Fixed TooManyLoginAttempts not work correctly (#1668)

This commit is contained in:
Oreo Oreoniv 2019-12-28 22:10:39 +03:00 committed by Dane Everitt
parent 88c5bb4f97
commit 741ae27f18
2 changed files with 19 additions and 11 deletions

View file

@ -20,8 +20,6 @@ class LoginController extends Controller
{ {
use AuthenticatesUsers; use AuthenticatesUsers;
const USER_INPUT_FIELD = 'user';
/** /**
* @var \Illuminate\Auth\AuthManager * @var \Illuminate\Auth\AuthManager
*/ */
@ -64,14 +62,14 @@ class LoginController extends Controller
* *
* @var int * @var int
*/ */
protected $lockoutTime; protected $decayMinutes;
/** /**
* After how many attempts should logins be throttled and locked. * After how many attempts should logins be throttled and locked.
* *
* @var int * @var int
*/ */
protected $maxLoginAttempts; protected $maxAttempts;
/** /**
* LoginController constructor. * LoginController constructor.
@ -98,8 +96,8 @@ class LoginController extends Controller
$this->google2FA = $google2FA; $this->google2FA = $google2FA;
$this->repository = $repository; $this->repository = $repository;
$this->lockoutTime = $this->config->get('auth.lockout.time'); $this->decayMinutes = $this->config->get('auth.lockout.time');
$this->maxLoginAttempts = $this->config->get('auth.lockout.attempts'); $this->maxAttempts = $this->config->get('auth.lockout.attempts');
} }
/** /**
@ -112,7 +110,7 @@ class LoginController extends Controller
*/ */
public function login(Request $request) public function login(Request $request)
{ {
$username = $request->input(self::USER_INPUT_FIELD); $username = $request->input($this->username());
$useColumn = $this->getField($username); $useColumn = $this->getField($username);
if ($this->hasTooManyLoginAttempts($request)) { if ($this->hasTooManyLoginAttempts($request)) {
@ -209,20 +207,30 @@ class LoginController extends Controller
{ {
$this->incrementLoginAttempts($request); $this->incrementLoginAttempts($request);
$this->fireFailedLoginEvent($user, [ $this->fireFailedLoginEvent($user, [
$this->getField($request->input(self::USER_INPUT_FIELD)) => $request->input(self::USER_INPUT_FIELD), $this->getField($request->input($this->username())) => $request->input($this->username()),
]); ]);
$errors = [self::USER_INPUT_FIELD => trans('auth.failed')]; $errors = [$this->username() => trans('auth.failed')];
if ($request->expectsJson()) { if ($request->expectsJson()) {
return response()->json($errors, 422); return response()->json($errors, 422);
} }
return redirect()->route('auth.login') return redirect()->route('auth.login')
->withInput($request->only(self::USER_INPUT_FIELD)) ->withInput($request->only($this->username()))
->withErrors($errors); ->withErrors($errors);
} }
/**
* Get the login username to be used by the controller.
*
* @return string
*/
public function username()
{
return 'user';
}
/** /**
* Determine if the user is logging in using an email or username,. * Determine if the user is logging in using an email or username,.
* *

View file

@ -12,7 +12,7 @@ return [
| |
*/ */
'lockout' => [ 'lockout' => [
'time' => 120, 'time' => 2,
'attempts' => 3, 'attempts' => 3,
], ],