From 4a8072e61b743313965611b0f427fd0105832021 Mon Sep 17 00:00:00 2001 From: JokoPrasetio Date: Tue, 12 May 2026 15:02:13 +0700 Subject: [PATCH] fixing login rate limiter --- app/Http/Controllers/AuthController.php | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php index 6546825..81338fc 100644 --- a/app/Http/Controllers/AuthController.php +++ b/app/Http/Controllers/AuthController.php @@ -5,7 +5,6 @@ namespace App\Http\Controllers; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Http\Response; -use Illuminate\Support\Facades\RateLimiter; class AuthController extends Controller { @@ -69,22 +68,11 @@ class AuthController extends Controller $now = time(); $rateKey = 'login:' . $request->ip() . ':' . strtolower((string) $request->input('username')); - if (RateLimiter::tooManyAttempts($rateKey, $this->maxLoginAttempts)) { - return back() - ->withInput($request->only('username')) - ->with(['alertError' => 'rate']); - } + $this->ensureCaptchaValid(); $expectedCaptcha = (string) session('login_captcha', ''); $givenCaptcha = strtoupper(preg_replace('/\s+/', '', (string) $request->input('captcha', ''))); - if ($expectedCaptcha === '' || !hash_equals(strtoupper($expectedCaptcha), (string) $givenCaptcha)) { - RateLimiter::hit($rateKey, $this->loginDecaySeconds); - $this->refreshCaptcha(); - return back() - ->withInput($request->only('username')) - ->with(['alertError' => 'captcha']); - } // One-time use $request->session()->forget('login_captcha'); $request->session()->forget('login_captcha_created_at'); @@ -98,11 +86,9 @@ class AuthController extends Controller if(Auth::attempt($credentials)){ $request->session()->regenerate(); - RateLimiter::clear($rateKey); return redirect()->intended('/dashboard'); } - RateLimiter::hit($rateKey, $this->loginDecaySeconds); $this->refreshCaptcha(); return back()->with(['alertError' => 'Gagal Login!']);