function UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared

Tests user password reset flood control is cleared on successful reset.

File

core/modules/user/tests/src/Functional/UserPasswordResetTest.php, line 343

Class

UserPasswordResetTest

Ensure that password reset methods work as expected.

Namespace

Code

public function testUserResetPasswordUserFloodControlIsCleared() {
    \Drupal::configFactory()->getEditable('user.flood')
        ->set('user_limit', 3)
        ->save();
    $edit = [
        'name' => $this->account
            ->getAccountName(),
    ];
    // Try 3 requests that should not trigger flood control.
    for ($i = 0; $i < 3; $i++) {
        $this->drupalGet('user/password');
        $this->drupalPostForm(NULL, $edit, t('Submit'));
        $this->assertValidPasswordReset($edit['name']);
        $this->assertNoPasswordUserFlood();
    }
    // Use the last password reset URL which was generated.
    $reset_url = $this->getResetURL();
    $this->drupalGet($reset_url . '/login');
    $this->assertSession()
        ->linkExists(t('Log out'));
    $this->assertTitle($this->account
        ->getAccountName() . ' | Drupal');
    $this->drupalLogout();
    // The next request should *not* trigger flood control, since a successful
    // password reset should have cleared flood events for this user.
    $this->drupalGet('user/password');
    $this->drupalPostForm(NULL, $edit, t('Submit'));
    $this->assertValidPasswordReset($edit['name']);
    $this->assertNoPasswordUserFlood();
}