function UserLoginTestCase::testGlobalLoginFloodControl
Test the global login flood control.
File
-
modules/
user/ user.test, line 340
Class
- UserLoginTestCase
- Functional tests for user logins, including rate limiting of login attempts.
Code
function testGlobalLoginFloodControl() {
// Set the global login limit.
variable_set('user_failed_login_ip_limit', 10);
// Set a high per-user limit out so that it is not relevant in the test.
variable_set('user_failed_login_user_limit', 4000);
$user1 = $this->drupalCreateUser(array());
$incorrect_user1 = clone $user1;
$incorrect_user1->pass_raw .= 'incorrect';
// Try 2 failed logins.
for ($i = 0; $i < 2; $i++) {
$this->assertFailedLogin($incorrect_user1);
}
// A successful login will not reset the IP-based flood control count.
$this->drupalLogin($user1);
$this->drupalLogout();
// Try 8 more failed logins, they should not trigger the flood control
// mechanism.
for ($i = 0; $i < 8; $i++) {
$this->assertFailedLogin($incorrect_user1);
}
// The next login trial should result in an IP-based flood error message.
$this->assertFailedLogin($incorrect_user1, 'ip');
// A login with the correct password should also result in a flood error
// message.
$this->assertFailedLogin($user1, 'ip');
// A login attempt after resetting the password should still fail, since the
// IP-based flood control count is not cleared after a password reset.
$this->resetUserPassword($user1);
$this->drupalLogout();
$this->assertFailedLogin($user1, 'ip');
$this->assertRaw(t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array(
'@url' => url('user/password'),
)));
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.