function UserLoginHttpTest::doTestGlobalLoginFloodControl

Same name in other branches
  1. 10 core/modules/user/tests/src/Functional/UserLoginHttpTest.php \Drupal\Tests\user\Functional\UserLoginHttpTest::doTestGlobalLoginFloodControl()
  2. 11.x core/modules/user/tests/src/Functional/UserLoginHttpTest.php \Drupal\Tests\user\Functional\UserLoginHttpTest::doTestGlobalLoginFloodControl()

Tests the global login flood control for a given serialization format.

Parameters

string $format: The encoded format.

See also

\Drupal\basic_auth\Authentication\Provider\BasicAuthTest::testGlobalLoginFloodControl

\Drupal\Tests\user\Functional\UserLoginTest::testGlobalLoginFloodControl

2 calls to UserLoginHttpTest::doTestGlobalLoginFloodControl()
UserHalLoginHttpTest::testPasswordReset in core/modules/hal/tests/src/Functional/user/UserHalLoginHttpTest.php
Tests user password reset.
UserLoginHttpTest::testPasswordReset in core/modules/user/tests/src/Functional/UserLoginHttpTest.php
Tests user password reset.

File

core/modules/user/tests/src/Functional/UserLoginHttpTest.php, line 297

Class

UserLoginHttpTest
Tests login and password reset via direct HTTP.

Namespace

Drupal\Tests\user\Functional

Code

public function doTestGlobalLoginFloodControl(string $format) : void {
    $database = \Drupal::database();
    $this->config('user.flood')
        ->set('ip_limit', 2)
        ->set('user_limit', 4000)
        ->save();
    $user = $this->drupalCreateUser([]);
    $incorrect_user = clone $user;
    $incorrect_user->passRaw .= 'incorrect';
    // Try 2 failed logins.
    for ($i = 0; $i < 2; $i++) {
        $response = $this->loginRequest($incorrect_user->getAccountName(), $incorrect_user->passRaw, $format);
        $this->assertEquals('400', $response->getStatusCode());
    }
    // IP limit has reached to its limit. Even valid user credentials will fail.
    $response = $this->loginRequest($user->getAccountName(), $user->passRaw, $format);
    $this->assertHttpResponseWithMessage($response, '403', 'Access is blocked because of IP based flood prevention.', $format);
    $last_log = $database->select('watchdog', 'w')
        ->fields('w', [
        'message',
    ])
        ->condition('type', 'user')
        ->orderBy('wid', 'DESC')
        ->range(0, 1)
        ->execute()
        ->fetchField();
    $this->assertEquals('Flood control blocked login attempt from %ip', $last_log, 'A watchdog message was logged for the login attempt blocked by flood control per IP.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.