Révision 01dfd3b5
Ajouté par Assos Assos il y a plus de 3 ans
drupal7/modules/user/user.test | ||
---|---|---|
322 | 322 |
} |
323 | 323 |
|
324 | 324 |
function setUp() { |
325 |
parent::setUp('user_session_test'); |
|
325 |
parent::setUp('user_session_test', 'user_flood_test');
|
|
326 | 326 |
} |
327 | 327 |
|
328 | 328 |
/** |
... | ... | |
453 | 453 |
$this->drupalPost('user', $edit, t('Log in')); |
454 | 454 |
$this->assertNoFieldByXPath("//input[@name='pass' and @value!='']", NULL, 'Password value attribute is blank.'); |
455 | 455 |
if (isset($flood_trigger)) { |
456 |
$this->assertResponse(403); |
|
457 |
$user_log = db_query_range('SELECT message FROM {watchdog} WHERE type = :type ORDER BY wid DESC', 0, 1, array(':type' => 'user'))->fetchField(); |
|
458 |
$user_flood_test_log = db_query_range('SELECT message FROM {watchdog} WHERE type = :type ORDER BY wid DESC', 0, 1, array(':type' => 'user_flood_test'))->fetchField(); |
|
456 | 459 |
if ($flood_trigger == 'user') { |
457 |
$this->assertRaw(format_plural(variable_get('user_failed_login_user_limit', 5), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password')))); |
|
460 |
$this->assertRaw(t('Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'), '@count' => variable_get('user_failed_login_user_limit', 5)))); |
|
461 |
$this->assertEqual('Flood control blocked login attempt for %user from %ip.', $user_log, 'A watchdog message was logged for the login attempt blocked by flood control per user'); |
|
462 |
$this->assertEqual('hook_user_flood_control was passed username %username and IP %ip.', $user_flood_test_log, 'hook_user_flood_control was invoked by flood control per user'); |
|
458 | 463 |
} |
459 | 464 |
else { |
460 | 465 |
// No uid, so the limit is IP-based. |
461 | 466 |
$this->assertRaw(t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password')))); |
467 |
$this->assertEqual('Flood control blocked login attempt from %ip.', $user_log, 'A watchdog message was logged for the login attempt blocked by flood control per IP'); |
|
468 |
$this->assertEqual('hook_user_flood_control was passed IP %ip.', $user_flood_test_log, 'hook_user_flood_control was invoked by flood control per IP'); |
|
462 | 469 |
} |
463 | 470 |
} |
464 | 471 |
else { |
... | ... | |
507 | 514 |
$this->drupalPost('user/password', $edit, t('E-mail new password')); |
508 | 515 |
// Confirm the password reset. |
509 | 516 |
$this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.'); |
517 |
// Ensure that flood control was not triggered. |
|
518 |
$this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by single password reset.'); |
|
510 | 519 |
|
511 | 520 |
// Create an image field to enable an Ajax request on the user profile page. |
512 | 521 |
$field = array( |
... | ... | |
552 | 561 |
$this->assertText(t('The changes have been saved.'), 'Forgotten password changed.'); |
553 | 562 |
} |
554 | 563 |
|
564 |
/** |
|
565 |
* Test user-based flood control on password reset. |
|
566 |
*/ |
|
567 |
function testPasswordResetFloodControlPerUser() { |
|
568 |
// Set a very low limit for testing. |
|
569 |
variable_set('user_pass_reset_user_limit', 2); |
|
570 |
|
|
571 |
// Create a user. |
|
572 |
$account = $this->drupalCreateUser(); |
|
573 |
$this->drupalLogin($account); |
|
574 |
$this->drupalLogout(); |
|
575 |
|
|
576 |
$edit = array('name' => $account->name); |
|
577 |
|
|
578 |
// Try 2 requests that should not trigger flood control. |
|
579 |
for ($i = 0; $i < 2; $i++) { |
|
580 |
$this->drupalPost('user/password', $edit, t('E-mail new password')); |
|
581 |
// Confirm the password reset. |
|
582 |
$this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.'); |
|
583 |
// Ensure that flood control was not triggered. |
|
584 |
$this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by password reset.'); |
|
585 |
} |
|
586 |
|
|
587 |
// A successful password reset should clear flood events. |
|
588 |
$resetURL = $this->getResetURL(); |
|
589 |
$this->drupalGet($resetURL); |
|
590 |
|
|
591 |
// Check successful login. |
|
592 |
$this->drupalPost(NULL, NULL, t('Log in')); |
|
593 |
$this->drupalLogout(); |
|
594 |
|
|
595 |
// Try 2 requests that should not trigger flood control. |
|
596 |
for ($i = 0; $i < 2; $i++) { |
|
597 |
$this->drupalPost('user/password', $edit, t('E-mail new password')); |
|
598 |
// Confirm the password reset. |
|
599 |
$this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.'); |
|
600 |
// Ensure that flood control was not triggered. |
|
601 |
$this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by password reset.'); |
|
602 |
} |
|
603 |
|
|
604 |
// The next request should trigger flood control |
|
605 |
$this->drupalPost('user/password', $edit, t('E-mail new password')); |
|
606 |
// Confirm the password reset was blocked. |
|
607 |
$this->assertNoText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message not displayed for excessive password resets.'); |
|
608 |
// Ensure that flood control was triggered. |
|
609 |
$this->assertText(t('Sorry, there have been more than 2 password reset attempts for this account. It is temporarily blocked.'), 'Flood control was triggered by excessive password resets for one user.'); |
|
610 |
} |
|
611 |
|
|
612 |
/** |
|
613 |
* Test IP-based flood control on password reset. |
|
614 |
*/ |
|
615 |
function testPasswordResetFloodControlPerIp() { |
|
616 |
// Set a very low limit for testing. |
|
617 |
variable_set('user_pass_reset_ip_limit', 2); |
|
618 |
|
|
619 |
// Try 2 requests that should not trigger flood control. |
|
620 |
for ($i = 0; $i < 2; $i++) { |
|
621 |
$name = $this->randomName(); |
|
622 |
$edit = array('name' => $name); |
|
623 |
$this->drupalPost('user/password', $edit, t('E-mail new password')); |
|
624 |
// Confirm the password reset was not blocked. Note that @name is used |
|
625 |
// instead of %name as assertText() works with plain text not HTML. |
|
626 |
$this->assertText(t('Sorry, @name is not recognized as a user name or an e-mail address.', array('@name' => $name)), 'User name not recognized message displayed.'); |
|
627 |
// Ensure that flood control was not triggered. |
|
628 |
$this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by password reset.'); |
|
629 |
} |
|
630 |
|
|
631 |
// The next request should trigger flood control |
|
632 |
$name = $this->randomName(); |
|
633 |
$edit = array('name' => $name); |
|
634 |
$this->drupalPost('user/password', $edit, t('E-mail new password')); |
|
635 |
// Confirm the password reset was blocked early. Note that @name is used |
|
636 |
// instead of %name as assertText() works with plain text not HTML. |
|
637 |
$this->assertNoText(t('Sorry, @name is not recognized as a user name or an e-mail address.', array('@name' => $name)), 'User name not recognized message not displayed.'); |
|
638 |
// Ensure that flood control was triggered. |
|
639 |
$this->assertText(t('Sorry, too many password reset attempts from your IP address. This IP address is temporarily blocked.'), 'Flood control was triggered by excessive password resets from one IP.'); |
|
640 |
} |
|
641 |
|
|
555 | 642 |
/** |
556 | 643 |
* Test user password reset while logged in. |
557 | 644 |
*/ |
Formats disponibles : Unified diff
Udpate to 7.77