modules/login_security/login_security.test

<?php
// $Id: login_security.test,v 1.1.2.6 2009/06/23 04:35:25 deekayen Exp $

/**
 * @file
 * Test the basic functions of the Login Security module.
 */

class LoginSecurityInterfaceTest extends DrupalWebTestCase {
  public static function getInfo() {
    return array(
      'name' => t('Login Security interface'),
      'description' => t('Test Login Security\'s web interface.'),
      'group' => t('Login Security')
    );
  }

  function setUp() {
    parent::setUp('login_security');

    // Create and login user
    $admin_user = $this->drupalCreateUser(array('administer users'));
    $this->drupalLogin($admin_user);
  }

  function testAdminUserSettings() {
    $this->drupalGet('admin/user/settings');
    $this->assertResponse(200, t('Access granted to settings page.'));
    $this->assertField('login_security_track_time', t('Track time field exists.'));
    $this->assertField('login_security_delay_base_time', t('Delay base time field exists.'));
    $this->assertField('login_security_delay_increase', t('Delay increase field exists.'));
    $this->assertField('login_security_user_wrong_count', t('User wrong count field exists.'));
    $this->assertField('login_security_host_wrong_count', t('Host wrong count field exists.'));
    $this->assertField('login_security_host_wrong_count_hard', t('Host wrong hard count field exists.'));
    $this->assertField('login_security_notice_attempts_available', t('Notice attempts available field exists.'));
    $this->assertField('login_security_notice_attempts_message', t('Notice attempts message field exists.'));
    $this->assertField('login_security_host_soft_banned', t('Soft banned message field exists.'));
    $this->assertField('login_security_host_hard_banned', t('Hard banned message field exists.'));
    $this->assertField('login_security_user_blocked', t('User blocked message field exists.'));
    $this->assertField('login_security_user_blocked_email', t('User blocked email toggle field exists.'));
    $this->assertField('login_security_user_blocked_email_subject', t('User blocked email subject field exists.'));
    $this->assertField('login_security_user_blocked_email_body', t('User blocked email body field exists'));
    $this->assertField('login_security_last_login_timestamp', t('Last login timestamp field exists.'));
    $this->assertField('login_security_last_access_timestamp', t('Last access timestamp field exists.'));
  }
}

class LoginSecurityUserBlockingTest extends DrupalWebTestCase {
  public static function getInfo() {
    return array(
      'name' => t('Login Security userblock functional'),
      'description' => t('Test Login Security\'s user-blocking restrictions and default messages.'),
      'group' => t('Login Security')
    );
  }

  function setUp() {
    parent::setUp('login_security');
    // Ensure the table has no entries
    db_query("TRUNCATE TABLE {login_security_track}");
  }

  // Check if login is break somewhere
  function testLogin() {
    variable_set('login_security_user_wrong_count', 5);
    $normal_user = $this->drupalCreateUser(array('access content'));
    $this->drupalLogin($normal_user);
    $this->assertNoText("You have used 1 out of 5 login attempts. After all 5 have been used, you will be unable to login.", t('Attempts available message displayed.'));
  }

  function testUserBlocking() {
    $login_attempts_limit = 2;

    // allow 3 attempts to login before being blocking is enforced
    variable_set('login_security_user_wrong_count', $login_attempts_limit);

    // in Drupal 7, we can drupalGetMails() to see if a notice went out to admin
    // in the meantime, turn the message off just in case it doesn't get caught properly yet
    variable_set('login_security_user_blocked_email', 0);

    $normal_user = $this->drupalCreateUser(array('access content'));

    // intentionally break the password to repeat invalid logins
    $normal_user->pass_raw = user_password();

    variable_set('login_security_notice_attempts_available', 1);

    // drupalLogin() has assertions that we know will fail, so we must skip them with an alternate function
    $this->drupalLoginLite($normal_user);
    $this->assertText("You have used 1 out of $login_attempts_limit login attempts. After all $login_attempts_limit have been used, you will be unable to login.", t('Attempts available message displayed.'));
    $this->assertFieldByName('form_id', 'user_login', t('Login form found.'));

    // turns off the warning message we looked for in the previous assert
    variable_set('login_security_notice_attempts_available', 0);

    $this->drupalLoginLite($normal_user);
    $this->assertNoText("You have used 2 out of $login_attempts_limit login attempts. After all $login_attempts_limit have been used, you will be unable to login.", t('Attempts available message displayed.'));
    $this->assertFieldByName('form_id', 'user_login', t('Login form found.'));

    // turns back on the warning message we looked for in the previous assert
    variable_set('login_security_notice_attempts_available', 1);

