You are here

public function LoginSecuritySoftBlockTest::testSoftBlocking in Login Security 8

Test soft blocking.

File

src/Tests/LoginSecuritySoftBlockTest.php, line 56

Class

LoginSecuritySoftBlockTest
Test Login Security's soft blocking restrictions.

Namespace

Drupal\login_security\Tests

Code

public function testSoftBlocking() {

  // Allow 3 attempts to login before being soft-blocking is enforced.
  $config = \Drupal::configFactory()
    ->getEditable('login_security.settings');
  $config
    ->set('user_wrong_count', 0)
    ->save();
  $config
    ->set('host_wrong_count', 2)
    ->save();

  // Remove notices.
  $config
    ->set('notice_attempts_available', 0)
    ->save();
  $normal_user = $this
    ->drupalCreateUser();
  $good_pass = $normal_user
    ->getPassword();

  // Intentionally break the password to repeat invalid logins.
  $new_pass = user_password();
  $normal_user
    ->setPassword($new_pass);
  $site_name = \Drupal::config('system.site')
    ->get('name');

  // First try.
  $this
    ->assertNoSoftBlocked($normal_user);

  // Second try.
  $this
    ->assertNoSoftBlocked($normal_user);

  // Remove error messages display.
  $config
    ->set('disable_core_login_error', 1)
    ->save();

  // Third try, still valid without soft blocking.
  $this
    ->assertNoSoftBlocked($normal_user);

  // Restore error messages.
  $config
    ->set('disable_core_login_error', 0)
    ->save();

  // 4th attempt, the host is not allowed this time.
  $this
    ->assertSoftBlocked($normal_user);

  // Try a normal login because it should be locked out now.
  $normal_user
    ->setPassword($good_pass);
  $this
    ->assertSoftBlocked($normal_user);
}