DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-12 16:44:08 -08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge pull request #10180 from snipe/fixes/add_rate_limiting_to_forgotten_password

Browse source 
Throttle password reset requests to 5 every 60 seconds
This commit is contained in:
snipe 2021-10-08 15:44:43 -07:00 committed by GitHub
parent 1c77fd0d09 0674ef5a3d
commit c4856c8aed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/Http/Controllers/Auth/ForgotPasswordController.php
View file

@ -29,6 +29,7 @@ class ForgotPasswordController extends Controller
public function __construct() public function __construct()
{ {
$this->middleware('guest'); $this->middleware('guest');
$this->middleware('throttle:1,1', ['except' => 'showLinkRequestForm']);
} }
/** /**
@ -71,7 +72,7 @@ class ForgotPasswordController extends Controller
* Once we have attempted to send the link, we will examine the response * Once we have attempted to send the link, we will examine the response
* then see the message we need to show to the user. Finally, we'll send out a proper response. * then see the message we need to show to the user. Finally, we'll send out a proper response.
*/ */
$response = null; $response = null;
try { try {