Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Apply failed login check to API and reset on login

Browse Source
This commit is contained in:
Hillel Coren 2017-10-22 23:11:50 +03:00
parent afeb98856f
commit de31d77235
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Controllers/AccountApiController.php
View File

@ -6,6 +6,7 @@ use App\Events\UserSignedUp;
use App\Http\Requests\RegisterRequest; use App\Http\Requests\RegisterRequest;
use App\Http\Requests\UpdateAccountRequest; use App\Http\Requests\UpdateAccountRequest;
use App\Models\Account; use App\Models\Account;
use App\Models\User;
use App\Ninja\OAuth\OAuth; use App\Ninja\OAuth\OAuth;
use App\Ninja\Repositories\AccountRepository; use App\Ninja\Repositories\AccountRepository;
use App\Ninja\Transformers\AccountTransformer; use App\Ninja\Transformers\AccountTransformer;
@ -54,11 +55,25 @@ class AccountApiController extends BaseAPIController
public function login(Request $request) public function login(Request $request)
{ {
$user = User::where('email', '=', $request->email)->first();
if ($user && $user->failed_logins >= MAX_FAILED_LOGINS) {
sleep(ERROR_DELAY);
return $this->errorResponse(['message' => 'Invalid credentials'], 401);
}
if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) { if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
if ($user && $user->failed_logins > 0) {
$user->failed_logins = 0;
$user->save();
}
return $this->processLogin($request); return $this->processLogin($request);
} else { } else {
if ($user) {
$user->failed_logins = $user->failed_logins + 1;
$user->save();
}
sleep(ERROR_DELAY); sleep(ERROR_DELAY);
return $this->errorResponse(['message' => 'Invalid credentials'], 401); return $this->errorResponse(['message' => 'Invalid credentials'], 401);
} }
} }

5
app/Http/Controllers/Auth/AuthController.php
View File

@ -158,6 +158,11 @@ class AuthController extends Controller
$response = self::postLogin($request); $response = self::postLogin($request);
if (Auth::check()) { if (Auth::check()) {
if ($user && $user->failed_logins > 0) {
$user->failed_logins = 0;
$user->save();
}
Event::fire(new UserLoggedIn()); Event::fire(new UserLoggedIn());
/* /*