    $this->drupalLoginLite($normal_user);
    $this->assertText("The user {$normal_user->name} has been blocked due to failed login attempts.", t('Blocked message displayed.'));
    $this->assertText("You have used 3 out of $login_attempts_limit login attempts. After all $login_attempts_limit have been used, you will be unable to login.", t('Attempts available message displayed.'));
    $this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
  }

  function testDrupalErrorToggle() {
    $normal_user = $this->drupalCreateUser(array('access content'));

    // intentionally break the password to repeat invalid logins
    $normal_user->pass_raw = user_password();

    variable_set('login_security_disable_core_login_error', 0);

    // drupalLogin() has assertions that we know will fail, so we must skip them with an alternate function
    $this->drupalLoginLite($normal_user);
    $this->assertRaw(t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))), t('Drupal login error message found.'));

    variable_set('login_security_disable_core_login_error', 1);
    $this->drupalLoginLite($normal_user);
    $this->assertNoRaw(t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))), t('Drupal login error message not found.'));
  }

  function testLoginMessage() {
    $normal_user = $this->drupalCreateUser(array('access content'));

    variable_set('login_security_last_login_timestamp', 1);
    variable_set('login_security_last_access_timestamp', 1);
    $this->drupalLogin($normal_user);
    // this is the very first login ever, so there should be no previous login to show
    $this->assertNoText(t('Your last login was '), t('Last login message not found.'));
    // even though they weren't logged in, they've been accessing pages, so this could show
    $this->assertText(t('Your last page access (site activity) was '), t('Last page access message not found.'));

    variable_set('login_security_last_login_timestamp', 0);
    variable_set('login_security_last_access_timestamp', 0);
    $this->drupalLogin($normal_user);
    $this->assertNoText(t('Your last login was '), t('Last login message not found.'));
    $this->assertNoText(t('Your last page access (site activity) was '), t('Last page access message not found.'));

    variable_set('login_security_last_login_timestamp', 1);
    $this->drupalLogin($normal_user);
    $this->assertText(t('Your last login was '), t('Last login message found.'));
    $this->assertNoText(t('Your last page access (site activity) was '), t('Last page access message not found.'));

    variable_set('login_security_last_login_timestamp', 0);
    variable_set('login_security_last_access_timestamp', 1);
    $this->drupalLogin($normal_user);
    $this->assertNoText(t('Your last login was '), t('Last login message not found.'));
    $this->assertText(t('Your last page access (site activity) was '), t('Last page access message found.'));

    variable_set('login_security_last_login_timestamp', 1);
    $this->drupalLogin($normal_user);
    $this->assertText(t('Your last login was '), t('Last login message found.'));
    $this->assertText(t('Your last page access (site activity) was '), t('Last page access message found.'));
  }

  function drupalLoginLite(stdClass $user) {
    if ($this->isLoggedIn) {
      $this->drupalLogout();
    }

    $edit = array(
      'name' => $user->name,
      'pass' => $user->pass_raw
    );
    $this->drupalPost('user', $edit, t('Log in'));
    $this->assertResponse(200, t('Login page reloaded.'));

    $this->isLoggedIn = TRUE;
  }
}

class LoginSecuritySoftBlockTest extends DrupalWebTestCase {
  public static function getInfo() {
    return array(
      'name' => t('Login Security Softblock functional'),
      'description' => t('Test Login Security\'s soft blocking restrictions.'),
      'group' => t('Login Security')
    );
  }

  function setUp() {
    parent::setUp('login_security');
    // Ensure the table has no entries
    db_query("TRUNCATE TABLE {login_security_track}");
  }

  function testLogin() {
    variable_set('login_security_user_wrong_count', 5);
    $normal_user = $this->drupalCreateUser(array('access content'));
    $this->drupalLogin($normal_user);
    $this->assertNoText("You have used 1 out of 5 login attempts. After all 5 have been used, you will be unable to login.", t('Attempts available message displayed.'));
  }

  function testSoftBlocking() {

    $login_attempts_limit = 2;

    // allow 2 attempts to login before being soft-blocking is enforced
    variable_set('login_security_user_wrong_count', 0);
    variable_set('login_security_host_wrong_count', 2);
    // remove notices
    variable_set('login_security_notice_attempts_available', 0);

    $normal_user = $this->drupalCreateUser(array('access content'));
    $good_pass = $normal_user->pass_raw;

    // intentionally break the password to repeat invalid logins
    $normal_user->pass_raw = user_password();

    $site_name = variable_get('site_name', 'drupal');

