mirror_php/Cachet
1
0
Fork 0
mirror of https://github.com/CachetHQ/Cachet.git synced 2025-01-17 13:38:20 +01:00
Code Issues Projects Releases Wiki Activity

Fixed login throttling

Browse Source
This commit is contained in:
Graham Campbell 2015-08-03 13:37:16 +01:00
parent 22b0e105ee
commit c1d53a7b42
4 changed files with 12 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Controllers/AuthController.php
View File

@ -12,7 +12,6 @@
namespace CachetHQ\Cachet\Http\Controllers;
use GrahamCampbell\Binput\Facades\Binput;
use GrahamCampbell\Throttle\Facades\Throttle;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\Request;
@ -63,8 +62,6 @@ class AuthController extends AbstractController
return Redirect::intended('dashboard');
}
Throttle::hit(Request::instance(), 10, 10);
return Redirect::back()
->withInput(Binput::except('password'))
->with('error', trans('forms.login.invalid'));

22
app/Http/Kernel.php
View File

@ -35,16 +35,16 @@ class Kernel extends HttpKernel
* @var array
*/
protected $routeMiddleware = [
'auth' => 'CachetHQ\Cachet\Http\Middleware\Authenticate',
'auth.api' => 'CachetHQ\Cachet\Http\Middleware\ApiAuthenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'guest' => 'CachetHQ\Cachet\Http\Middleware\RedirectIfAuthenticated',
'csrf' => 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken',
'admin' => 'CachetHQ\Cachet\Http\Middleware\Admin',
'login.throttling' => 'CachetHQ\Cachet\Http\Middleware\LoginThrottling',
'app.isSetup' => 'CachetHQ\Cachet\Http\Middleware\AppIsSetup',
'app.hasSetting' => 'CachetHQ\Cachet\Http\Middleware\HasSetting',
'app.subscribers' => 'CachetHQ\Cachet\Http\Middleware\SubscribersConfigured',
'accept' => 'CachetHQ\Cachet\Http\Middleware\Acceptable',
'auth' => 'CachetHQ\Cachet\Http\Middleware\Authenticate',
'auth.api' => 'CachetHQ\Cachet\Http\Middleware\ApiAuthenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'guest' => 'CachetHQ\Cachet\Http\Middleware\RedirectIfAuthenticated',
'csrf' => 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken',
'admin' => 'CachetHQ\Cachet\Http\Middleware\Admin',
'throttling' => 'GrahamCampbell\Throttle\Http\Middleware\ThrottleMiddleware',
'app.isSetup' => 'CachetHQ\Cachet\Http\Middleware\AppIsSetup',
'app.hasSetting' => 'CachetHQ\Cachet\Http\Middleware\HasSetting',
'app.subscribers' => 'CachetHQ\Cachet\Http\Middleware\SubscribersConfigured',
'accept' => 'CachetHQ\Cachet\Http\Middleware\Acceptable',
];
}

44
app/Http/Middleware/LoginThrottling.php
View File

@ -1,44 +0,0 @@
<?php
/*
* This file is part of Cachet.
*
* (c) Alt Three Services Limited
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace CachetHQ\Cachet\Http\Middleware;
use Closure;
use GrahamCampbell\Throttle\Facades\Throttle;
use Illuminate\Support\Facades\Redirect;
class LoginThrottling
{
/**
* Run the login throttling middleware.
*
* We're verifying that the user is not attempting to brute force Cachet's
* login system. If the user has reached the rate limit, then we're sending
* them away, otherwise, we do nothing, and allow them to continue.
*
* Note that this filter is not responsible for incrementing the hit count.
* Another part of Cachet will increment the hit count for the given route
* only if validation passes, and the user did not successfully login.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!Throttle::check($request, 10, 10)) {
return Redirect::back()->with('error', 'You have made too many login requests.');
}
return $next($request);
}
}

2
app/Http/Routes/AuthRoutes.php
View File

@ -32,7 +32,7 @@ class AuthRoutes
]);
$router->post('login', [
'middleware' => ['guest', 'csrf', 'login.throttling'],
'middleware' => ['guest', 'csrf', 'throttling:10,10'],
'as' => 'logout',
'uses' => 'AuthController@postLogin',
]);