我刚刚使用Laravel Passport创建了一个简单的OAuth系统。该系统将负责外部应用程序用户注册和身份验证。一切都按照我的预期运行,现在我想实现一种机制,在预定义次数的登录尝试失败后锁定用户。
我是Laravel和Passport的新手,有没有可以为我管理的内置软件包?或者我必须自己开发此功能?如果是这样,我怎么能完成这样的任务?
我一直在搜索各种各样的互联网,但直到现在我找不到任何关于Passport OAuth的内容。
答案 0 :(得分:4)
我设法完成了我想做的事情,如果有人遇到这个问题,这就是我所做的......
创建一个自定义的AuthController和登录方法来替换Laravel Passport的默认oauth /令牌:
library(MultiOrd)
# Specify sample size N
N <- 40
# Marginal distribution for two variables as a vector for MultiOrd rather than a list
marginal <- c(.5, .5)
# Correlation (tetrachoric) matrix as target for simulated relationship between variables
Sigma <- matrix(c(1.0, -.71, -.71, 1.0), 2, 2, byrow=TRUE)
# Generate a sample of the categorical variables with specified parameters
m <- generate.binary(40, marginal, Sigma)
在执行任何其他登录操作之前,请检查用户是否已达到最大登录尝试次数:
use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
use Illuminate\Http\Response;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Response;
use \Laravel\Passport\Http\Controllers\AccessTokenController as AccessTokenController;
class AuthController extends AccessTokenController
{
use AuthenticatesUsers;
//custom login method
public function login(Request $request)
{
//...
}
}
尝试登录验证用户凭据。如果登录成功,则重置失败的尝试次数。如果失败,请递增计数:
//custom login method
public function login(Request $request)
{
//check if the max number of login attempts has been reached
if ($this->hasTooManyLoginAttempts($request))
{
$this->fireLockoutEvent($request);
return "To many attempts...";
}
//...
}
最后,由于Passport(OAuth2)使用PSR-7请求(服务器请求接口),我们需要将标准Laravel请求转换为PSR-7才能发出访问令牌:
//check if user has reached the max number of login attempts
//verify user credentials
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials))
{
//reset failed login attemps
$this->clearLoginAttempts($request);
//...
}
else
{
//count user failed login attempts
$this->incrementLoginAttempts($request);
return "Login failed...";
}
以下是完整的登录方式:
//Authentication passed...
//convert Laravel Request (Symfony Request) to PSR-7
$psr7Factory = new DiactorosFactory();
$psrRequest = $psr7Factory->createRequest($request);
//generate access token
$tokenResponse = parent::issueToken($psrRequest);
//return issued token
return Response::json($tokenResponse);
答案 1 :(得分:0)
实际上laravel已经具有此功能,您可以在下面的链接中查看https://laravel.com/docs/5.6/authentication#login-throttling