You are here

Home » API reference » Login Security 6 » login_security.test » LoginSecuritySoftBlockTest

function LoginSecuritySoftBlockTest::testSoftBlocking in Login Security 6

Same name and namespace in other branches
  1. 7 login_security.test \LoginSecuritySoftBlockTest::testSoftBlocking()

File

./login_security.test, line 203
Test the basic functions of the Login Security module.

Class

LoginSecuritySoftBlockTest

Code

function testSoftBlocking() {
  $login_attempts_limit = 3;

  // allow 3 attempts to login before being soft-blocking is enforced
  variable_set('login_security_user_wrong_count', 0);
  variable_set('login_security_host_wrong_count', 2);

  // remove notices
  variable_set('login_security_notice_attempts_available', 0);
  $normal_user = $this
    ->drupalCreateUser(array(
    'access content',
  ));
  $good_pass = $normal_user->pass_raw;

  // intentionally break the password to repeat invalid logins
  $normal_user->pass_raw = user_password();
  $site_name = variable_get('site_name', 'drupal');

  // drupalLogin() has assertions that we know will fail, so we must skip them with an alternate function
  $this
    ->drupalLoginLite($normal_user);
  $this
    ->assertNoText("This host is not allowed to log in", t('Soft-blocked notice does not display.'));
  $this
    ->assertNoText("The user {$normal_user->name} has been blocked due to failed login attempts.", t('User is not blocked.'));
  $this
    ->assertFieldByName('form_id', 'user_login', t('Login form found.'));

  // Second try
  $this
    ->drupalLoginLite($normal_user);
  $this
    ->assertNoText("This host is not allowed to log in", t('Soft-blocked notice does not display.'));
  $this
    ->assertNoText("The user {$normal_user->name} has been blocked due to failed login attempts.", t('User is not blocked.'));
  $this
    ->assertFieldByName('form_id', 'user_login', t('Login form found.'));
  $this
    ->assertFieldByName('op', 'Log in', t('Submit button found.'));

  // remove error messages
  variable_set('login_security_disable_core_login_error', 1);

  // Third try, still valid without soft blocking
  $this
    ->drupalLoginLite($normal_user);
  $this
    ->assertNoText("This host is not allowed to log in", t('Soft-block message does not display.'));
  $this
    ->assertFieldByName('form_id', 'user_login', t('Login form found.'));

  // restore error messages
  variable_set('login_security_disable_core_login_error', 0);

  // 4th attempt, the host is not allowed this time
  $this
    ->drupalLoginLite($normal_user);
  $this
    ->assertText("This host is not allowed to log in", t('Soft-block message displays.'));
  $this
    ->assertFieldByName('form_id', 'user_login', t('Login form found.'));

  // try a normal login because it should be locked out now
  $normal_user->pass_raw = $good_pass;
  $this
    ->drupalLoginLite($normal_user);
  $this
    ->assertText("This host is not allowed to log in", t('Soft-block message displays.'));
  $this
    ->assertFieldByName('form_id', 'user_login', t('Login form found.'));
}