function UserPasswordResetTestCase::testPasswordResetFloodControlPerIp
Test IP-based flood control on password reset.
File
-
modules/
user/ user.test, line 678
Class
- UserPasswordResetTestCase
- Tests resetting a user password.
Code
function testPasswordResetFloodControlPerIp() {
// Set a very low limit for testing.
variable_set('user_pass_reset_ip_limit', 2);
// Try 2 requests that should not trigger flood control.
for ($i = 0; $i < 2; $i++) {
$name = $this->randomName();
$edit = array(
'name' => $name,
);
$this->drupalPost('user/password', $edit, t('E-mail new password'));
// Confirm the password reset was not blocked.
$password_reset_text = variable_get('user_password_reset_text', t('If %identifier is a valid account, an email will be sent with instructions to reset your password.'));
$this->assertRaw(format_string($password_reset_text, array(
'%identifier' => $name,
)), 'Password reset instructions mailed message displayed.');
// Ensure that flood control was not triggered.
$this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by password reset.');
}
// The next request should trigger flood control
$name = $this->randomName();
$edit = array(
'name' => $name,
);
$this->drupalPost('user/password', $edit, t('E-mail new password'));
// Confirm the password reset was blocked early. Note that @name is used
// instead of %name as assertText() works with plain text not HTML.
$this->assertNoText(t('Sorry, @name is not recognized as a user name or an e-mail address.', array(
'@name' => $name,
)), 'User name not recognized message not displayed.');
// Ensure that flood control was triggered.
$this->assertText(t('Sorry, too many password reset attempts from your IP address. This IP address is temporarily blocked.'), 'Flood control was triggered by excessive password resets from one IP.');
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.