public function TfaRecoveryCodePluginTest::testRecoveryCodeValidation in Two-factor Authentication (TFA) 8
Check that the user can login with recovery codes.
File
- tests/
src/ Functional/ TfaRecoveryCodePluginTest.php, line 144
Class
- TfaRecoveryCodePluginTest
- Class TfaRecoveryCodeSetupPluginTest.
Namespace
Drupal\Tests\tfa\FunctionalCode
public function testRecoveryCodeValidation() {
// Login the user, generate and save some codes, then log back out.
$this
->drupalLogin($this->userAccount);
$assert = $this
->assertSession();
$codes = $this->validationPlugin
->generateCodes();
$this->validationPlugin
->storeCodes($codes);
$this
->drupalLogout();
// Password form.
$edit = [
'name' => $this->userAccount
->getAccountName(),
'pass' => $this->userAccount->passRaw,
];
$this
->drupalPostForm('user/login', $edit, 'Log in');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Enter one of your recovery codes');
// Try an invalid code.
$edit = [
'code' => 'definitely not real',
];
$this
->submitForm($edit, 'Verify');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Invalid recovery code.');
// Try a valid code.
$edit['code'] = $codes[0];
$this
->submitForm($edit, 'Verify');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains($this->userAccount
->getDisplayName());
$assert
->assert($this->userAccount
->isAuthenticated(), 'User is logged in.');
// Try replay attack with a valid code that has already been used.
$this
->drupalLogout();
$edit = [
'name' => $this->userAccount
->getAccountName(),
'pass' => $this->userAccount->passRaw,
];
$this
->drupalPostForm('user/login', $edit, 'Log in');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Enter one of your recovery codes');
$edit = [
'code' => $codes[0],
];
$this
->submitForm($edit, 'Verify');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Invalid recovery code.');
}