function BasicAuthTest::testPerUserLoginFloodControl in Zircon Profile 8.0
Same name and namespace in other branches
- 8 core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php \Drupal\basic_auth\Tests\Authentication\BasicAuthTest::testPerUserLoginFloodControl()
Test the per-user login flood control.
File
- core/
modules/ basic_auth/ src/ Tests/ Authentication/ BasicAuthTest.php, line 108 - Contains \Drupal\basic_auth\Tests\Authentication\BasicAuthTest.
Class
- BasicAuthTest
- Tests for BasicAuth authentication provider.
Namespace
Drupal\basic_auth\Tests\AuthenticationCode
function testPerUserLoginFloodControl() {
$this
->config('user.flood')
->set('ip_limit', 4000)
->set('user_limit', 2)
->save();
$user = $this
->drupalCreateUser(array());
$incorrect_user = clone $user;
$incorrect_user->pass_raw .= 'incorrect';
$user2 = $this
->drupalCreateUser(array());
$url = Url::fromRoute('router_test.11');
// Try a failed login.
$this
->basicAuthGet($url, $incorrect_user
->getUsername(), $incorrect_user->pass_raw);
// A successful login will reset the per-user flood control count.
$this
->basicAuthGet($url, $user
->getUsername(), $user->pass_raw);
$this
->assertResponse('200', 'Per user flood prevention gets reset on a successful login.');
// Try 2 failed logins for a user. They will trigger flood control.
for ($i = 0; $i < 2; $i++) {
$this
->basicAuthGet($url, $incorrect_user
->getUsername(), $incorrect_user->pass_raw);
}
// Now the user account is blocked.
$this
->basicAuthGet($url, $user
->getUsername(), $user->pass_raw);
$this
->assertResponse('403', 'The user account is blocked due to per user flood prevention.');
// Try one successful attempt for a different user, it should not trigger
// any flood control.
$this
->basicAuthGet($url, $user2
->getUsername(), $user2->pass_raw);
$this
->assertResponse('200', 'Per user flood prevention does not block access for other users.');
}