DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-09 23:24:06 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Simplify password attempts rate limiting

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2022-06-22 09:11:24 -07:00
parent 18778d3723
commit a7dc6162fa
4 changed files with 19 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.env.example
View file

@ -152,7 +152,7 @@ LOGIN_LOCKOUT_DURATION=60
# --------------------------------------------
RESET_PASSWORD_LINK_EXPIRES=15
PASSWORD_CONFIRM_TIMEOUT=10800
PASSWORD_RESET_MAX_ATTEMPTS_PER_MIN=30
PASSWORD_RESET_MAX_ATTEMPTS_PER_MIN=50
# --------------------------------------------
# OPTIONAL: MISC

12
app/Providers/RouteServiceProvider.php
View file

@ -75,12 +75,22 @@ class RouteServiceProvider extends ServiceProvider
/**
* Configure the rate limiters for the application.
*
* https://laravel.com/docs/8.x/routing#rate-limiting
*
* @return void
*/
protected function configureRateLimiting()
{
// Rate limiter for API calls
RateLimiter::for('api', function (Request $request) {
return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip());
return Limit::perMinute(config('app.api_throttle_per_minute'))->by(optional($request->user())->id ?: $request->ip());
});
// Rate limiter for forgotten password requests
RateLimiter::for('forgotten_password', function (Request $request) {
return Limit::perMinute(config('auth.password_reset.max_attempts_per_min'))->by(optional($request->user())->id ?: $request->ip());
});
}
}

7
config/auth.php
View file

@ -114,10 +114,7 @@ return [
|
*/
'password_reset' => [
'throttle' => [
'max_attempts' => env('PASSWORD_MAX_ATTEMPTS', 30),
'lockout_duration' => env('PASSWORD_LOCKOUT_DURATION', 60),
],
'max_attempts_per_min' => env('PASSWORD_RESET_MAX_ATTEMPTS_PER_MIN', 50),
],
@ -133,6 +130,6 @@ return [
|
*/
'password_timeout' => 10800,
'password_timeout' => env('PASSWORD_CONFIRM_TIMEOUT', 10800),
];

10
routes/web.php
View file

@ -426,25 +426,25 @@ Route::group(['middleware' => 'web'], function () {
Route::post(
'two-factor',
[LoginController::class, 'postTwoFactorAuth']
)->middleware('throttle:'.config('auth.password_reset.throttle.max_attempts').','.config('auth.password_reset.throttle.lockout_duration'));
);
Route::post(
'password/email',
[ForgotPasswordController::class, 'sendResetLinkEmail']
)->name('password.email')->middleware('throttle:'.config('auth.password_reset.throttle.max_attempts').','.config('auth.password_reset.throttle.lockout_duration'));
)->name('password.email')->middleware('throttle:forgotten_password');
Route::get(
'password/reset',
[ForgotPasswordController::class, 'showLinkRequestForm']
)->name('password.request')->middleware('throttle:'.config('auth.password_reset.throttle.max_attempts').','.config('auth.password_reset.throttle.lockout_duration'));
)->name('password.request')->middleware('throttle:forgotten_password');
Route::post(
'password/reset',
[ResetPasswordController::class, 'reset']
)->name('password.update')->middleware('throttle:'.config('auth.password_reset.throttle.max_attempts').','.config('auth.password_reset.throttle.lockout_duration'));
)->name('password.update')->middleware('throttle:forgotten_password');
Route::get(
'password/reset/{token}',
@ -455,7 +455,7 @@ Route::group(['middleware' => 'web'], function () {
Route::post(
'password/email',
[ForgotPasswordController::class, 'sendResetLinkEmail']
)->name('password.email')->middleware('throttle:'.config('auth.password_reset.throttle.max_attempts').','.config('auth.password_reset.throttle.lockout_duration'));
)->name('password.email')->middleware('throttle:forgotten_password');