function UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared
Same name in other branches
- 9 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared()
- 8.9.x core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared()
- 10 core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared()
Tests user password reset flood control is cleared on successful reset.
File
-
core/
modules/ user/ tests/ src/ Functional/ UserPasswordResetTest.php, line 468
Class
- UserPasswordResetTest
- Ensure that password reset methods work as expected.
Namespace
Drupal\Tests\user\FunctionalCode
public function testUserResetPasswordUserFloodControlIsCleared() : void {
\Drupal::configFactory()->getEditable('user.flood')
->set('user_limit', 3)
->save();
$edit = [
'name' => $this->account
->getAccountName(),
];
// Count email messages before to compare with after.
$before = count($this->drupalGetMails([
'id' => 'user_password_reset',
]));
// Try 3 requests that should not trigger flood control.
for ($i = 0; $i < 3; $i++) {
$this->drupalGet('user/password');
$this->submitForm($edit, 'Submit');
$this->assertValidPasswordReset($edit['name']);
}
// Ensure 3 emails were sent.
$this->assertCount($before + 3, $this->drupalGetMails([
'id' => 'user_password_reset',
]), '3 emails sent without triggering flood control.');
// Use the last password reset URL which was generated.
$reset_url = $this->getResetURL();
$this->drupalGet($reset_url . '/login');
$this->assertSession()
->linkExists('Log out');
$this->assertSession()
->titleEquals($this->account
->getAccountName() . ' | Drupal');
$this->drupalLogout();
// The next request should *not* trigger flood control, since a successful
// password reset should have cleared flood events for this user.
$this->drupalGet('user/password');
$this->submitForm($edit, 'Submit');
$this->assertValidPasswordReset($edit['name']);
// Ensure another email was sent.
$this->assertCount($before + 4, $this->drupalGetMails([
'id' => 'user_password_reset',
]), 'Another email was sent after clearing flood control.');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.