mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-02 06:10:14 +02:00
Code Issues Releases Wiki Activity

Move method 'throttle' and its constants from 'Auth' to 'UserManager'

Browse Source
This commit is contained in:
Marco
2017-02-21 08:55:10 +01:00
parent 0b0258f29a
commit 43fa612d67
2 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Auth.php
View File

@@ -28,9 +28,6 @@ final class Auth extends UserManager {
const COOKIE_CONTENT_SEPARATOR = '~'; const COOKIE_CONTENT_SEPARATOR = '~';
const COOKIE_NAME_REMEMBER = 'auth_remember'; const COOKIE_NAME_REMEMBER = 'auth_remember';
const IP_ADDRESS_HASH_ALGORITHM = 'sha256'; const IP_ADDRESS_HASH_ALGORITHM = 'sha256';
const THROTTLE_ACTION_LOGIN = 'login';
const THROTTLE_ACTION_REGISTER = 'register';
const THROTTLE_ACTION_CONSUME_TOKEN = 'confirm_email';
const HTTP_STATUS_CODE_TOO_MANY_REQUESTS = 429; const HTTP_STATUS_CODE_TOO_MANY_REQUESTS = 429;
/** @var boolean whether HTTPS (TLS/SSL) will be used (recommended) */ /** @var boolean whether HTTPS (TLS/SSL) will be used (recommended) */
@@ -1279,15 +1276,7 @@ final class Auth extends UserManager {
return (int) (time() / $this->throttlingTimeBucketSize); return (int) (time() / $this->throttlingTimeBucketSize);
} }
/** protected function throttle($actionType, $customSelector = null) {
* Throttles the specified action for the user to protect against too many requests
*
* @param string $actionType one of the `THROTTLE_ACTION_*` constants
* @param mixed|null $customSelector a custom selector to use for throttling (if any), otherwise the IP address will be used
* @throws TooManyRequestsException if the number of allowed attempts/requests has been exceeded
* @throws AuthError if an internal problem occurred (do *not* catch)
*/
private function throttle($actionType, $customSelector = null) {
// if a custom selector has been provided (e.g. username, user ID or confirmation token) // if a custom selector has been provided (e.g. username, user ID or confirmation token)
if (isset($customSelector)) { if (isset($customSelector)) {
// use the provided selector for throttling // use the provided selector for throttling

14
src/UserManager.php
View File

@@ -16,6 +16,10 @@ require_once __DIR__ . '/Exceptions.php';
/** Abstract base class for components implementing user management */ /** Abstract base class for components implementing user management */
abstract class UserManager { abstract class UserManager {
const THROTTLE_ACTION_LOGIN = 'login';
const THROTTLE_ACTION_REGISTER = 'register';
const THROTTLE_ACTION_CONSUME_TOKEN = 'confirm_email';
/** @var PdoDatabase the database connection to operate on */ /** @var PdoDatabase the database connection to operate on */
protected $db; protected $db;
@@ -39,4 +43,14 @@ abstract class UserManager {
} }
} }
/**
* Throttles the specified action for the user to protect against too many requests
*
* @param string $actionType one of the constants from this class starting with `THROTTLE_ACTION_`
* @param mixed|null $customSelector a custom selector to use for throttling (if any), otherwise the IP address will be used
* @throws TooManyRequestsException if the number of allowed attempts/requests has been exceeded
* @throws AuthError if an internal problem occurred (do *not* catch)
*/
abstract protected function throttle($actionType, $customSelector = null);
} }