Working on password reset throttling

2025-05-24 02:14:21 -04:00 · 2021-05-13 19:13:51 +10:00 · 2021-05-13 19:13:51 +10:00 · daff65de01
commit daff65de01
parent 4251a57d87
5 changed files with 12 additions and 10 deletions
--- a/app/Http/Controllers/Auth/ForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ForgotPasswordController.php
@ -106,7 +106,7 @@ class ForgotPasswordController extends Controller
    {
        MultiDB::userFindAndSetDb($request->input('email'));
        
-        // $user = MultiDB::hasUser(['email' => $request->input('email')]);
+        $user = MultiDB::hasUser(['email' => $request->input('email')]);

        $this->validateEmail($request);

@ -116,7 +116,7 @@ class ForgotPasswordController extends Controller
        $response = $this->broker()->sendResetLink(
            $this->credentials($request)
        );
-
+nlog($response);
        if ($request->ajax()) {
            return $response == Password::RESET_LINK_SENT
                ? response()->json(['message' => 'Reset link sent to your email.', 'status' => true], 201)
--- a/app/Http/Middleware/SetEmailDb.php
+++ b/app/Http/Middleware/SetEmailDb.php
@ -34,15 +34,13 @@ class SetEmailDb

        if ($request->input('email') && config('ninja.db.multi_db_enabled')) {
            
+            nlog("finding email = ". $request->input('email'));

            if (! MultiDB::userFindAndSetDb($request->input('email'))) 
                return response()->json($error, 400);
            
            
        }
-        // else {
-        //     return response()->json($error, 403);
-        // }

        return $next($request);
    }
--- a/app/Libraries/MultiDB.php
+++ b/app/Libraries/MultiDB.php
@ -188,12 +188,15 @@ class MultiDB
        //multi-db active
        foreach (self::$dbs as $db) {
            
-            if (User::on($db)->where(['email' => $email])->count() >= 1) 
+            if (User::on($db)->where('email', $email)->count() >= 1){ 
+                nlog("setting db {$db}");
+                self::setDb($db);
                return true;
-            
-        }
-        self::setDefaultDatabase();
+            }

+        }
+
+        self::setDefaultDatabase();
        return false;
    }

--- a/resources/lang/en/passwords.php
+++ b/resources/lang/en/passwords.php
@ -18,5 +18,6 @@ return [
    'sent' => 'We have e-mailed your password reset link!',
    'token' => 'This password reset token is invalid.',
    'user' => "We can't find a user with that e-mail address.",
+    'throttled' => "You have requested password reset recently, please check your email.",

 ];
--- a/routes/api.php
+++ b/routes/api.php
@ -18,7 +18,7 @@ Route::group(['middleware' => ['api_secret_check']], function () {
    Route::post('api/v1/oauth_login', 'Auth\LoginController@oauthApiLogin');
 });

-Route::group(['middleware' => ['api_secret_check', 'email_db']], function () {
+Route::group(['middleware' => ['api_secret_check']], function () {
    Route::post('api/v1/login', 'Auth\LoginController@apiLogin')->name('login.submit');
    Route::post('api/v1/reset_password', 'Auth\ForgotPasswordController@sendResetLinkEmail');
 });