function UserLoginHttpTest::testGlobalLoginFloodControl

Tests the global login flood control.

File

core/modules/user/tests/src/Functional/UserLoginHttpTest.php, line 290

Class

UserLoginHttpTest: Tests login and password reset via direct HTTP.

Namespace

Code

public function testGlobalLoginFloodControl() {
    $this->config('user.flood')
        ->set('ip_limit', 2)
        ->set('user_limit', 4000)
        ->save();
    $user = $this->drupalCreateUser([]);
    $incorrect_user = clone $user;
    $incorrect_user->passRaw .= 'incorrect';
    // Try 2 failed logins.
    for ($i = 0; $i < 2; $i++) {
        $response = $this->loginRequest($incorrect_user->getAccountName(), $incorrect_user->passRaw);
        $this->assertEquals('400', $response->getStatusCode());
    }
    // IP limit has reached to its limit. Even valid user credentials will fail.
    $response = $this->loginRequest($user->getAccountName(), $user->passRaw);
    $this->assertHttpResponseWithMessage($response, '403', 'Access is blocked because of IP based flood prevention.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

function UserLoginHttpTest::testGlobalLoginFloodControl

See also

File

Class

Namespace

Code

Search drupal 8.9.x

API Navigation

Breadcrumb

function UserLoginHttpTest::testGlobalLoginFloodControl

See also

File

Class

Namespace

Code

Search drupal 8.9.x

API Navigation