/** * {@inheritdoc} */ public function check($securityEventType, $accountReference = null, $longIp = null) { $isEnabled = $this->securityConfig->getPasswordResetProtectionType() != ResetMethod::OPTION_NONE; $allowedAttemptsNumber = $this->securityConfig->getMaxNumberPasswordResetRequests(); if ($isEnabled and $allowedAttemptsNumber) { $collection = $this->prepareCollection($securityEventType, $accountReference, $longIp); if ($collection->count() >= $allowedAttemptsNumber) { throw new SecurityViolationException(__('Too many password reset requests. Please wait and try again or contact %1.', $this->securityConfig->getCustomerServiceEmail())); } } }
/** * {@inheritdoc} */ public function check($securityEventType, $accountReference = null, $longIp = null) { $isEnabled = $this->securityConfig->getPasswordResetProtectionType() != ResetMethod::OPTION_NONE; $limitTimeBetweenRequests = $this->securityConfig->getMinTimeBetweenPasswordResetRequests(); if ($isEnabled && $limitTimeBetweenRequests) { if (null === $longIp) { $longIp = $this->remoteAddress->getRemoteAddress(); } $lastRecordCreationTimestamp = $this->loadLastRecordCreationTimestamp($securityEventType, $accountReference, $longIp); if ($lastRecordCreationTimestamp && $limitTimeBetweenRequests > $this->dateTime->gmtTimestamp() - $lastRecordCreationTimestamp) { throw new SecurityViolationException(__('Too many password reset requests. Please wait and try again or contact %1.', $this->securityConfig->getCustomerServiceEmail())); } } }
/** * Create class instance with specified parameters * * @param int $securityEventType * @param string $accountReference * @param string $longIp * @return Collection */ public function create($securityEventType = null, $accountReference = null, $longIp = null) { /** @var Collection $collection */ $collection = $this->objectManager->create($this->instanceName); if (null !== $securityEventType) { $collection->filterByRequestType($securityEventType); switch ($this->securityConfig->getPasswordResetProtectionType()) { case ResetMethod::OPTION_BY_EMAIL: $collection->filterByAccountReference($accountReference); break; case ResetMethod::OPTION_BY_IP: $collection->filterByIp($longIp); break; case ResetMethod::OPTION_BY_IP_AND_EMAIL: $collection->filterByIpOrAccountReference($longIp, $accountReference); break; default: } } return $collection; }
/** * @param int $resetMethod * @param int $scope * @dataProvider dataProviderResetMethodValues */ public function testGetPasswordResetProtectionType($resetMethod, $scope) { $this->scopeConfigMock->expects($this->once())->method('getValue')->with($this->getXmlPathPrefix($scope) . \Magento\Security\Model\Config::XML_PATH_PASSWORD_RESET_PROTECTION_TYPE)->willReturn($resetMethod); $this->scopeMock->expects($this->once())->method('getCurrentScope')->willReturn($scope); $this->assertEquals($resetMethod, $this->model->getPasswordResetProtectionType($scope)); }