Projet

Général

Profil

Révision 01dfd3b5

Ajouté par Assos Assos il y a plus de 3 ans

Udpate to 7.77

Voir les différences:

drupal7/modules/user/user.test
322 322
  }
323 323

  
324 324
  function setUp() {
325
    parent::setUp('user_session_test');
325
    parent::setUp('user_session_test', 'user_flood_test');
326 326
  }
327 327

  
328 328
  /**
......
453 453
    $this->drupalPost('user', $edit, t('Log in'));
454 454
    $this->assertNoFieldByXPath("//input[@name='pass' and @value!='']", NULL, 'Password value attribute is blank.');
455 455
    if (isset($flood_trigger)) {
456
      $this->assertResponse(403);
457
      $user_log = db_query_range('SELECT message FROM {watchdog} WHERE type = :type ORDER BY wid DESC', 0, 1, array(':type' => 'user'))->fetchField();
458
      $user_flood_test_log = db_query_range('SELECT message FROM {watchdog} WHERE type = :type ORDER BY wid DESC', 0, 1, array(':type' => 'user_flood_test'))->fetchField();
456 459
      if ($flood_trigger == 'user') {
457
        $this->assertRaw(format_plural(variable_get('user_failed_login_user_limit', 5), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'))));
460
        $this->assertRaw(t('Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'), '@count' => variable_get('user_failed_login_user_limit', 5))));
461
        $this->assertEqual('Flood control blocked login attempt for %user from %ip.', $user_log, 'A watchdog message was logged for the login attempt blocked by flood control per user');
462
        $this->assertEqual('hook_user_flood_control was passed username %username and IP %ip.', $user_flood_test_log, 'hook_user_flood_control was invoked by flood control per user');
458 463
      }
459 464
      else {
460 465
        // No uid, so the limit is IP-based.
461 466
        $this->assertRaw(t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'))));
467
        $this->assertEqual('Flood control blocked login attempt from %ip.', $user_log, 'A watchdog message was logged for the login attempt blocked by flood control per IP');
468
        $this->assertEqual('hook_user_flood_control was passed IP %ip.', $user_flood_test_log, 'hook_user_flood_control was invoked by flood control per IP');
462 469
      }
463 470
    }
464 471
    else {
......
507 514
    $this->drupalPost('user/password', $edit, t('E-mail new password'));
508 515
    // Confirm the password reset.
509 516
    $this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.');
517
    // Ensure that flood control was not triggered.
518
    $this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by single password reset.');
510 519

  
511 520
    // Create an image field to enable an Ajax request on the user profile page.
512 521
    $field = array(
......
552 561
    $this->assertText(t('The changes have been saved.'), 'Forgotten password changed.');
553 562
  }
554 563

  
564
  /**
565
   * Test user-based flood control on password reset.
566
   */
567
  function testPasswordResetFloodControlPerUser() {
568
    // Set a very low limit for testing.
569
    variable_set('user_pass_reset_user_limit', 2);
570

  
571
    // Create a user.
572
    $account = $this->drupalCreateUser();
573
    $this->drupalLogin($account);
574
    $this->drupalLogout();
575

  
576
    $edit = array('name' => $account->name);
577

  
578
    // Try 2 requests that should not trigger flood control.
579
    for ($i = 0; $i < 2; $i++) {
580
      $this->drupalPost('user/password', $edit, t('E-mail new password'));
581
      // Confirm the password reset.
582
      $this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.');
583
      // Ensure that flood control was not triggered.
584
      $this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by password reset.');
585
    }
586

  
587
    // A successful password reset should clear flood events.
588
    $resetURL = $this->getResetURL();
589
    $this->drupalGet($resetURL);
590

  
591
    // Check successful login.
592
    $this->drupalPost(NULL, NULL, t('Log in'));
593
    $this->drupalLogout();
594

  
595
    // Try 2 requests that should not trigger flood control.
596
    for ($i = 0; $i < 2; $i++) {
597
      $this->drupalPost('user/password', $edit, t('E-mail new password'));
598
      // Confirm the password reset.
599
      $this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.');
600
      // Ensure that flood control was not triggered.
601
      $this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by password reset.');
602
    }
603

  
604
    // The next request should trigger flood control
605
    $this->drupalPost('user/password', $edit, t('E-mail new password'));
606
    // Confirm the password reset was blocked.
607
    $this->assertNoText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message not displayed for excessive password resets.');
608
    // Ensure that flood control was triggered.
609
    $this->assertText(t('Sorry, there have been more than 2 password reset attempts for this account. It is temporarily blocked.'), 'Flood control was triggered by excessive password resets for one user.');
610
  }
611

  
612
  /**
613
   * Test IP-based flood control on password reset.
614
   */
615
  function testPasswordResetFloodControlPerIp() {
616
    // Set a very low limit for testing.
617
    variable_set('user_pass_reset_ip_limit', 2);
618

  
619
    // Try 2 requests that should not trigger flood control.
620
    for ($i = 0; $i < 2; $i++) {
621
      $name = $this->randomName();
622
      $edit = array('name' => $name);
623
      $this->drupalPost('user/password', $edit, t('E-mail new password'));
624
      // Confirm the password reset was not blocked. Note that @name is used
625
      // instead of %name as assertText() works with plain text not HTML.
626
      $this->assertText(t('Sorry, @name is not recognized as a user name or an e-mail address.', array('@name' => $name)), 'User name not recognized message displayed.');
627
      // Ensure that flood control was not triggered.
628
      $this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by password reset.');
629
    }
630

  
631
    // The next request should trigger flood control
632
    $name = $this->randomName();
633
    $edit = array('name' => $name);
634
    $this->drupalPost('user/password', $edit, t('E-mail new password'));
635
    // Confirm the password reset was blocked early. Note that @name is used
636
    // instead of %name as assertText() works with plain text not HTML.
637
    $this->assertNoText(t('Sorry, @name is not recognized as a user name or an e-mail address.', array('@name' => $name)), 'User name not recognized message not displayed.');
638
    // Ensure that flood control was triggered.
639
    $this->assertText(t('Sorry, too many password reset attempts from your IP address. This IP address is temporarily blocked.'), 'Flood control was triggered by excessive password resets from one IP.');
640
  }
641

  
555 642
  /**
556 643
   * Test user password reset while logged in.
557 644
   */

Formats disponibles : Unified diff