You are here

Home » API reference » Drupal 7 » user.test » UserPasswordResetTestCase

function UserPasswordResetTestCase::testPasswordResetFloodControlPerUser in Drupal 7

Test user-based flood control on password reset.

File

modules/user/user.test, line 607
Tests for user.module.

Class

UserPasswordResetTestCase
Tests resetting a user password.

Code

function testPasswordResetFloodControlPerUser() {

  // Set a very low limit for testing.
  variable_set('user_pass_reset_user_limit', 2);

  // Create a user.
  $account = $this
    ->drupalCreateUser();
  $this
    ->drupalLogin($account);
  $this
    ->drupalLogout();
  $edit = array(
    'name' => $account->name,
  );

  // Try 2 requests that should not trigger flood control.
  for ($i = 0; $i < 2; $i++) {
    $this
      ->drupalPost('user/password', $edit, t('E-mail new password'));

    // Confirm the password reset.
    $this
      ->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.');

    // Ensure that flood control was not triggered.
    $this
      ->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by password reset.');
  }

  // A successful password reset should clear flood events.
  $resetURL = $this
    ->getResetURL();
  $this
    ->drupalGet($resetURL);

  // Check successful login.
  $this
    ->drupalPost(NULL, NULL, t('Log in'));
  $this
    ->drupalLogout();

  // Try 2 requests that should not trigger flood control.
  for ($i = 0; $i < 2; $i++) {
    $this
      ->drupalPost('user/password', $edit, t('E-mail new password'));

    // Confirm the password reset.
    $this
      ->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.');

    // Ensure that flood control was not triggered.
    $this
      ->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by password reset.');
  }

  // The next request should trigger flood control
  $this
    ->drupalPost('user/password', $edit, t('E-mail new password'));

  // Confirm the password reset was blocked.
  $this
    ->assertNoText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message not displayed for excessive password resets.');

  // Ensure that flood control was triggered.
  $this
    ->assertText(t('Sorry, there have been more than 2 password reset attempts for this account. It is temporarily blocked.'), 'Flood control was triggered by excessive password resets for one user.');
}