    // drupalLogin() has assertions that we know will fail, so we must skip them with an alternate function
    $this->drupalLoginLite($normal_user);
    $this->assertNoText("This host is not allowed to log in", t('Soft-blocked notice does not display.'));
    $this->assertNoText("The user {$normal_user->name} has been blocked due to failed login attempts.", t('User is not blocked.'));
    $this->assertFieldByName('form_id', 'user_login', t('Login form found.'));

    // Second try
    $this->drupalLoginLite($normal_user);
    $this->assertNoText("This host is not allowed to log in", t('Soft-blocked notice does not display.'));
    $this->assertNoText("The user {$normal_user->name} has been blocked due to failed login attempts.", t('User is not blocked.'));
    $this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
    $this->assertFieldByName('op', 'Log in', t('Submit button found.'));

    // remove error messages
    variable_set('login_security_disable_core_login_error', 1);

    $this->drupalLoginLite($normal_user);
    $this->assertNoText("This host is not allowed to log in", t('Soft-block message does not display.'));
    $this->assertFieldByName('form_id', 'user_login', t('Login form found.'));

    // restore error messages
    variable_set('login_security_disable_core_login_error', 0);

    $this->drupalLoginLite($normal_user);
    $this->assertText("This host is not allowed to log in", t('Soft-block message displays.'));
    $this->assertFieldByName('form_id', 'user_login', t('Login form found.'));

    // try a normal login because it should be locked out now
    $normal_user->pass_raw = $good_pass;
    $this->drupalLoginLite($normal_user);
    $this->assertText("This host is not allowed to log in", t('Soft-block message displays.'));
    $this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
  }

  function drupalLoginLite(stdClass $user) {
    if ($this->isLoggedIn) {
      $this->drupalLogout();
    }

    $edit = array(
      'name' => $user->name,
      'pass' => $user->pass_raw
    );
    $this->drupalPost('user', $edit, t('Log in'));
    $this->assertResponse(200, t('Login page reloaded.'));

