Laravel 5.6 Passport OAuth 最大登录尝试次数
Laravel 5.6 Passport OAuth Max Login Attempts
我刚刚使用 Laravel Passport 创建了一个简单的 OAuth 系统。该系统将负责外部应用程序的用户注册和身份验证。一切都如我所料,现在我想实现一种机制,在预定次数的登录尝试失败后锁定用户。
我是 Laravel 和 Passport 的新手,是否有任何内置软件包可以帮我管理它?还是我必须自己开发这个功能?如果是这样,我该如何完成这样的任务?
我一直在网上搜索,但直到现在我找不到任何关于 Passport OAuth 的信息。
其实 laravel 已经有了这个功能你可以在下面 link 查看关于那个 https://laravel.com/docs/5.6/authentication#login-throttling
我已经设法完成了我想做的事情,如果有人遇到这个问题,这就是我所做的...
创建了自定义 AuthController 和登录方法来替换 Laravel Passport 的默认设置 oauth/token:
use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
use Illuminate\Http\Response;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Response;
use \Laravel\Passport\Http\Controllers\AccessTokenController as AccessTokenController;
class AuthController extends AccessTokenController
{
use AuthenticatesUsers;
//custom login method
public function login(Request $request)
{
//...
}
}
在任何其他登录操作之前,检查用户是否已达到最大登录尝试次数:
//custom login method
public function login(Request $request)
{
//check if the max number of login attempts has been reached
if ($this->hasTooManyLoginAttempts($request))
{
$this->fireLockoutEvent($request);
return "To many attempts...";
}
//...
}
通过尝试登录验证用户凭据。如果登录成功,则重置失败尝试计数。如果失败,增加计数:
//check if user has reached the max number of login attempts
//verify user credentials
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials))
{
//reset failed login attemps
$this->clearLoginAttempts($request);
//...
}
else
{
//count user failed login attempts
$this->incrementLoginAttempts($request);
return "Login failed...";
}
最后,由于 Passport (OAuth2) 使用 PSR-7 请求(服务器请求接口),我们需要将标准 Laravel 请求转换为 PSR-7 以便颁发访问令牌:
//Authentication passed...
//convert Laravel Request (Symfony Request) to PSR-7
$psr7Factory = new DiactorosFactory();
$psrRequest = $psr7Factory->createRequest($request);
//generate access token
$tokenResponse = parent::issueToken($psrRequest);
//return issued token
return Response::json($tokenResponse);
完整的登录方法如下:
public function login(Request $request)
{
//check if user has reached the max number of login attempts
if ($this->hasTooManyLoginAttempts($request))
{
$this->fireLockoutEvent($request);
return "To many attempts...";
}
//verify user credentials
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials))
{
//Authentication passed...
//reset failed login attemps
$this->clearLoginAttempts($request);
//convert Laravel Request (Symfony Request) to PSR-7
$psr7Factory = new DiactorosFactory();
$psrRequest = $psr7Factory->createRequest($request);
//generate access token
$tokenResponse = parent::issueToken($psrRequest);
//return issued token
return Response::json($tokenResponse);
}
else
{
//count user failed login attempts
$this->incrementLoginAttempts($request);
return "Login failed...";
}
}
我刚刚使用 Laravel Passport 创建了一个简单的 OAuth 系统。该系统将负责外部应用程序的用户注册和身份验证。一切都如我所料,现在我想实现一种机制,在预定次数的登录尝试失败后锁定用户。
我是 Laravel 和 Passport 的新手,是否有任何内置软件包可以帮我管理它?还是我必须自己开发这个功能?如果是这样,我该如何完成这样的任务?
我一直在网上搜索,但直到现在我找不到任何关于 Passport OAuth 的信息。
其实 laravel 已经有了这个功能你可以在下面 link 查看关于那个 https://laravel.com/docs/5.6/authentication#login-throttling
我已经设法完成了我想做的事情,如果有人遇到这个问题,这就是我所做的...
创建了自定义 AuthController 和登录方法来替换 Laravel Passport 的默认设置 oauth/token:
use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
use Illuminate\Http\Response;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Response;
use \Laravel\Passport\Http\Controllers\AccessTokenController as AccessTokenController;
class AuthController extends AccessTokenController
{
use AuthenticatesUsers;
//custom login method
public function login(Request $request)
{
//...
}
}
在任何其他登录操作之前,检查用户是否已达到最大登录尝试次数:
//custom login method
public function login(Request $request)
{
//check if the max number of login attempts has been reached
if ($this->hasTooManyLoginAttempts($request))
{
$this->fireLockoutEvent($request);
return "To many attempts...";
}
//...
}
通过尝试登录验证用户凭据。如果登录成功,则重置失败尝试计数。如果失败,增加计数:
//check if user has reached the max number of login attempts
//verify user credentials
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials))
{
//reset failed login attemps
$this->clearLoginAttempts($request);
//...
}
else
{
//count user failed login attempts
$this->incrementLoginAttempts($request);
return "Login failed...";
}
最后,由于 Passport (OAuth2) 使用 PSR-7 请求(服务器请求接口),我们需要将标准 Laravel 请求转换为 PSR-7 以便颁发访问令牌:
//Authentication passed...
//convert Laravel Request (Symfony Request) to PSR-7
$psr7Factory = new DiactorosFactory();
$psrRequest = $psr7Factory->createRequest($request);
//generate access token
$tokenResponse = parent::issueToken($psrRequest);
//return issued token
return Response::json($tokenResponse);
完整的登录方法如下:
public function login(Request $request)
{
//check if user has reached the max number of login attempts
if ($this->hasTooManyLoginAttempts($request))
{
$this->fireLockoutEvent($request);
return "To many attempts...";
}
//verify user credentials
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials))
{
//Authentication passed...
//reset failed login attemps
$this->clearLoginAttempts($request);
//convert Laravel Request (Symfony Request) to PSR-7
$psr7Factory = new DiactorosFactory();
$psrRequest = $psr7Factory->createRequest($request);
//generate access token
$tokenResponse = parent::issueToken($psrRequest);
//return issued token
return Response::json($tokenResponse);
}
else
{
//count user failed login attempts
$this->incrementLoginAttempts($request);
return "Login failed...";
}
}