function UserLoginTest::testGlobalLoginFloodControl

Tests the global login flood control.

File

core/modules/user/tests/src/Functional/UserLoginTest.php, line 51

Class

UserLoginTest

Ensure that login works as expected.

Namespace

Code

public function testGlobalLoginFloodControl() {
    $this->config('user.flood')
        ->set('ip_limit', 10)
        ->set('user_limit', 4000)
        ->save();
    $user1 = $this->drupalCreateUser([]);
    $incorrect_user1 = clone $user1;
    $incorrect_user1->passRaw .= 'incorrect';
    // Try 2 failed logins.
    for ($i = 0; $i < 2; $i++) {
        $this->assertFailedLogin($incorrect_user1);
    }
    // A successful login will not reset the IP-based flood control count.
    $this->drupalLogin($user1);
    $this->drupalLogout();
    // Try 8 more failed logins, they should not trigger the flood control
    // mechanism.
    for ($i = 0; $i < 8; $i++) {
        $this->assertFailedLogin($incorrect_user1);
    }
    // The next login trial should result in an IP-based flood error message.
    $this->assertFailedLogin($incorrect_user1, 'ip');
    // A login with the correct password should also result in a flood error
    // message.
    $this->assertFailedLogin($user1, 'ip');
    // A login attempt after resetting the password should still fail, since the
    // IP-based flood control count is not cleared after a password reset.
    $this->resetUserPassword($user1);
    $this->drupalLogout();
    $this->assertFailedLogin($user1, 'ip');
    $this->assertSession()
        ->responseContains('Too many failed login attempts from your IP address.');
}