Updated maxLoginAttempts and throttle duration
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe
parent
d95549bbcf
commit
40ae5d421b
1 changed files with 6 additions and 42 deletions
|
|
@ -284,8 +284,11 @@ class LoginController extends Controller
|
|||
return redirect()->back()->withInput()->withErrors($validator);
|
||||
}
|
||||
|
||||
$this->maxLoginAttempts = config('auth.passwords.users.throttle.max_attempts');
|
||||
$this->lockoutTime = config('auth.passwords.users.throttle.lockout_duration');
|
||||
// Set the custom lockout attempts from the env and sett the custom lockout throttle from the env.
|
||||
// We divide decayMinutes by 60 here to get minutes, since Laravel changed the default from minutes
|
||||
// to seconds, and we don't want to break limits on existing systems
|
||||
$this->maxAttempts = config('auth.passwords.users.throttle.max_attempts');
|
||||
$this->decayMinutes = (config('auth.passwords.users.throttle.lockout_duration') / 60);
|
||||
|
||||
if ($lockedOut = $this->hasTooManyLoginAttempts($request)) {
|
||||
$this->fireLockoutEvent($request);
|
||||
|
|
@ -355,7 +358,7 @@ class LoginController extends Controller
|
|||
|
||||
// We wouldn't normally see this page if 2FA isn't enforced via the
|
||||
// \App\Http\Middleware\CheckForTwoFactor middleware AND if a device isn't enrolled,
|
||||
// but let's check check anyway in case there's a browser history or back button thing.
|
||||
// but let's check anyway in case there's a browser history or back button thing.
|
||||
// While you can access this page directly, enrolling a device when 2FA isn't enforced
|
||||
// won't cause any harm.
|
||||
|
||||
|
|
@ -521,45 +524,6 @@ class LoginController extends Controller
|
|||
return 'username';
|
||||
}
|
||||
|
||||
/**
|
||||
* Redirect the user after determining they are locked out.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return \Illuminate\Http\RedirectResponse
|
||||
*/
|
||||
protected function sendLockoutResponse(Request $request)
|
||||
{
|
||||
$seconds = $this->limiter()->availableIn(
|
||||
$this->throttleKey($request)
|
||||
);
|
||||
|
||||
$minutes = round($seconds / 60);
|
||||
|
||||
$message = trans('auth/message.throttle', ['minutes' => $minutes]);
|
||||
|
||||
return redirect()->back()
|
||||
->withInput($request->only($this->username(), 'remember'))
|
||||
->withErrors([$this->username() => $message]);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Override the lockout time and duration
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return bool
|
||||
*/
|
||||
protected function hasTooManyLoginAttempts(Request $request)
|
||||
{
|
||||
$lockoutTime = config('auth.passwords.users.throttle.lockout_duration');
|
||||
$maxLoginAttempts = config('auth.passwords.users.throttle.max_attempts');
|
||||
|
||||
return $this->limiter()->tooManyAttempts(
|
||||
$this->throttleKey($request),
|
||||
$maxLoginAttempts,
|
||||
$lockoutTime
|
||||
);
|
||||
}
|
||||
|
||||
public function legacyAuthRedirect()
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue