/** * Run the login throttling middleware. * * We're verifying that the user is not attempting to brute force Cachet's * login system. If the user has reached the rate limit, then we're sending * them away, otherwise, we do nothing, and allow them to continue. * * Note that this filter is not responsible for incrementing the hit count. * Another part of Cachet will increment the hit count for the given route * only if validation passes, and the user did not successfully login. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle($request, Closure $next) { if (!Throttle::check($request, 10, 10)) { return Redirect::back()->with('error', 'You have made too many login requests.'); } return $next($request); }
/** * Show the application login form. * * @return \Illuminate\Http\Response */ public function getLogin() { //dd("loaded"); // get the current request object //Throttle::clear(); $request = Request::getFacadeRoot(); //dd($request); // throttler object for that request, X, Y // X = tries, Y = minutes $throttler = Throttle::get($request, Config::get('kagi.throttle', '3'), Config::get('kagi.time_out', '2')); //dd($throttler); /* // check if we've gone over the limit var_dump($throttler->check()); // implement Countable var_dump($throttler->count()); // the attempt function will hit the throttle, then return check var_dump(Throttle::attempt($request)); */ // Check throttle, return with error if (!Throttle::attempt($request, 5)) { Flash::error(trans('kotoba::auth.error.not_approved')); } return Theme::View('modules.kagi.auth.login'); }
public function login(Request $request) { $data = $request->only('username', 'password'); $gcm_token = $request->get('gcm_token'); $throttler = Throttle::get($request, 5, 1); if (!$throttler->check()) { $response = Response(['error' => 'too many wrong requests']); $response->setStatusCode('420', "Enhance Your Calm"); return $response; } try { if (!($token = JWTAuth::attempt($data))) { // Invalid authentication, hit the throttler $throttler->hit(); return response()->json(['error' => true, 'message' => 'invalid_credentials'], 401); } // We have a google token, so let's set it if (null != $gcm_token) { $user = JWTAuth::toUser($token); $user->setGCMToken($gcm_token); $user->save(); } } catch (JWTException $e) { $throttler->hit(); return response()->json(['error' => true, 'message' => 'couldnt_create_token'], 401); } return response()->json(compact('token')); }
/** * Logs the user in. * * @return \Illuminate\Http\RedirectResponse */ public function postLogin() { if (Auth::attempt(Binput::only(['email', 'password']))) { return Redirect::intended('dashboard'); } Throttle::hit(Request::instance(), 10, 10); return Redirect::back()->withInput(Binput::except('password'))->with('error', 'Invalid email or password'); }
private function isThrottled() { if (!($config = $this->config['throttle'])) { return false; } $throttle = explode(':', $config); return !Throttle::attempt(['ip' => gethostname(), 'route' => $this->config['class'] . $this->worker], $throttle[0], $throttle[1]); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @throws \Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException * * @return mixed */ public function handle($request, Closure $next) { $limit = 10; // request limit $time = 30; // ban time if (!Throttle::attempt($request, $limit, $time)) { throw new TooManyRequestsHttpException($time * 60, 'Rate limit exceed.'); } return $next($request); }
/** * @param Request $request * @return mixed */ public function postLogin(Request $request) { $validator = Validator::make($request->all(), ['email' => 'required|email', 'password' => 'required']); //檢查登入冷卻,防止惡意登入 $throttle = Throttle::get($request, 5, 10); //密碼錯誤三次後,追加reCaptcha $validator->sometimes('g-recaptcha-response', 'required', function ($input) use($throttle) { return $throttle->count() >= 3; }); if ($validator->fails()) { return Redirect::route('user.login')->withErrors($validator)->withInput(); } else { //檢查登入次數 if (!$throttle->check()) { return Redirect::route('user.login')->with('warning', '嘗試登入過於頻繁,請等待10分鐘。')->with('delay', 10 * 60)->withInput(); } //上線環境再檢查 if (App::environment('production') && !empty(env('reCAPTCHA_Site_key'))) { //密碼錯誤三次後,追加檢查reCaptcha if ($throttle->count() >= 3) { $result = ReCaptchaHelper::tryPassGoogleReCAPTCHA($request); if (!(is_bool($result->success) && $result->success)) { LogHelper::info('[reCAPTCHA Failed]', $result); return Redirect::route('user.login')->with('warning', '沒有通過 reCAPTCHA 驗證,請再試一次。')->withInput(); } } } //增加次數 $throttle->hit(); $remember = $request->has('remember') ? true : false; $auth = Auth::attempt(['email' => $request->get('email'), 'password' => $request->get('password')], $remember); if ($auth) { $user = Auth::user(); //更新資料 $user->lastlogin_ip = $request->getClientIp(); $user->lastlogin_at = Carbon::now()->toDateTimeString(); $user->save(); //移除重新設定密碼的驗證碼 DB::table('password_resets')->where('email', '=', $user->email)->delete(); //記錄 LogHelper::info('[LoginSucceeded] 登入成功:' . $request->get('email'), ['email' => $request->get('email'), 'ip' => $request->getClientIp()]); //重導向至登入前頁面 if (Session::has('previous-url')) { return Redirect::to(Session::get('previous-url'))->with('global', '已順利登入'); } else { return Redirect::intended('/')->with('global', '已順利登入'); } } else { //紀錄 LogHelper::info('[LoginFailed] 登入失敗:' . $request->get('email'), ['email' => $request->get('email'), 'ip' => $request->getClientIp()]); return Redirect::route('user.login')->with('warning', '帳號或密碼錯誤'); } } }
