From 5c5ea642285751c322d9cf384950a5c7d6cd851f Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Thu, 22 Sep 2022 17:29:38 +0100
Subject: [PATCH] Added login throttling test, updated reset-pw test method
 names

---
 tests/Auth/AuthTest.php          | 13 +++++++++++++
 tests/Auth/ResetPasswordTest.php |  8 ++++----
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php
index f0b473472..849469766 100644
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@@ -133,6 +133,19 @@ class AuthTest extends TestCase
         $this->assertFalse(auth()->check());
     }
 
+    public function test_login_attempts_are_rate_limited()
+    {
+        for ($i = 0; $i < 5; $i++) {
+            $resp = $this->login('bennynotexisting@example.com', 'pw123');
+        }
+        $resp = $this->followRedirects($resp);
+        $resp->assertSee('These credentials do not match our records.');
+
+        // Check the fifth attempt provides a lockout response
+        $resp = $this->followRedirects($this->login('bennynotexisting@example.com', 'pw123'));
+        $resp->assertSee('Too many login attempts. Please try again in');
+    }
+
     /**
      * Perform a login.
      */
diff --git a/tests/Auth/ResetPasswordTest.php b/tests/Auth/ResetPasswordTest.php
index 1ab579b26..7b2d2e72b 100644
--- a/tests/Auth/ResetPasswordTest.php
+++ b/tests/Auth/ResetPasswordTest.php
@@ -9,7 +9,7 @@ use Tests\TestCase;
 
 class ResetPasswordTest extends TestCase
 {
-    public function test_reset_password_flow()
+    public function test_reset_flow()
     {
         Notification::fake();
 
@@ -52,7 +52,7 @@ class ResetPasswordTest extends TestCase
         $this->get('/')->assertSee('Your password has been successfully reset');
     }
 
-    public function test_reset_password_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()
+    public function test_reset_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()
     {
         $this->get('/password/email');
         $resp = $this->followingRedirects()->post('/password/email', [
@@ -75,7 +75,7 @@ class ResetPasswordTest extends TestCase
             ->assertSee('The password reset token is invalid for this email address.');
     }
 
-    public function test_reset_password_page_shows_sign_links()
+    public function test_reset_page_shows_sign_links()
     {
         $this->setSettings(['registration-enabled' => 'true']);
         $resp = $this->get('/password/email');
@@ -83,7 +83,7 @@ class ResetPasswordTest extends TestCase
             ->assertElementContains('a', 'Sign up');
     }
 
-    public function test_reset_password_request_is_throttled()
+    public function test_reset_request_is_throttled()
     {
         $editor = $this->getEditor();
         Notification::fake();