Fixed TooManyLoginAttempts not work correctly (#1668)

This commit is contained in:
Oreo Oreoniv 2019-12-28 22:10:39 +03:00 committed by Dane Everitt
parent 88c5bb4f97
commit 741ae27f18
2 changed files with 19 additions and 11 deletions

View file

@ -20,8 +20,6 @@ class LoginController extends Controller
{
use AuthenticatesUsers;
const USER_INPUT_FIELD = 'user';
/**
* @var \Illuminate\Auth\AuthManager
*/
@ -64,14 +62,14 @@ class LoginController extends Controller
*
* @var int
*/
protected $lockoutTime;
protected $decayMinutes;
/**
* After how many attempts should logins be throttled and locked.
*
* @var int
*/
protected $maxLoginAttempts;
protected $maxAttempts;
/**
* LoginController constructor.
@ -98,8 +96,8 @@ class LoginController extends Controller
$this->google2FA = $google2FA;
$this->repository = $repository;
$this->lockoutTime = $this->config->get('auth.lockout.time');
$this->maxLoginAttempts = $this->config->get('auth.lockout.attempts');
$this->decayMinutes = $this->config->get('auth.lockout.time');
$this->maxAttempts = $this->config->get('auth.lockout.attempts');
}
/**
@ -112,7 +110,7 @@ class LoginController extends Controller
*/
public function login(Request $request)
{
$username = $request->input(self::USER_INPUT_FIELD);
$username = $request->input($this->username());
$useColumn = $this->getField($username);
if ($this->hasTooManyLoginAttempts($request)) {
@ -209,20 +207,30 @@ class LoginController extends Controller
{
$this->incrementLoginAttempts($request);
$this->fireFailedLoginEvent($user, [
$this->getField($request->input(self::USER_INPUT_FIELD)) => $request->input(self::USER_INPUT_FIELD),
$this->getField($request->input($this->username())) => $request->input($this->username()),
]);
$errors = [self::USER_INPUT_FIELD => trans('auth.failed')];
$errors = [$this->username() => trans('auth.failed')];
if ($request->expectsJson()) {
return response()->json($errors, 422);
}
return redirect()->route('auth.login')
->withInput($request->only(self::USER_INPUT_FIELD))
->withInput($request->only($this->username()))
->withErrors($errors);
}
/**
* Get the login username to be used by the controller.
*
* @return string
*/
public function username()
{
return 'user';
}
/**
* Determine if the user is logging in using an email or username,.
*

View file

@ -12,7 +12,7 @@ return [
|
*/
'lockout' => [
'time' => 120,
'time' => 2,
'attempts' => 3,
],