/** * Logs the user in. * * @return \Illuminate\Http\RedirectResponse */ public function postLogin() { $loginData = Binput::only(['email', 'password']); // Validate login credentials. if (Auth::validate($loginData)) { // Log the user in for one request. Auth::once($loginData); // Do we have Two Factor Auth enabled? if (Auth::user()->hasTwoFactor) { // Temporarily store the user. Session::put('2fa_id', Auth::user()->id); return Redirect::route('two-factor'); } // We probably want to add support for "Remember me" here. Auth::attempt(Binput::only(['email', 'password'])); return Redirect::intended('dashboard'); } Throttle::hit(Request::instance(), 10, 10); return Redirect::back()->withInput(Binput::except('password'))->with('error', trans('forms.login.invalid')); }
<?php /* * This file is part of Bootstrap CMS. * * (c) Graham Campbell <*****@*****.**> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ use GrahamCampbell\Throttle\Facades\Throttle; use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException; /* |-------------------------------------------------------------------------- | Throttling Filters |-------------------------------------------------------------------------- | | This is where we check the user is not spamming our system by limiting | certain types of actions with a throttler. | */ $router->filter('throttle.comment', function ($route, $request) { // check if we've reached the rate limit, but don't hit the throttle yet // we can hit the throttle later on in the if validation passes if (!Throttle::check($request, 10, 1)) { throw new TooManyRequestsHttpException(60, 'Rate limit exceed.'); } });
/** * Run the login throttling filter. * * We're verifying that the user is not attempting to brute force Cachet's * login system. If the user has reached the rate limit, then we're sending * them away, otherwise, we do nothing, and allow them to continue. * * Note that this filter is not responsible for incrementing the hit count. * Another part of Cachet will increment the hit count for the given route * only if validation passes, and the user did not successfully login. * * @param \Illuminate\Routing\Route $route * @param \Illuminate\Http\Request $request * * @return \Illuminate\Http\Response|null */ public function filter(Route $route, Request $request) { if (!Throttle::check($request, 10, 10)) { return Redirect::back()->with('error', 'You have made too many login requests.'); } }
/** * Check if the called function is throttled. * * @param [type] $conn [description] * @param [type] $setting [description] * * @return bool [description] */ private function isThrottled($conn, $setting) { $connectionThrottle = explode(':', config(sprintf('ratchet.throttle.%s', $setting))); return !Throttle::attempt(['ip' => $conn->remoteAddress, 'route' => $setting], $connectionThrottle[0], $connectionThrottle[1]); }
$router->filter('throttle.activate', function ($route, $request) { // check if we've reached the rate limit, and hit the throttle // no validation is required, we should always hit the throttle if (!Throttle::attempt($request, 10, 10)) { return Redirect::route('account.login')->withInput()->with('error', 'You have made too many activation requests. Please try again in 10 minutes.'); } }); $router->filter('throttle.resend', function ($route, $request) { // check if we've reached the rate limit, but don't hit the throttle yet // we can hit the throttle later on in the if validation passes if (!Throttle::check($request, 5, 30)) { return Redirect::route('account.resend')->withInput()->with('error', 'You have been suspended from resending activation emails. Please contact support.'); } }); $router->filter('throttle.reset', function ($route, $request) { // check if we've reached the rate limit, but don't hit the throttle yet // we can hit the throttle later on in the if validation passes if (!Throttle::check($request, 5, 30)) { return Redirect::route('account.reset')->withInput()->with('error', 'You have been suspended from resetting passwords. Please contact support.'); } }); $router->filter('throttle.register', function ($route, $request) { // check if we've reached the rate limit, but don't hit the throttle yet // we can hit the throttle later on in the if validation passes if (!Throttle::check($request, 5, 30)) { return Redirect::route('account.register')->withInput()->with('error', 'You have been suspended from registration. Please contact support.'); } }); $router->filter('localization', function () { App::setLocale(Route::input('lang')); });