From daff65de012940c1751eb17b5dfe331664325840 Mon Sep 17 00:00:00 2001 From: = Date: Thu, 13 May 2021 19:13:51 +1000 Subject: [PATCH] Working on password reset throttling --- .../Controllers/Auth/ForgotPasswordController.php | 4 ++-- app/Http/Middleware/SetEmailDb.php | 4 +--- app/Libraries/MultiDB.php | 11 +++++++---- resources/lang/en/passwords.php | 1 + routes/api.php | 2 +- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php index 10036a77bda7..f8dd1d2d8f27 100644 --- a/app/Http/Controllers/Auth/ForgotPasswordController.php +++ b/app/Http/Controllers/Auth/ForgotPasswordController.php @@ -106,7 +106,7 @@ class ForgotPasswordController extends Controller { MultiDB::userFindAndSetDb($request->input('email')); - // $user = MultiDB::hasUser(['email' => $request->input('email')]); + $user = MultiDB::hasUser(['email' => $request->input('email')]); $this->validateEmail($request); @@ -116,7 +116,7 @@ class ForgotPasswordController extends Controller $response = $this->broker()->sendResetLink( $this->credentials($request) ); - +nlog($response); if ($request->ajax()) { return $response == Password::RESET_LINK_SENT ? response()->json(['message' => 'Reset link sent to your email.', 'status' => true], 201) diff --git a/app/Http/Middleware/SetEmailDb.php b/app/Http/Middleware/SetEmailDb.php index 8a977d0f30a8..6d50923bd05b 100644 --- a/app/Http/Middleware/SetEmailDb.php +++ b/app/Http/Middleware/SetEmailDb.php @@ -34,15 +34,13 @@ class SetEmailDb if ($request->input('email') && config('ninja.db.multi_db_enabled')) { + nlog("finding email = ". $request->input('email')); if (! MultiDB::userFindAndSetDb($request->input('email'))) return response()->json($error, 400); } - // else { - // return response()->json($error, 403); - // } return $next($request); } diff --git a/app/Libraries/MultiDB.php b/app/Libraries/MultiDB.php index 27673891e09f..d2ff11741f96 100644 --- a/app/Libraries/MultiDB.php +++ b/app/Libraries/MultiDB.php @@ -188,12 +188,15 @@ class MultiDB //multi-db active foreach (self::$dbs as $db) { - if (User::on($db)->where(['email' => $email])->count() >= 1) + if (User::on($db)->where('email', $email)->count() >= 1){ + nlog("setting db {$db}"); + self::setDb($db); return true; - - } - self::setDefaultDatabase(); + } + } + + self::setDefaultDatabase(); return false; } diff --git a/resources/lang/en/passwords.php b/resources/lang/en/passwords.php index e5544d201665..114cc03b88d0 100644 --- a/resources/lang/en/passwords.php +++ b/resources/lang/en/passwords.php @@ -18,5 +18,6 @@ return [ 'sent' => 'We have e-mailed your password reset link!', 'token' => 'This password reset token is invalid.', 'user' => "We can't find a user with that e-mail address.", + 'throttled' => "You have requested password reset recently, please check your email.", ]; diff --git a/routes/api.php b/routes/api.php index b46bd12f0d2e..835ede2f1f15 100644 --- a/routes/api.php +++ b/routes/api.php @@ -18,7 +18,7 @@ Route::group(['middleware' => ['api_secret_check']], function () { Route::post('api/v1/oauth_login', 'Auth\LoginController@oauthApiLogin'); }); -Route::group(['middleware' => ['api_secret_check', 'email_db']], function () { +Route::group(['middleware' => ['api_secret_check']], function () { Route::post('api/v1/login', 'Auth\LoginController@apiLogin')->name('login.submit'); Route::post('api/v1/reset_password', 'Auth\ForgotPasswordController@sendResetLinkEmail'); });