mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-04 07:07:25 +02:00
Code Issues Releases Wiki Activity

Enforce limits for resending confirmations solely via throttling

Browse Source
This commit is contained in:
Marco
2017-11-08 20:21:35 +01:00
parent 7a94c6acef
commit 0a97f67515
1 changed files with 2 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Auth.php
View File

@@ -828,7 +828,7 @@ final class Auth extends UserManager {
private function resendConfirmationForColumnValue($columnName, $columnValue, callable $callback) {
try {
$latestAttempt = $this->db->selectRow(
'SELECT user_id, email, expires FROM ' . $this->dbTablePrefix . 'users_confirmations WHERE ' . $columnName . ' = ? ORDER BY id DESC LIMIT 1 OFFSET 0',
'SELECT user_id, email FROM ' . $this->dbTablePrefix . 'users_confirmations WHERE ' . $columnName . ' = ? ORDER BY id DESC LIMIT 1 OFFSET 0',
[ $columnValue ]
);
}
@@ -840,14 +840,8 @@ final class Auth extends UserManager {
throw new ConfirmationRequestNotFound();
}
$retryAt = $latestAttempt['expires'] - 0.75 * self::CONFIRMATION_REQUESTS_TTL_IN_SECONDS;
if ($retryAt > \time()) {
throw new TooManyRequestsException('', $retryAt - \time());
}
$this->throttle([ 'resendConfirmation', $this->getIpAddress() ], 4, (60 * 60 * 24 * 7), 2);
$this->throttle([ 'resendConfirmation', 'user', $latestAttempt['user_id'] ], 4, (60 * 60 * 24 * 7), 2);
$this->throttle([ 'resendConfirmation', 'userId', $latestAttempt['user_id'] ], 1, (60 * 60 * 6));
$this->createConfirmationRequest(
$latestAttempt['user_id'],