mirror of
https://github.com/CachetHQ/Cachet.git
synced 2025-01-17 13:38:20 +01:00
Fixed login throttling
This commit is contained in:
Graham Campbell
parent
22b0e105ee
commit
c1d53a7b42
@ -12,7 +12,6 @@
|
|||||||
namespace CachetHQ\Cachet\Http\Controllers;
|
namespace CachetHQ\Cachet\Http\Controllers;
|
||||||
|
|
||||||
use GrahamCampbell\Binput\Facades\Binput;
|
use GrahamCampbell\Binput\Facades\Binput;
|
||||||
use GrahamCampbell\Throttle\Facades\Throttle;
|
|
||||||
use Illuminate\Support\Facades\Auth;
|
use Illuminate\Support\Facades\Auth;
|
||||||
use Illuminate\Support\Facades\Redirect;
|
use Illuminate\Support\Facades\Redirect;
|
||||||
use Illuminate\Support\Facades\Request;
|
use Illuminate\Support\Facades\Request;
|
||||||
@ -63,8 +62,6 @@ class AuthController extends AbstractController
|
|||||||
return Redirect::intended('dashboard');
|
return Redirect::intended('dashboard');
|
||||||
}
|
}
|
||||||
|
|
||||||
Throttle::hit(Request::instance(), 10, 10);
|
|
||||||
|
|
||||||
return Redirect::back()
|
return Redirect::back()
|
||||||
->withInput(Binput::except('password'))
|
->withInput(Binput::except('password'))
|
||||||
->with('error', trans('forms.login.invalid'));
|
->with('error', trans('forms.login.invalid'));
|
||||||
|
|||||||
@ -35,16 +35,16 @@ class Kernel extends HttpKernel
|
|||||||
* @var array
|
* @var array
|
||||||
*/
|
*/
|
||||||
protected $routeMiddleware = [
|
protected $routeMiddleware = [
|
||||||
'auth' => 'CachetHQ\Cachet\Http\Middleware\Authenticate',
|
'auth' => 'CachetHQ\Cachet\Http\Middleware\Authenticate',
|
||||||
'auth.api' => 'CachetHQ\Cachet\Http\Middleware\ApiAuthenticate',
|
'auth.api' => 'CachetHQ\Cachet\Http\Middleware\ApiAuthenticate',
|
||||||
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
|
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
|
||||||
'guest' => 'CachetHQ\Cachet\Http\Middleware\RedirectIfAuthenticated',
|
'guest' => 'CachetHQ\Cachet\Http\Middleware\RedirectIfAuthenticated',
|
||||||
'csrf' => 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken',
|
'csrf' => 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken',
|
||||||
'admin' => 'CachetHQ\Cachet\Http\Middleware\Admin',
|
'admin' => 'CachetHQ\Cachet\Http\Middleware\Admin',
|
||||||
'login.throttling' => 'CachetHQ\Cachet\Http\Middleware\LoginThrottling',
|
'throttling' => 'GrahamCampbell\Throttle\Http\Middleware\ThrottleMiddleware',
|
||||||
'app.isSetup' => 'CachetHQ\Cachet\Http\Middleware\AppIsSetup',
|
'app.isSetup' => 'CachetHQ\Cachet\Http\Middleware\AppIsSetup',
|
||||||
'app.hasSetting' => 'CachetHQ\Cachet\Http\Middleware\HasSetting',
|
'app.hasSetting' => 'CachetHQ\Cachet\Http\Middleware\HasSetting',
|
||||||
'app.subscribers' => 'CachetHQ\Cachet\Http\Middleware\SubscribersConfigured',
|
'app.subscribers' => 'CachetHQ\Cachet\Http\Middleware\SubscribersConfigured',
|
||||||
'accept' => 'CachetHQ\Cachet\Http\Middleware\Acceptable',
|
'accept' => 'CachetHQ\Cachet\Http\Middleware\Acceptable',
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,44 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
/*
|
|
||||||
* This file is part of Cachet.
|
|
||||||
*
|
|
||||||
* (c) Alt Three Services Limited
|
|
||||||
*
|
|
||||||
* For the full copyright and license information, please view the LICENSE
|
|
||||||
* file that was distributed with this source code.
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace CachetHQ\Cachet\Http\Middleware;
|
|
||||||
|
|
||||||
use Closure;
|
|
||||||
use GrahamCampbell\Throttle\Facades\Throttle;
|
|
||||||
use Illuminate\Support\Facades\Redirect;
|
|
||||||
|
|
||||||
class LoginThrottling
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Run the login throttling middleware.
|
|
||||||
*
|
|
||||||
* We're verifying that the user is not attempting to brute force Cachet's
|
|
||||||
* login system. If the user has reached the rate limit, then we're sending
|
|
||||||
* them away, otherwise, we do nothing, and allow them to continue.
|
|
||||||
*
|
|
||||||
* Note that this filter is not responsible for incrementing the hit count.
|
|
||||||
* Another part of Cachet will increment the hit count for the given route
|
|
||||||
* only if validation passes, and the user did not successfully login.
|
|
||||||
*
|
|
||||||
* @param \Illuminate\Http\Request $request
|
|
||||||
* @param \Closure $next
|
|
||||||
*
|
|
||||||
* @return mixed
|
|
||||||
*/
|
|
||||||
public function handle($request, Closure $next)
|
|
||||||
{
|
|
||||||
if (!Throttle::check($request, 10, 10)) {
|
|
||||||
return Redirect::back()->with('error', 'You have made too many login requests.');
|
|
||||||
}
|
|
||||||
|
|
||||||
return $next($request);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -32,7 +32,7 @@ class AuthRoutes
|
|||||||
]);
|
]);
|
||||||
|
|
||||||
$router->post('login', [
|
$router->post('login', [
|
||||||
'middleware' => ['guest', 'csrf', 'login.throttling'],
|
'middleware' => ['guest', 'csrf', 'throttling:10,10'],
|
||||||
'as' => 'logout',
|
'as' => 'logout',
|
||||||
'uses' => 'AuthController@postLogin',
|
'uses' => 'AuthController@postLogin',
|
||||||
]);
|
]);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user