function UserLoginTest::testPerUserLoginFloodControl

Same name and namespace in other branches
  1. 9 core/modules/user/tests/src/Functional/UserLoginTest.php \Drupal\Tests\user\Functional\UserLoginTest::testPerUserLoginFloodControl()
  2. 10 core/modules/user/tests/src/Functional/UserLoginTest.php \Drupal\Tests\user\Functional\UserLoginTest::testPerUserLoginFloodControl()
  3. 11.x core/modules/user/tests/src/Functional/UserLoginTest.php \Drupal\Tests\user\Functional\UserLoginTest::testPerUserLoginFloodControl()

Test the per-user login flood control.

File

core/modules/user/tests/src/Functional/UserLoginTest.php, line 77

Class

UserLoginTest
Ensure that login works as expected.

Namespace

Drupal\Tests\user\Functional

Code

public function testPerUserLoginFloodControl() {
    $this->config('user.flood')
        ->set('ip_limit', 4000)
        ->set('user_limit', 3)
        ->save();
    $user1 = $this->drupalCreateUser([]);
    $incorrect_user1 = clone $user1;
    $incorrect_user1->passRaw .= 'incorrect';
    $user2 = $this->drupalCreateUser([]);
    // Try 2 failed logins.
    for ($i = 0; $i < 2; $i++) {
        $this->assertFailedLogin($incorrect_user1);
    }
    // A successful login will reset the per-user flood control count.
    $this->drupalLogin($user1);
    $this->drupalLogout();
    // Try 3 failed logins for user 1, they will not trigger flood control.
    for ($i = 0; $i < 3; $i++) {
        $this->assertFailedLogin($incorrect_user1);
    }
    // Try one successful attempt for user 2, it should not trigger any
    // flood control.
    $this->drupalLogin($user2);
    $this->drupalLogout();
    // Try one more attempt for user 1, it should be rejected, even if the
    // correct password has been used.
    $this->assertFailedLogin($user1, 'user');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.