function UserPasswordResetTest::testUserResetPasswordUserFloodControlIsCleared

Tests user password reset flood control is cleared on successful reset.

File

core/modules/user/tests/src/Functional/UserPasswordResetTest.php, line 469

Class

UserPasswordResetTest

Ensure that password reset methods work as expected.

Namespace

Code

public function testUserResetPasswordUserFloodControlIsCleared() : void {
    \Drupal::configFactory()->getEditable('user.flood')
        ->set('user_limit', 3)
        ->save();
    $edit = [
        'name' => $this->account
            ->getAccountName(),
    ];
    // Count email messages before to compare with after.
    $before = count($this->drupalGetMails([
        'id' => 'user_password_reset',
    ]));
    // Try 3 requests that should not trigger flood control.
    for ($i = 0; $i < 3; $i++) {
        $this->drupalGet('user/password');
        $this->submitForm($edit, 'Submit');
        $this->assertValidPasswordReset($edit['name']);
    }
    // Ensure 3 emails were sent.
    $this->assertCount($before + 3, $this->drupalGetMails([
        'id' => 'user_password_reset',
    ]), '3 emails sent without triggering flood control.');
    // Use the last password reset URL which was generated.
    $reset_url = $this->getResetURL();
    $this->drupalGet($reset_url . '/login');
    $this->assertSession()
        ->linkExists('Log out');
    $this->assertSession()
        ->titleEquals($this->account
        ->getAccountName() . ' | Drupal');
    $this->drupalLogout();
    // The next request should *not* trigger flood control, since a successful
    // password reset should have cleared flood events for this user.
    $this->drupalGet('user/password');
    $this->submitForm($edit, 'Submit');
    $this->assertValidPasswordReset($edit['name']);
    // Ensure another email was sent.
    $this->assertCount($before + 4, $this->drupalGetMails([
        'id' => 'user_password_reset',
    ]), 'Another email was sent after clearing flood control.');
}