = array(
    'name' => $name,
  );
  $this
    ->drupalPost('user/password', $edit, t('E-mail new password'));

  // Confirm the password reset was blocked early. Note that @name is used
  // instead of %name as assertText() works with plain text not HTML.
  $this
    ->assertNoText(t('Sorry, @name is not recognized as a user name or an e-mail address.', array(
    '@name' => $name,
  )), 'User name not recognized message not displayed.');

  // Ensure that flood control was triggered.
  $this
    ->assertText(t('Sorry, too many password reset attempts from your IP address. This IP address is temporarily blocked.'), 'Flood control was triggered by excessive password resets from one IP.');
}