mirror of
				https://github.com/delight-im/PHP-Auth.git
				synced 2025-10-24 20:36:06 +02:00 
			
		
		
		
	Refactor announcement of exceeded request limit to the client
This commit is contained in:
		
							
								
								
									
										30
									
								
								src/Auth.php
									
									
									
									
									
								
							
							
						
						
									
										30
									
								
								src/Auth.php
									
									
									
									
									
								
							| @@ -25,7 +25,7 @@ class Auth { | ||||
| 	const THROTTLE_ACTION_LOGIN = 'login'; | ||||
| 	const THROTTLE_ACTION_REGISTER = 'register'; | ||||
| 	const THROTTLE_ACTION_CONFIRM_EMAIL = 'confirm_email'; | ||||
| 	const THROTTLE_HTTP_RESPONSE_CODE = 429; | ||||
| 	const HTTP_STATUS_CODE_TOO_MANY_REQUESTS = 429; | ||||
|  | ||||
| 	/** @var \PDO the database connection that will be used */ | ||||
| 	private $db; | ||||
| @@ -817,17 +817,33 @@ class Auth { | ||||
| 			if ($attempts !== false) { | ||||
| 				// if the number of attempts has acceeded our accepted limit | ||||
| 				if ($attempts > $this->throttlingActionsPerTimeBucket) { | ||||
| 					// send a HTTP status code that indicates active throttling | ||||
| 					http_response_code(self::THROTTLE_HTTP_RESPONSE_CODE); | ||||
| 					// tell the client when they should try again | ||||
| 					@header('Retry-After: '.$this->throttlingTimeBucketSize); | ||||
| 					// throw an exception | ||||
| 					throw new TooManyRequestsException(); | ||||
| 					self::onTooManyRequests($this->throttlingTimeBucketSize); | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	/** | ||||
| 	 * Called when there have been too many requests for some action or object | ||||
| 	 * | ||||
| 	 * @param int|null $retryAfterInterval the optional interval after which the client should retry (in seconds) | ||||
| 	 * @throws TooManyRequestsException to inform any calling method about this problem | ||||
| 	 */ | ||||
| 	private static function onTooManyRequests($retryAfterInterval = null) { | ||||
| 		// if no interval has been provided after which the client should retry | ||||
| 		if ($retryAfterInterval === null) { | ||||
| 			// use one day as the default | ||||
| 			$retryAfterInterval = 60 * 60 * 24; | ||||
| 		} | ||||
|  | ||||
| 		// send an appropriate HTTP status code | ||||
| 		http_response_code(self::HTTP_STATUS_CODE_TOO_MANY_REQUESTS); | ||||
| 		// tell the client when they should try again | ||||
| 		@header('Retry-After: '.$retryAfterInterval); | ||||
| 		// throw an exception | ||||
| 		throw new TooManyRequestsException(); | ||||
| 	} | ||||
|  | ||||
| 	/** | ||||
| 	 * Customizes the throttling options | ||||
| 	 * | ||||
|   | ||||
		Reference in New Issue
	
	Block a user