apiRoutesContainingAny(['login', 'password', 'verify', 'contact', 'support', 'message', 'scanner', 'badge']); foreach (array_slice($routes, 0, 25) as $route) { $method = $this->primaryMethod($route); $uri = $route->uri(); for ($attempt = 1; $attempt <= 3; $attempt++) { $response = $this->withHeader('X-Forwarded-For', '203.0.113.'.$attempt) ->requestAs($this->actorFor($uri), $method, $uri, $this->payloadFor($method, $uri) + [ 'email' => 'rate-limit-'.$attempt.'@example.test', 'password' => 'wrong-password', 'message' => str_repeat('abuse ', 200), ]); $this->assertControlled($response, $method, $uri); $body = strtolower($response->getContent()); foreach (['too many connections', 'sqlstate', 'stack trace', 'vendor/laravel'] as $forbidden) { $this->assertStringNotContainsString($forbidden, $body); } } } } }