function UserLoginHttpTest::testGlobalLoginFloodControl
Tests the global login flood control.
See also
\Drupal\basic_auth\Tests\Authentication\BasicAuthTest::testGlobalLoginFloodControl
\Drupal\user\Tests\UserLoginTest::testGlobalLoginFloodControl
File
-
core/
modules/ user/ tests/ src/ Functional/ UserLoginHttpTest.php, line 290
Class
- UserLoginHttpTest
- Tests login and password reset via direct HTTP.
Namespace
Drupal\Tests\user\FunctionalCode
public function testGlobalLoginFloodControl() {
$this->config('user.flood')
->set('ip_limit', 2)
->set('user_limit', 4000)
->save();
$user = $this->drupalCreateUser([]);
$incorrect_user = clone $user;
$incorrect_user->passRaw .= 'incorrect';
// Try 2 failed logins.
for ($i = 0; $i < 2; $i++) {
$response = $this->loginRequest($incorrect_user->getAccountName(), $incorrect_user->passRaw);
$this->assertEquals('400', $response->getStatusCode());
}
// IP limit has reached to its limit. Even valid user credentials will fail.
$response = $this->loginRequest($user->getAccountName(), $user->passRaw);
$this->assertHttpResponseWithMessage($response, '403', 'Access is blocked because of IP based flood prevention.');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.