diff --git a/core/modules/user/src/Controller/UserController.php b/core/modules/user/src/Controller/UserController.php index 08ed071d3c..1f3ec55bf4 100644 --- a/core/modules/user/src/Controller/UserController.php +++ b/core/modules/user/src/Controller/UserController.php @@ -255,6 +255,7 @@ public function resetPassLogin(Request $request, $uid, $timestamp, $hash) { $identifier = $user->id() . '-' . $request->getClientIP(); } $this->flood->clear('user.failed_login_user', $identifier); + $this->flood->clear('user.http_login', $identifier); user_login_finalize($user); $this->logger->notice('User %name used one-time login link at time %timestamp.', ['%name' => $user->getDisplayName(), '%timestamp' => $timestamp]); $this->messenger()->addStatus($this->t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.')); diff --git a/core/modules/user/tests/src/Functional/UserLoginTest.php b/core/modules/user/tests/src/Functional/UserLoginTest.php index 879fe11549..4304546a47 100644 --- a/core/modules/user/tests/src/Functional/UserLoginTest.php +++ b/core/modules/user/tests/src/Functional/UserLoginTest.php @@ -111,7 +111,8 @@ public function testPerUserLoginFloodControl() { $this->assertFailedLogin($incorrect_user1); } - // A successful login will reset the per-user flood control count. + // We're not going to test resetting the password which should clear the + // flood table and allow the user to log in again. $this->drupalLogin($user1); $this->drupalLogout(); @@ -131,9 +132,9 @@ public function testPerUserLoginFloodControl() { $this->resetUserPassword($user1); $this->drupalLogout(); - // Try to login as user 1, it should be successful. + // Try to log in as user 1, it should be successful. $this->drupalLogin($user1); - $this->assertSession()->responseNotContains('There have been more than ' . $user_limit . ' failed login attempts for this account.'); + $this->assertSession()->responseContains('Log out'); } /**