function UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared

Tests user password reset flood control is cleared on successful reset.

File

core/modules/user/tests/src/Functional/UserPasswordResetTest.php, line 343

Class

UserPasswordResetTest

Ensure that password reset methods work as expected.

Namespace

Code

public function testUserResetPasswordUserFloodControlIsCleared() {
  \Drupal::configFactory()->getEditable('user.flood')
    ->set('user_limit', 3)
    ->save();
  $edit = [
    'name' => $this->account
      ->getAccountName(),
  ];
  // Try 3 requests that should not trigger flood control.
  for ($i = 0; $i < 3; $i++) {
    $this->drupalGet('user/password');
    $this->drupalPostForm(NULL, $edit, t('Submit'));
    $this->assertValidPasswordReset($edit['name']);
    $this->assertNoPasswordUserFlood();
  }
  // Use the last password reset URL which was generated.
  $reset_url = $this->getResetURL();
  $this->drupalGet($reset_url . '/login');
  $this->assertSession()
    ->linkExists(t('Log out'));
  $this->assertTitle($this->account
    ->getAccountName() . ' | Drupal');
  $this->drupalLogout();
  // The next request should *not* trigger flood control, since a successful
  // password reset should have cleared flood events for this user.
  $this->drupalGet('user/password');
  $this->drupalPostForm(NULL, $edit, t('Submit'));
  $this->assertValidPasswordReset($edit['name']);
  $this->assertNoPasswordUserFlood();
}