Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-31 15:14:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Working on password reset throttling

Browse Source
This commit is contained in:
= 2021-05-13 19:13:51 +10:00
parent 4251a57d87
commit daff65de01
5 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/Auth/ForgotPasswordController.php
View File

@ -106,7 +106,7 @@ class ForgotPasswordController extends Controller
{ {
MultiDB::userFindAndSetDb($request->input('email')); MultiDB::userFindAndSetDb($request->input('email'));
// $user = MultiDB::hasUser(['email' => $request->input('email')]); $user = MultiDB::hasUser(['email' => $request->input('email')]);
$this->validateEmail($request); $this->validateEmail($request);
@ -116,7 +116,7 @@ class ForgotPasswordController extends Controller
$response = $this->broker()->sendResetLink( $response = $this->broker()->sendResetLink(
$this->credentials($request) $this->credentials($request)
); );
nlog($response);
if ($request->ajax()) { if ($request->ajax()) {
return $response == Password::RESET_LINK_SENT return $response == Password::RESET_LINK_SENT
? response()->json(['message' => 'Reset link sent to your email.', 'status' => true], 201) ? response()->json(['message' => 'Reset link sent to your email.', 'status' => true], 201)

4
app/Http/Middleware/SetEmailDb.php
View File

@ -34,15 +34,13 @@ class SetEmailDb
if ($request->input('email') && config('ninja.db.multi_db_enabled')) { if ($request->input('email') && config('ninja.db.multi_db_enabled')) {
nlog("finding email = ". $request->input('email'));
if (! MultiDB::userFindAndSetDb($request->input('email'))) if (! MultiDB::userFindAndSetDb($request->input('email')))
return response()->json($error, 400); return response()->json($error, 400);
} }
// else {
// return response()->json($error, 403);
// }
return $next($request); return $next($request);
} }

11
app/Libraries/MultiDB.php
View File

@ -188,12 +188,15 @@ class MultiDB
//multi-db active //multi-db active
foreach (self::$dbs as $db) { foreach (self::$dbs as $db) {
if (User::on($db)->where(['email' => $email])->count() >= 1) if (User::on($db)->where('email', $email)->count() >= 1){
nlog("setting db {$db}");
self::setDb($db);
return true; return true;
}
}
self::setDefaultDatabase();
}
self::setDefaultDatabase();
return false; return false;
} }

1
resources/lang/en/passwords.php
View File

@ -18,5 +18,6 @@ return [
'sent' => 'We have e-mailed your password reset link!', 'sent' => 'We have e-mailed your password reset link!',
'token' => 'This password reset token is invalid.', 'token' => 'This password reset token is invalid.',
'user' => "We can't find a user with that e-mail address.", 'user' => "We can't find a user with that e-mail address.",
'throttled' => "You have requested password reset recently, please check your email.",
]; ];

2
routes/api.php
View File

@ -18,7 +18,7 @@ Route::group(['middleware' => ['api_secret_check']], function () {
Route::post('api/v1/oauth_login', 'Auth\LoginController@oauthApiLogin'); Route::post('api/v1/oauth_login', 'Auth\LoginController@oauthApiLogin');
}); });
Route::group(['middleware' => ['api_secret_check', 'email_db']], function () { Route::group(['middleware' => ['api_secret_check']], function () {
Route::post('api/v1/login', 'Auth\LoginController@apiLogin')->name('login.submit'); Route::post('api/v1/login', 'Auth\LoginController@apiLogin')->name('login.submit');
Route::post('api/v1/reset_password', 'Auth\ForgotPasswordController@sendResetLinkEmail'); Route::post('api/v1/reset_password', 'Auth\ForgotPasswordController@sendResetLinkEmail');
}); });