mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-08 09:06:29 +02:00
Code Issues Releases Wiki Activity

Use 'throttling' flag in 'Auth#forgotPassword' when limiting requests

Browse Source
This commit is contained in:
Marco
2020-05-06 22:36:45 +02:00
parent 0f976a260b
commit 157a7095b0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Auth.php
View File

@@ -1004,7 +1004,7 @@ final class Auth extends UserManager {
throw new ResetDisabledException(); throw new ResetDisabledException();
} }
$openRequests = (int) $this->getOpenPasswordResetRequests($userData['id']); $openRequests = $this->throttling ? (int) $this->getOpenPasswordResetRequests($userData['id']) : 0;
if ($openRequests < $maxOpenRequests) { if ($openRequests < $maxOpenRequests) {
$this->throttle([ 'requestPasswordReset', $this->getIpAddress() ], 4, (60 * 60 * 24 * 7), 2); $this->throttle([ 'requestPasswordReset', $this->getIpAddress() ], 4, (60 * 60 * 24 * 7), 2);