gpt4 book ai didi

throttling - Laravel 6 : Throttle Password Reset

转载 作者:行者123 更新时间:2023-12-04 00:21:42 31 4
gpt4 key购买 nike

在 Laravel 6 中,密码代理现在具有以下功能来限制密码重置( https://github.com/laravel/framework/blob/6.x/src/Illuminate/Auth/Passwords/PasswordBroker.php#L58 )

public function sendResetLink(array $credentials)
{
// First we will check to see if we found a user at the given credentials and
// if we did not we will redirect back to this current URI with a piece of
// "flash" data in the session to indicate to the developers the errors.
$user = $this->getUser($credentials);

if (is_null($user)) {
return static::INVALID_USER;
}

if (method_exists($this->tokens, 'recentlyCreatedToken') &&
$this->tokens->recentlyCreatedToken($user)) {
return static::RESET_THROTTLED;
}

// Once we have the reset token, we are ready to send the message out to this
// user with a link to reset their password. We will then redirect back to
// the current URI having nothing set in the session to indicate errors.
$user->sendPasswordResetNotification(
$this->tokens->create($user)
);

return static::RESET_LINK_SENT;
}

但是,当我反复提交密码重置时,为什么密码重置没有受到限制 - 我仍然收到重置通知?

我注意到 recentlyCreatedToken 方法在 6.x 版本的 TokenRepositoryInterface 中不存在 https://github.com/laravel/framework/blob/6.x/src/Illuminate/Auth/Passwords/TokenRepositoryInterface.php

但已在7.x版本中添加

https://github.com/laravel/framework/blob/master/src/Illuminate/Auth/Passwords/TokenRepositoryInterface.php

这只是 v7.x 的一个功能,还是我需要做的事情我错过了?

最佳答案

密码重置限制在 Laravel 6.x 中有效,但由于某些原因,您需要在配置文件 throttle 中手动设置 config/auth.php 参数:

    'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60, // Allows a user to request 1 token per 60 seconds
],
],

DatabaseTokenRepository 将 throttle 时间的默认值定义为 60 秒。但是当在 PasswordBrokerManager 中初始化 DatabaseTokenRepository 时,它会检查配置文件,如果没有找到值,则将 throttle 时间设置为 0(意味着禁用 throttle )。

您还需要将消息字符串添加到 resources/lang/en/passwords.php 以向用户显示可理解的错误消息:

'throttled' => 'You have requested password reset recently, please check your email.',

P.S. 使用 php artisan config:clear 编辑配置文件后不要忘记刷新配置缓存。

关于throttling - Laravel 6 : Throttle Password Reset,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60268308/

31 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com