Laravel 5.6 Passport OAuth Max登录尝试

时间:2018-04-12 17:56:42

标签: php mysql laravel laravel-5 laravel-passport

我刚刚使用Laravel Passport创建了一个简单的OAuth系统。该系统将负责外部应用程序用户注册和身份验证。一切都按照我的预期运行,现在我想实现一种机制,在预定义次数的登录尝试失败后锁定用户。

我是Laravel和Passport的新手,有没有可以为我管理的内置软件包?或者我必须自己开发此功能?如果是这样,我怎么能完成这样的任务?

我一直在搜索各种各样的互联网,但直到现在我找不到任何关于Passport OAuth的内容。

2 个答案:

答案 0 :(得分:4)

我设法完成了我想做的事情,如果有人遇到这个问题,这就是我所做的......

创建一个自定义的AuthController和登录方法来替换Laravel Passport的默认oauth /令牌:

library(MultiOrd)

# Specify sample size N
N <- 40

# Marginal distribution for two variables as a vector for MultiOrd rather than a list
marginal <- c(.5, .5)

# Correlation (tetrachoric) matrix as target for simulated relationship between variables
Sigma <- matrix(c(1.0, -.71, -.71, 1.0), 2, 2, byrow=TRUE)

# Generate a sample of the categorical variables with specified parameters
m <- generate.binary(40, marginal, Sigma)

在执行任何其他登录操作之前,请检查用户是否已达到最大登录尝试次数:

use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
use Illuminate\Http\Response;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Response;
use \Laravel\Passport\Http\Controllers\AccessTokenController as AccessTokenController;

class AuthController extends AccessTokenController
{
    use AuthenticatesUsers;

    //custom login method
    public function login(Request $request)
    {
        //...
    }
}

尝试登录验证用户凭据。如果登录成功,则重置失败的尝试次数。如果失败,请递增计数:

//custom login method
public function login(Request $request)
{
    //check if the max number of login attempts has been reached
    if ($this->hasTooManyLoginAttempts($request)) 
    {
        $this->fireLockoutEvent($request);

        return "To many attempts...";
    }

    //...
}

最后,由于Passport(OAuth2)使用PSR-7请求(服务器请求接口),我们需要将标准Laravel请求转换为PSR-7才能发出访问令牌:

//check if user has reached the max number of login attempts

//verify user credentials
$credentials = $request->only('email', 'password');

if (Auth::attempt($credentials)) 
{       
    //reset failed login attemps
    $this->clearLoginAttempts($request);

    //...
}
else
{       
    //count user failed login attempts
    $this->incrementLoginAttempts($request);

    return "Login failed...";
}

以下是完整的登录方式:

//Authentication passed...

//convert Laravel Request (Symfony Request) to PSR-7
$psr7Factory = new DiactorosFactory();
$psrRequest = $psr7Factory->createRequest($request);

//generate access token
$tokenResponse = parent::issueToken($psrRequest);

//return issued token
return Response::json($tokenResponse);

答案 1 :(得分:0)

实际上laravel已经具有此功能,您可以在下面的链接中查看https://laravel.com/docs/5.6/authentication#login-throttling

相关问题
最新问题