function UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared

Tests user password reset flood control is cleared on successful reset.

File

core/modules/user/tests/src/Functional/UserPasswordResetTest.php, line 469

Class

UserPasswordResetTest

Ensure that password reset methods work as expected.

Namespace

Code

public function testUserResetPasswordUserFloodControlIsCleared() : void {
  \Drupal::configFactory()->getEditable('user.flood')
    ->set('user_limit', 3)
    ->save();
  $edit = [
    'name' => $this->account
      ->getAccountName(),
  ];
  // Count email messages before to compare with after.
  $before = count($this->drupalGetMails([
    'id' => 'user_password_reset',
  ]));
  // Try 3 requests that should not trigger flood control.
  for ($i = 0; $i < 3; $i++) {
    $this->drupalGet('user/password');
    $this->submitForm($edit, 'Submit');
    $this->assertValidPasswordReset($edit['name']);
  }
  // Ensure 3 emails were sent.
  $this->assertCount($before + 3, $this->drupalGetMails([
    'id' => 'user_password_reset',
  ]), '3 emails sent without triggering flood control.');
  // Use the last password reset URL which was generated.
  $reset_url = $this->getResetURL();
  $this->drupalGet($reset_url . '/login');
  $this->assertSession()
    ->linkExists('Log out');
  $this->assertSession()
    ->titleEquals($this->account
    ->getAccountName() . ' | Drupal');
  $this->drupalLogout();
  // The next request should *not* trigger flood control, since a successful
  // password reset should have cleared flood events for this user.
  $this->drupalGet('user/password');
  $this->submitForm($edit, 'Submit');
  $this->assertValidPasswordReset($edit['name']);
  // Ensure another email was sent.
  $this->assertCount($before + 4, $this->drupalGetMails([
    'id' => 'user_password_reset',
  ]), 'Another email was sent after clearing flood control.');
}