From 43fa612d6776092bbc99caa4185456e1387b77b6 Mon Sep 17 00:00:00 2001
From: Marco <marco1@live.de>
Date: Tue, 21 Feb 2017 08:55:10 +0100
Subject: [PATCH] Move method 'throttle' and its constants from 'Auth' to
 'UserManager'

---
 src/Auth.php        | 13 +------------
 src/UserManager.php | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/src/Auth.php b/src/Auth.php
index 5d4d75a..0a7490c 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -28,9 +28,6 @@ final class Auth extends UserManager {
 	const COOKIE_CONTENT_SEPARATOR = '~';
 	const COOKIE_NAME_REMEMBER = 'auth_remember';
 	const IP_ADDRESS_HASH_ALGORITHM = 'sha256';
-	const THROTTLE_ACTION_LOGIN = 'login';
-	const THROTTLE_ACTION_REGISTER = 'register';
-	const THROTTLE_ACTION_CONSUME_TOKEN = 'confirm_email';
 	const HTTP_STATUS_CODE_TOO_MANY_REQUESTS = 429;
 
 	/** @var boolean whether HTTPS (TLS/SSL) will be used (recommended) */
@@ -1279,15 +1276,7 @@ final class Auth extends UserManager {
 		return (int) (time() / $this->throttlingTimeBucketSize);
 	}
 
-	/**
-	 * Throttles the specified action for the user to protect against too many requests
-	 *
-	 * @param string $actionType one of the `THROTTLE_ACTION_*` constants
-	 * @param mixed|null $customSelector a custom selector to use for throttling (if any), otherwise the IP address will be used
-	 * @throws TooManyRequestsException if the number of allowed attempts/requests has been exceeded
-	 * @throws AuthError if an internal problem occurred (do *not* catch)
-	 */
-	private function throttle($actionType, $customSelector = null) {
+	protected function throttle($actionType, $customSelector = null) {
 		// if a custom selector has been provided (e.g. username, user ID or confirmation token)
 		if (isset($customSelector)) {
 			// use the provided selector for throttling
diff --git a/src/UserManager.php b/src/UserManager.php
index d174ef3..a2834d5 100644
--- a/src/UserManager.php
+++ b/src/UserManager.php
@@ -16,6 +16,10 @@ require_once __DIR__ . '/Exceptions.php';
 /** Abstract base class for components implementing user management */
 abstract class UserManager {
 
+	const THROTTLE_ACTION_LOGIN = 'login';
+	const THROTTLE_ACTION_REGISTER = 'register';
+	const THROTTLE_ACTION_CONSUME_TOKEN = 'confirm_email';
+
 	/** @var PdoDatabase the database connection to operate on */
 	protected $db;
 
@@ -39,4 +43,14 @@ abstract class UserManager {
 		}
 	}
 
+	/**
+	 * Throttles the specified action for the user to protect against too many requests
+	 *
+	 * @param string $actionType one of the constants from this class starting with `THROTTLE_ACTION_`
+	 * @param mixed|null $customSelector a custom selector to use for throttling (if any), otherwise the IP address will be used
+	 * @throws TooManyRequestsException if the number of allowed attempts/requests has been exceeded
+	 * @throws AuthError if an internal problem occurred (do *not* catch)
+	 */
+	abstract protected function throttle($actionType, $customSelector = null);
+
 }