diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php index 5c1955f282..05b27e82ac 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php @@ -109,10 +109,9 @@ class FormLoginTest extends AbstractWebTestCase } /** - * @dataProvider provideInvalidCredentials * @group time-sensitive */ - public function testLoginThrottling(string $username, string $password, int $attemptIndex) + public function testLoginThrottling() { if (!class_exists(LoginThrottlingListener::class)) { $this->markTestSkipped('Login throttling requires symfony/security-http:^5.2'); @@ -120,35 +119,40 @@ class FormLoginTest extends AbstractWebTestCase $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'login_throttling.yml', 'enable_authenticator_manager' => true]); - $form = $client->request('GET', '/login')->selectButton('login')->form(); - $form['_username'] = $username; - $form['_password'] = $password; - $client->submit($form); + $attempts = [ + ['johannes', 'wrong'], + ['johannes', 'also_wrong'], + ['wrong', 'wrong'], + ['johannes', 'wrong_again'], + ]; + foreach ($attempts as $i => $attempt) { + $form = $client->request('GET', '/login')->selectButton('login')->form(); + $form['_username'] = $attempt[0]; + $form['_password'] = $attempt[1]; + $client->submit($form); - $text = $client->followRedirect()->text(null, true); - if (1 === $attemptIndex) { - // First attempt : Invalid credentials (OK) - $this->assertStringMatchesFormat('%sInvalid credentials%s', $text); - } elseif (2 === $attemptIndex) { - // Second attempt : login throttling ! - $this->assertStringMatchesFormat('%sToo many failed login attempts, please try again in 8 minutes%s', $text); - } elseif (3 === $attemptIndex) { - // Third attempt with unexisting username - $this->assertStringMatchesFormat('%sUsername could not be found.%s', $text); - } elseif (4 === $attemptIndex) { - // Fourth attempt : still login throttling ! - $this->assertStringMatchesFormat('%sToo many failed login attempts, please try again in 8 minutes%s', $text); + $text = $client->followRedirect()->text(null, true); + switch ($i) { + case 0: // First attempt : Invalid credentials (OK) + $this->assertStringContainsString('Invalid credentials', $text, 'Invalid response on 1st attempt'); + + break; + case 1: // Second attempt : login throttling ! + $this->assertStringContainsString('Too many failed login attempts, please try again in 8 minutes.', $text, 'Invalid response on 2nd attempt'); + + break; + case 2: // Third attempt with unexisting username + $this->assertStringContainsString('Username could not be found.', $text, 'Invalid response on 3rd attempt'); + + break; + case 3: // Fourth attempt : still login throttling ! + $this->assertStringContainsString('Too many failed login attempts, please try again in 8 minutes.', $text, 'Invalid response on 4th attempt'); + + break; + } } } - public function provideInvalidCredentials() - { - yield 'invalid_password' => ['johannes', 'wrong', 1]; - yield 'invalid_password_again' => ['johannes', 'also_wrong', 2]; - yield 'invalid_username' => ['wrong', 'wrong', 3]; - yield 'invalid_password_again_bis' => ['johannes', 'wrong_again', 4]; - } - public function provideClientOptions() { yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]]; diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml index 4848567cf3..c445ce6963 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml @@ -10,3 +10,4 @@ security: default: login_throttling: max_attempts: 1 + interval: '8 minutes'