/** * * @access public * @param \Symfony\Component\HttpFoundation\Request $request * @param \Symfony\Component\Security\Core\Exception\AuthenticationException $exception * @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response */ public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { // Get the visitors IP address and attempted username. $ipAddress = $request->getClientIp(); if ($request->request->has('_username')) { $username = $request->request->get('_username'); } else { $username = ''; } // Make a note of the failed login. $this->loginFailureTracker->addAttempt($ipAddress, $username); // Let Symfony decide what to do next return parent::onAuthenticationFailure($request, $exception); }
/** * If you have failed to login too many times, a log of this will be present * in your session and the databse (incase session is dropped the record remains). * * @access public * @return int */ public function vote() { $request = $this->requestStack->getMasterRequest(); if (($this->forceAccountRecovery['enabled'] || $this->blockPages['enabled']) && $request) { $route = $request->get('_route'); $ipAddress = $request->getClientIp(); $this->blockPages['routes'][] = $this->routeLogin['name']; if ($this->blockPages['enabled'] && in_array($route, $this->blockPages['routes'])) { // Get number of failed login attempts. $attempts = $this->loginFailureTracker->getAttempts($ipAddress, $this->blockPages['duration_in_minutes']); if (count($attempts) >= $this->blockPages['after_attempts']) { // You have too many failed login attempts, login access is temporarily blocked. return self::ACCESS_DENIED_BLOCK; } } $this->forceAccountRecovery['routes'][] = $this->routeLogin['name']; if ($this->forceAccountRecovery['enabled'] && in_array($route, $this->forceAccountRecovery['routes'])) { // Get number of failed login attempts. $attempts = $this->loginFailureTracker->getAttempts($ipAddress, $this->forceAccountRecovery['duration_in_minutes']); if (count($attempts) >= $this->forceAccountRecovery['after_attempts']) { // You have too many failed login attempts, login access is temporarily blocked, go recover your account. return self::ACCESS_DENIED_DEFER; } } } return self::ACCESS_ALLOWED; }