Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed Issue #18581: Blocking users after X failed attempts counts inc…
…orrectly (off by 1) (#2914) Co-authored-by: Lapiu Dev <devgit@lapiu.biz>
- Loading branch information
1 parent
781d196
commit e90b2b3
Showing
2 changed files
with
60 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
<?php | ||
|
||
namespace ls\tests; | ||
|
||
use FailedLoginAttempt; | ||
|
||
class FailedLoginAttempTest extends TestBaseClass | ||
{ | ||
public function testAddDeleteAttemp() | ||
{ | ||
// Save Ip | ||
$ip = substr(getIPAddress(), 0, 40); | ||
|
||
// Make sure there are no records for the ip | ||
FailedLoginAttempt::model()->deleteAttempts(FailedLoginAttempt::TYPE_LOGIN); | ||
$this->assertNull(FailedLoginAttempt::model()->findByAttributes((array('ip' => $ip)))); | ||
|
||
// Verify that the try counter increases by one | ||
FailedLoginAttempt::model()->addAttempt(); | ||
$data = FailedLoginAttempt::model()->findByAttributes((array('ip' => $ip))); | ||
$this->assertEquals(1, $data->number_attempts); | ||
|
||
// Verify that the try counter increases by one | ||
FailedLoginAttempt::model()->addAttempt(); | ||
$data = FailedLoginAttempt::model()->findByAttributes((array('ip' => $ip))); | ||
$this->assertEquals(2, $data->number_attempts); | ||
|
||
// Verify that all records are deleted | ||
FailedLoginAttempt::model()->deleteAttempts(FailedLoginAttempt::TYPE_LOGIN); | ||
$this->assertNull(FailedLoginAttempt::model()->findByAttributes((array('ip' => $ip)))); | ||
} | ||
|
||
public function testIsLockedOut() | ||
{ | ||
$maxLoginAttempt = \Yii::app()->getConfig('maxLoginAttempt'); | ||
|
||
// Verify that the user has attempts available | ||
FailedLoginAttempt::model()->deleteAttempts(FailedLoginAttempt::TYPE_LOGIN); | ||
for ($i = 0; $i < $maxLoginAttempt - 1; $i++) { | ||
FailedLoginAttempt::model()->addAttempt(); | ||
$this->assertFalse(FailedLoginAttempt::model()->isLockedOut(FailedLoginAttempt::TYPE_LOGIN)); | ||
} | ||
|
||
// Verify that the user has no attempts available | ||
FailedLoginAttempt::model()->addAttempt(); | ||
$this->assertTrue(FailedLoginAttempt::model()->isLockedOut(FailedLoginAttempt::TYPE_LOGIN)); | ||
} | ||
|
||
/** | ||
* @return void | ||
*/ | ||
public static function tearDownAfterClass(): void | ||
{ | ||
FailedLoginAttempt::model()->deleteAttempts(FailedLoginAttempt::TYPE_LOGIN); | ||
|
||
parent::tearDownAfterClass(); | ||
} | ||
} |