You are here

Home » API reference » Login Security 7 » login_security.test » LoginSecuritySoftBlockTest

public function LoginSecuritySoftBlockTest::testSoftBlocking in Login Security 7

Same name and namespace in other branches
  1. 6 login_security.test \LoginSecuritySoftBlockTest::testSoftBlocking()

Test soft blocking.

File

./login_security.test, line 261
Test the basic functions of the Login Security module.

Class

LoginSecuritySoftBlockTest
Test login_security soft blocks.

Code

public function testSoftBlocking() {
  $login_attempts_limit = 3;

  // Allow 3 attempts to login before being soft-blocking is enforced.
  variable_set('login_security_user_wrong_count', 0);
  variable_set('login_security_host_wrong_count', 2);

  // Remove notices.
  variable_set('login_security_notice_attempts_available', 0);
  $normal_user = $this
    ->drupalCreateUser(array(
    'access content',
  ));
  $good_pass = $normal_user->pass_raw;

  // Intentionally break the password to repeat invalid logins.
  $normal_user->pass_raw = user_password();
  $site_name = variable_get('site_name', 'drupal');

  // drupalLogin() has assertions that we know will fail, so we must skip
  // them with an alternate function.
  $this
    ->drupalLoginLite($normal_user);
  $this
    ->assertNoText("This host is not allowed to log in", t('Soft-blocked notice does not display.'));
  $this
    ->assertNoText("The user {$normal_user->name} has been blocked due to failed login attempts.", t('User is not blocked.'));
  $this
    ->assertFieldByName('form_id', 'user_login', t('Login form found.'));

  // Second try.
  $this
    ->drupalLoginLite($normal_user);
  $this
    ->assertNoText("This host is not allowed to log in", t('Soft-blocked notice does not display.'));
  $this
    ->assertNoText("The user {$normal_user->name} has been blocked due to failed login attempts.", t('User is not blocked.'));
  $this
    ->assertFieldByName('form_id', 'user_login', t('Login form found.'));
  $this
    ->assertFieldByName('op', 'Log in', t('Submit button found.'));

  // Remove error messages.
  variable_set('login_security_disable_core_login_error', 1);

  // Third try, still valid without soft blocking.
  $this
    ->drupalLoginLite($normal_user);
  $this
    ->assertNoText("This host is not allowed to log in", t('Soft-block message does not display.'));
  $this
    ->assertFieldByName('form_id', 'user_login', t('Login form found.'));

  // Restore error messages.
  variable_set('login_security_disable_core_login_error', 0);

  // 4th attempt, the host is not allowed this time.
  $this
    ->drupalLoginLite($normal_user);
  $this
    ->assertText("This host is not allowed to log in", t('Soft-block message displays.'));
  $this
    ->assertFieldByName('form_id', 'user_login', t('Login form found.'));

  // Try a normal login because it should be locked out now.
  $normal_user->pass_raw = $good_pass;
  $this
    ->drupalLoginLite($normal_user);
  $this
    ->assertText("This host is not allowed to log in", t('Soft-block message displays.'));
  $this
    ->assertFieldByName('form_id', 'user_login', t('Login form found.'));
}