function UserPasswordResetTest::testUserResetPasswordUserFloodControlAdmin

Same name in other branches
  1. 11.x core/modules/user/tests/src/Functional/UserPasswordResetTest.php \Drupal\Tests\user\Functional\UserPasswordResetTest::testUserResetPasswordUserFloodControlAdmin()

Tests user password reset flood control is cleared on admin reset.

File

core/modules/user/tests/src/Functional/UserPasswordResetTest.php, line 509

Class

UserPasswordResetTest
Ensure that password reset methods work as expected.

Namespace

Drupal\Tests\user\Functional

Code

public function testUserResetPasswordUserFloodControlAdmin() : void {
    $admin_user = $this->drupalCreateUser([
        'administer account settings',
        'administer users',
    ]);
    \Drupal::configFactory()->getEditable('user.flood')
        ->set('user_limit', 3)
        ->save();
    $edit = [
        'name' => $this->account
            ->getAccountName(),
        'pass' => 'wrong_password',
    ];
    // Try 3 requests that should not trigger flood control.
    for ($i = 0; $i < 3; $i++) {
        $this->drupalGet('user/login');
        $this->submitForm($edit, 'Log in');
        $this->assertSession()
            ->pageTextNotContains('There have been more than 3 failed login attempts for this account. It is temporarily blocked.');
    }
    $this->drupalGet('user/login');
    $this->submitForm($edit, 'Log in');
    $this->assertSession()
        ->pageTextContains('There have been more than 3 failed login attempts for this account. It is temporarily blocked.');
    $password = $this->randomMachineName();
    $edit = [
        'pass[pass1]' => $password,
        'pass[pass2]' => $password,
    ];
    // Log in as admin and change the user password.
    $this->drupalLogin($admin_user);
    $this->drupalGet('user/' . $this->account
        ->id() . '/edit');
    $this->submitForm($edit, 'Save');
    $this->drupalLogout();
    $edit = [
        'name' => $this->account
            ->getAccountName(),
        'pass' => $password,
    ];
    // The next request should *not* trigger flood control, since the
    // password change should have cleared flood events for this user.
    $this->account->passRaw = $password;
    $this->drupalLogin($this->account);
    $this->assertSession()
        ->pageTextNotContains('There have been more than 3 failed login attempts for this account. It is temporarily blocked.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.