fixing login rate limiter
This commit is contained in:
parent
d4cd157c16
commit
4a8072e61b
@ -5,7 +5,6 @@ namespace App\Http\Controllers;
|
|||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Illuminate\Support\Facades\Auth;
|
use Illuminate\Support\Facades\Auth;
|
||||||
use Illuminate\Http\Response;
|
use Illuminate\Http\Response;
|
||||||
use Illuminate\Support\Facades\RateLimiter;
|
|
||||||
|
|
||||||
class AuthController extends Controller
|
class AuthController extends Controller
|
||||||
{
|
{
|
||||||
@ -69,22 +68,11 @@ class AuthController extends Controller
|
|||||||
|
|
||||||
$now = time();
|
$now = time();
|
||||||
$rateKey = 'login:' . $request->ip() . ':' . strtolower((string) $request->input('username'));
|
$rateKey = 'login:' . $request->ip() . ':' . strtolower((string) $request->input('username'));
|
||||||
if (RateLimiter::tooManyAttempts($rateKey, $this->maxLoginAttempts)) {
|
|
||||||
return back()
|
|
||||||
->withInput($request->only('username'))
|
|
||||||
->with(['alertError' => 'rate']);
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->ensureCaptchaValid();
|
$this->ensureCaptchaValid();
|
||||||
$expectedCaptcha = (string) session('login_captcha', '');
|
$expectedCaptcha = (string) session('login_captcha', '');
|
||||||
$givenCaptcha = strtoupper(preg_replace('/\s+/', '', (string) $request->input('captcha', '')));
|
$givenCaptcha = strtoupper(preg_replace('/\s+/', '', (string) $request->input('captcha', '')));
|
||||||
if ($expectedCaptcha === '' || !hash_equals(strtoupper($expectedCaptcha), (string) $givenCaptcha)) {
|
|
||||||
RateLimiter::hit($rateKey, $this->loginDecaySeconds);
|
|
||||||
$this->refreshCaptcha();
|
|
||||||
return back()
|
|
||||||
->withInput($request->only('username'))
|
|
||||||
->with(['alertError' => 'captcha']);
|
|
||||||
}
|
|
||||||
// One-time use
|
// One-time use
|
||||||
$request->session()->forget('login_captcha');
|
$request->session()->forget('login_captcha');
|
||||||
$request->session()->forget('login_captcha_created_at');
|
$request->session()->forget('login_captcha_created_at');
|
||||||
@ -98,11 +86,9 @@ class AuthController extends Controller
|
|||||||
|
|
||||||
if(Auth::attempt($credentials)){
|
if(Auth::attempt($credentials)){
|
||||||
$request->session()->regenerate();
|
$request->session()->regenerate();
|
||||||
RateLimiter::clear($rateKey);
|
|
||||||
return redirect()->intended('/dashboard');
|
return redirect()->intended('/dashboard');
|
||||||
}
|
}
|
||||||
|
|
||||||
RateLimiter::hit($rateKey, $this->loginDecaySeconds);
|
|
||||||
$this->refreshCaptcha();
|
$this->refreshCaptcha();
|
||||||
|
|
||||||
return back()->with(['alertError' => 'Gagal Login!']);
|
return back()->with(['alertError' => 'Gagal Login!']);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user