    $this->isLoggedIn = TRUE;
  }
}
1	<?php
2	// $Id: login_security.test,v 1.1.2.6 2009/06/23 04:35:25 deekayen Exp $
3
4	/**
5	* @file
6	* Test the basic functions of the Login Security module.
7	*/
8
9	class LoginSecurityInterfaceTest extends DrupalWebTestCase {
10	public static function getInfo() {
11	return array(
12	'name' => t('Login Security interface'),
13	'description' => t('Test Login Security\'s web interface.'),
14	'group' => t('Login Security')
15	);
16	}
17
18	function setUp() {
19	parent::setUp('login_security');
20
21	// Create and login user
22	$admin_user = $this->drupalCreateUser(array('administer users'));
23	$this->drupalLogin($admin_user);
24	}
25
26	function testAdminUserSettings() {
27	$this->drupalGet('admin/user/settings');
28	$this->assertResponse(200, t('Access granted to settings page.'));
29	$this->assertField('login_security_track_time', t('Track time field exists.'));
30	$this->assertField('login_security_delay_base_time', t('Delay base time field exists.'));
31	$this->assertField('login_security_delay_increase', t('Delay increase field exists.'));
32	$this->assertField('login_security_user_wrong_count', t('User wrong count field exists.'));
33	$this->assertField('login_security_host_wrong_count', t('Host wrong count field exists.'));
34	$this->assertField('login_security_host_wrong_count_hard', t('Host wrong hard count field exists.'));
35	$this->assertField('login_security_notice_attempts_available', t('Notice attempts available field exists.'));
36	$this->assertField('login_security_notice_attempts_message', t('Notice attempts message field exists.'));
37	$this->assertField('login_security_host_soft_banned', t('Soft banned message field exists.'));
38	$this->assertField('login_security_host_hard_banned', t('Hard banned message field exists.'));
39	$this->assertField('login_security_user_blocked', t('User blocked message field exists.'));
40	$this->assertField('login_security_user_blocked_email', t('User blocked email toggle field exists.'));
41	$this->assertField('login_security_user_blocked_email_subject', t('User blocked email subject field exists.'));
42	$this->assertField('login_security_user_blocked_email_body', t('User blocked email body field exists'));
43	$this->assertField('login_security_last_login_timestamp', t('Last login timestamp field exists.'));
44	$this->assertField('login_security_last_access_timestamp', t('Last access timestamp field exists.'));
45	}
46	}
47
48	class LoginSecurityUserBlockingTest extends DrupalWebTestCase {
49	public static function getInfo() {
50	return array(
51	'name' => t('Login Security userblock functional'),
52	'description' => t('Test Login Security\'s user-blocking restrictions and default messages.'),
53	'group' => t('Login Security')
54	);
55	}
56
57	function setUp() {
58	parent::setUp('login_security');
59	// Ensure the table has no entries
60	db_query("TRUNCATE TABLE {login_security_track}");
61	}
62
63	// Check if login is break somewhere
64	function testLogin() {
65	variable_set('login_security_user_wrong_count', 5);
66	$normal_user = $this->drupalCreateUser(array('access content'));
67	$this->drupalLogin($normal_user);
68	$this->assertNoText("You have used 1 out of 5 login attempts. After all 5 have been used, you will be unable to login.", t('Attempts available message displayed.'));
69	}
70
71	function testUserBlocking() {
72	$login_attempts_limit = 2;
73
74	// allow 3 attempts to login before being blocking is enforced
75	variable_set('login_security_user_wrong_count', $login_attempts_limit);
76
77	// in Drupal 7, we can drupalGetMails() to see if a notice went out to admin
78	// in the meantime, turn the message off just in case it doesn't get caught properly yet
79	variable_set('login_security_user_blocked_email', 0);
80
81	$normal_user = $this->drupalCreateUser(array('access content'));
82
83	// intentionally break the password to repeat invalid logins
84	$normal_user->pass_raw = user_password();
85
86	variable_set('login_security_notice_attempts_available', 1);
87
88	// drupalLogin() has assertions that we know will fail, so we must skip them with an alternate function
89	$this->drupalLoginLite($normal_user);
90	$this->assertText("You have used 1 out of $login_attempts_limit login attempts. After all $login_attempts_limit have been used, you will be unable to login.", t('Attempts available message displayed.'));
91	$this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
92
93	// turns off the warning message we looked for in the previous assert
94	variable_set('login_security_notice_attempts_available', 0);
95
96	$this->drupalLoginLite($normal_user);
97	$this->assertNoText("You have used 2 out of $login_attempts_limit login attempts. After all $login_attempts_limit have been used, you will be unable to login.", t('Attempts available message displayed.'));
98	$this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
99
100	// turns back on the warning message we looked for in the previous assert
101	variable_set('login_security_notice_attempts_available', 1);
102
103	$this->drupalLoginLite($normal_user);
104	$this->assertText("The user {$normal_user->name} has been blocked due to failed login attempts.", t('Blocked message displayed.'));
105	$this->assertText("You have used 3 out of $login_attempts_limit login attempts. After all $login_attempts_limit have been used, you will be unable to login.", t('Attempts available message displayed.'));
106	$this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
107	}
108
109	function testDrupalErrorToggle() {
110	$normal_user = $this->drupalCreateUser(array('access content'));
111
112	// intentionally break the password to repeat invalid logins
113	$normal_user->pass_raw = user_password();
114
115	variable_set('login_security_disable_core_login_error', 0);
116
117	// drupalLogin() has assertions that we know will fail, so we must skip them with an alternate function
118	$this->drupalLoginLite($normal_user);
119	$this->assertRaw(t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))), t('Drupal login error message found.'));
120
121	variable_set('login_security_disable_core_login_error', 1);
