Skip to content

Commit

Permalink
Merge pull request #209 from Zizaco/huge-update
Browse files Browse the repository at this point in the history
Confide 4.0
  • Loading branch information
Zizaco committed Jul 20, 2014
2 parents 0d83c8e + d4ffb97 commit 3f3e276
Show file tree
Hide file tree
Showing 56 changed files with 5,393 additions and 3,017 deletions.
9 changes: 9 additions & 0 deletions .coveralls.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# .coveralls.yml example configuration

# service name
service_name: travis-ci

# for php-coveralls
src_dir: src
coverage_clover: build/logs/clover.xml
json_path: build/logs/coveralls-upload.json
1 change: 0 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,2 @@
/vendor
composer.lock
.DS_Store
21 changes: 16 additions & 5 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,22 @@
language: php

php:
- 5.3
php:
- 5.4
- 5.5
- 5.6
- hhvm

matrix:
allow_failures:
- php: 5.6

before_script:
- curl -s http://getcomposer.org/installer | php
- php composer.phar install --dev
- travis_retry composer self-update
- travis_retry composer install --no-interaction --prefer-source --dev

script:
- mkdir -p build/logs
- vendor/bin/phpunit -c phpunit.xml.dist --verbose

script: phpunit
after_script:
- php vendor/bin/coveralls -v
240 changes: 118 additions & 122 deletions README.md

Large diffs are not rendered by default.

20 changes: 11 additions & 9 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
"authors": [
{
"name": "Zizaco Zizuini",
"email": "zizaco@gmail.com",
"homepage": "http://www.zizaco.net"
},
{
Expand All @@ -15,14 +14,16 @@
}
],
"require": {
"php": ">=5.3.0",
"illuminate/support": "~4.1",
"laravelbook/ardent": "~2.4"
"php": ">=5.4.0",
"illuminate/support": "~4.2"
},
"require-dev": {
"mockery/mockery": "~0.8",
"illuminate/database": "~4.1",
"illuminate/auth": "~4.1"
"illuminate/database": "~4.2",
"illuminate/auth": "~4.2",
"illuminate/console": "~4.2",
"phpunit/phpunit": "~4.0",
"satooshi/php-coveralls": "~0.7",
"mockery/mockery": "~0.9"
},
"suggest": {
"zizaco/entrust":"add Role-based Permissions to Laravel 4"
Expand All @@ -38,7 +39,8 @@
},
"extra": {
"branch-alias": {
"dev-master": "3.2-dev"
"dev-huge-update": "4.0-dev"
}
}
},
"minimum-stability": "dev"
}
8 changes: 7 additions & 1 deletion phpunit.xml
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,15 @@
stopOnFailure="false"
syntaxCheck="false"
>
<filter>
<whitelist processUncoveredFilesFromWhitelist="true">
<directory suffix=".php">./src/Zizaco</directory>
<directory suffix=".php">./src/commands</directory>
</whitelist>
</filter>
<testsuites>
<testsuite name="Package Test Suite">
<directory>./tests/</directory>
</testsuite>
</testsuites>
</phpunit>
</phpunit>
27 changes: 27 additions & 0 deletions phpunit.xml.dist
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit backupGlobals="false"
backupStaticAttributes="false"
bootstrap="vendor/autoload.php"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false"
stopOnFailure="false"
syntaxCheck="false"
>
<filter>
<whitelist processUncoveredFilesFromWhitelist="true">
<directory suffix=".php">./src/Zizaco</directory>
<directory suffix=".php">./src/commands</directory>
</whitelist>
</filter>
<testsuites>
<testsuite name="Package Test Suite">
<directory>./tests/</directory>
</testsuite>
</testsuites>
<logging>
<log type="coverage-clover" target="build/logs/clover.xml"/>
</logging>
</phpunit>
106 changes: 106 additions & 0 deletions src/Zizaco/Confide/CacheLoginThrottleService.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
<?php namespace Zizaco\Confide;

/**
* The LoginThrottle is a service that Throttles login after
* too many failed attempts. This is a secure measure in
* order to avoid brute force attacks.
*
* @license MIT
* @package Zizaco\Confide
*/
class CacheLoginThrottleService implements LoginThrottleServiceInterface
{
/**
* Laravel application
*
* @var \Illuminate\Foundation\Application
*/
public $app;

/**
* Create a new PasswordService
*
* @param \Illuminate\Foundation\Application $app Laravel application object
* @return void
*/
public function __construct($app = null)
{
$this->app = $app ?: app();
}

/**
* Increments the count for the given identity by one and
* also returns the current value for that identity.
*
* @param mixed $identity The login identity
* @return integer How many times that same identity was used
*/
public function throttleIdentity($identity)
{
$identity = $this->parseIdentity($identity);

// Increments and also retuns the current count
return $this->countThrottle($identity);
}

/**
* Tells if the given identity has reached the throttle_limit
* @param mixed $identity The login identity
* @return boolean True if the identity has reached the throttle_limit
*/
public function isThrottled($identity)
{
$identity = $this->parseIdentity($identity);

// Retuns the current count
$count = $this->countThrottle($identity, 0);

return $count >= $this->app['config']->get('confide::throttle_limit');
}

/**
* Parse the given identity in order to return a string with
* the relevant fields. I.E: if the attacker tries to use a
* bunch of different passwords, the identity will still be the
* same.
* @param $mixed $identity
* @return string $identityString
*/
protected function parseIdentity($identity)
{
// If is an array, remove password, remember and then
// transforms it into a string.
if (is_array($identity))
{
unset($identity['password']);
unset($identity['remember']);
$identity = serialize($identity);
}

return $identity;
}

/**
* Increments the count for the given string by one stores
* it into cache and returns the current value for that
* identity.
*
* @param string $identityString
* @param integer $increments Amount that is going to be added to the throttling attemps for the given identity
* @return integer How many times that same string was used
*/
protected function countThrottle($identityString, $increments = 1)
{
$count = $this->app['cache']
->get('login_throttling:'.md5($identityString), 0);

$count = $count + $increments;

$ttl = $this->app['config']->get('confide::throttle_time_period');

$this->app['cache']
->put('login_throttling:'.md5($identityString), $count, $ttl);

return $count;
}
}
Loading

0 comments on commit 3f3e276

Please sign in to comment.