122	$this->drupalLoginLite($normal_user);
123	$this->assertNoRaw(t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))), t('Drupal login error message not found.'));
124	}
125
126	function testLoginMessage() {
127	$normal_user = $this->drupalCreateUser(array('access content'));
128
129	variable_set('login_security_last_login_timestamp', 1);
130	variable_set('login_security_last_access_timestamp', 1);
131	$this->drupalLogin($normal_user);
132	// this is the very first login ever, so there should be no previous login to show
133	$this->assertNoText(t('Your last login was '), t('Last login message not found.'));
134	// even though they weren't logged in, they've been accessing pages, so this could show
135	$this->assertText(t('Your last page access (site activity) was '), t('Last page access message not found.'));
136
137	variable_set('login_security_last_login_timestamp', 0);
138	variable_set('login_security_last_access_timestamp', 0);
139	$this->drupalLogin($normal_user);
140	$this->assertNoText(t('Your last login was '), t('Last login message not found.'));
141	$this->assertNoText(t('Your last page access (site activity) was '), t('Last page access message not found.'));
142
143	variable_set('login_security_last_login_timestamp', 1);
144	$this->drupalLogin($normal_user);
145	$this->assertText(t('Your last login was '), t('Last login message found.'));
146	$this->assertNoText(t('Your last page access (site activity) was '), t('Last page access message not found.'));
147
148	variable_set('login_security_last_login_timestamp', 0);
149	variable_set('login_security_last_access_timestamp', 1);
150	$this->drupalLogin($normal_user);
151	$this->assertNoText(t('Your last login was '), t('Last login message not found.'));
152	$this->assertText(t('Your last page access (site activity) was '), t('Last page access message found.'));
153
154	variable_set('login_security_last_login_timestamp', 1);
155	$this->drupalLogin($normal_user);
156	$this->assertText(t('Your last login was '), t('Last login message found.'));
157	$this->assertText(t('Your last page access (site activity) was '), t('Last page access message found.'));
158	}
159
160	function drupalLoginLite(stdClass $user) {
161	if ($this->isLoggedIn) {
162	$this->drupalLogout();
163	}
164
165	$edit = array(
166	'name' => $user->name,
167	'pass' => $user->pass_raw
168	);
169	$this->drupalPost('user', $edit, t('Log in'));
170	$this->assertResponse(200, t('Login page reloaded.'));
171
172	$this->isLoggedIn = TRUE;
173	}
174	}
175
176	class LoginSecuritySoftBlockTest extends DrupalWebTestCase {
177	public static function getInfo() {
178	return array(
179	'name' => t('Login Security Softblock functional'),
180	'description' => t('Test Login Security\'s soft blocking restrictions.'),
181	'group' => t('Login Security')
182	);
183	}
184
185	function setUp() {
186	parent::setUp('login_security');
187	// Ensure the table has no entries
188	db_query("TRUNCATE TABLE {login_security_track}");
189	}
190
191	function testLogin() {
192	variable_set('login_security_user_wrong_count', 5);
193	$normal_user = $this->drupalCreateUser(array('access content'));
194	$this->drupalLogin($normal_user);
195	$this->assertNoText("You have used 1 out of 5 login attempts. After all 5 have been used, you will be unable to login.", t('Attempts available message displayed.'));
196	}
197
198	function testSoftBlocking() {
199
200	$login_attempts_limit = 2;
201
202	// allow 2 attempts to login before being soft-blocking is enforced
203	variable_set('login_security_user_wrong_count', 0);
204	variable_set('login_security_host_wrong_count', 2);
205	// remove notices
206	variable_set('login_security_notice_attempts_available', 0);
207
208	$normal_user = $this->drupalCreateUser(array('access content'));
209	$good_pass = $normal_user->pass_raw;
210
211	// intentionally break the password to repeat invalid logins
212	$normal_user->pass_raw = user_password();
213
214	$site_name = variable_get('site_name', 'drupal');
215
216	// drupalLogin() has assertions that we know will fail, so we must skip them with an alternate function
217	$this->drupalLoginLite($normal_user);
218	$this->assertNoText("This host is not allowed to log in", t('Soft-blocked notice does not display.'));
219	$this->assertNoText("The user {$normal_user->name} has been blocked due to failed login attempts.", t('User is not blocked.'));
220	$this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
221
222	// Second try
223	$this->drupalLoginLite($normal_user);
224	$this->assertNoText("This host is not allowed to log in", t('Soft-blocked notice does not display.'));
225	$this->assertNoText("The user {$normal_user->name} has been blocked due to failed login attempts.", t('User is not blocked.'));
226	$this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
227	$this->assertFieldByName('op', 'Log in', t('Submit button found.'));
228
229	// remove error messages
230	variable_set('login_security_disable_core_login_error', 1);
231
232	$this->drupalLoginLite($normal_user);
233	$this->assertNoText("This host is not allowed to log in", t('Soft-block message does not display.'));
234	$this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
235
236	// restore error messages
237	variable_set('login_security_disable_core_login_error', 0);
238
239	$this->drupalLoginLite($normal_user);
240	$this->assertText("This host is not allowed to log in", t('Soft-block message displays.'));
241	$this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
242
243	// try a normal login because it should be locked out now
244	$normal_user->pass_raw = $good_pass;
245	$this->drupalLoginLite($normal_user);
246	$this->assertText("This host is not allowed to log in", t('Soft-block message displays.'));
247	$this->assertFieldByName('form_id', 'user_login', t('Login form found.'));
248	}
249
250	function drupalLoginLite(stdClass $user) {
251	if ($this->isLoggedIn) {
252	$this->drupalLogout();
253	}
254
255	$edit = array(
256	'name' => $user->name,
257	'pass' => $user->pass_raw
258	);
259	$this->drupalPost('user', $edit, t('Log in'));
260	$this->assertResponse(200, t('Login page reloaded.'));
261
262	$this->isLoggedIn = TRUE;
263	}
264	}