-
Notifications
You must be signed in to change notification settings - Fork 258
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #209 from Zizaco/huge-update
Confide 4.0
- Loading branch information
Showing
56 changed files
with
5,393 additions
and
3,017 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# .coveralls.yml example configuration | ||
|
||
# service name | ||
service_name: travis-ci | ||
|
||
# for php-coveralls | ||
src_dir: src | ||
coverage_clover: build/logs/clover.xml | ||
json_path: build/logs/coveralls-upload.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,2 @@ | ||
/vendor | ||
composer.lock | ||
.DS_Store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,22 @@ | ||
language: php | ||
|
||
php: | ||
- 5.3 | ||
php: | ||
- 5.4 | ||
- 5.5 | ||
- 5.6 | ||
- hhvm | ||
|
||
matrix: | ||
allow_failures: | ||
- php: 5.6 | ||
|
||
before_script: | ||
- curl -s http://getcomposer.org/installer | php | ||
- php composer.phar install --dev | ||
- travis_retry composer self-update | ||
- travis_retry composer install --no-interaction --prefer-source --dev | ||
|
||
script: | ||
- mkdir -p build/logs | ||
- vendor/bin/phpunit -c phpunit.xml.dist --verbose | ||
|
||
script: phpunit | ||
after_script: | ||
- php vendor/bin/coveralls -v |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<phpunit backupGlobals="false" | ||
backupStaticAttributes="false" | ||
bootstrap="vendor/autoload.php" | ||
colors="true" | ||
convertErrorsToExceptions="true" | ||
convertNoticesToExceptions="true" | ||
convertWarningsToExceptions="true" | ||
processIsolation="false" | ||
stopOnFailure="false" | ||
syntaxCheck="false" | ||
> | ||
<filter> | ||
<whitelist processUncoveredFilesFromWhitelist="true"> | ||
<directory suffix=".php">./src/Zizaco</directory> | ||
<directory suffix=".php">./src/commands</directory> | ||
</whitelist> | ||
</filter> | ||
<testsuites> | ||
<testsuite name="Package Test Suite"> | ||
<directory>./tests/</directory> | ||
</testsuite> | ||
</testsuites> | ||
<logging> | ||
<log type="coverage-clover" target="build/logs/clover.xml"/> | ||
</logging> | ||
</phpunit> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
<?php namespace Zizaco\Confide; | ||
|
||
/** | ||
* The LoginThrottle is a service that Throttles login after | ||
* too many failed attempts. This is a secure measure in | ||
* order to avoid brute force attacks. | ||
* | ||
* @license MIT | ||
* @package Zizaco\Confide | ||
*/ | ||
class CacheLoginThrottleService implements LoginThrottleServiceInterface | ||
{ | ||
/** | ||
* Laravel application | ||
* | ||
* @var \Illuminate\Foundation\Application | ||
*/ | ||
public $app; | ||
|
||
/** | ||
* Create a new PasswordService | ||
* | ||
* @param \Illuminate\Foundation\Application $app Laravel application object | ||
* @return void | ||
*/ | ||
public function __construct($app = null) | ||
{ | ||
$this->app = $app ?: app(); | ||
} | ||
|
||
/** | ||
* Increments the count for the given identity by one and | ||
* also returns the current value for that identity. | ||
* | ||
* @param mixed $identity The login identity | ||
* @return integer How many times that same identity was used | ||
*/ | ||
public function throttleIdentity($identity) | ||
{ | ||
$identity = $this->parseIdentity($identity); | ||
|
||
// Increments and also retuns the current count | ||
return $this->countThrottle($identity); | ||
} | ||
|
||
/** | ||
* Tells if the given identity has reached the throttle_limit | ||
* @param mixed $identity The login identity | ||
* @return boolean True if the identity has reached the throttle_limit | ||
*/ | ||
public function isThrottled($identity) | ||
{ | ||
$identity = $this->parseIdentity($identity); | ||
|
||
// Retuns the current count | ||
$count = $this->countThrottle($identity, 0); | ||
|
||
return $count >= $this->app['config']->get('confide::throttle_limit'); | ||
} | ||
|
||
/** | ||
* Parse the given identity in order to return a string with | ||
* the relevant fields. I.E: if the attacker tries to use a | ||
* bunch of different passwords, the identity will still be the | ||
* same. | ||
* @param $mixed $identity | ||
* @return string $identityString | ||
*/ | ||
protected function parseIdentity($identity) | ||
{ | ||
// If is an array, remove password, remember and then | ||
// transforms it into a string. | ||
if (is_array($identity)) | ||
{ | ||
unset($identity['password']); | ||
unset($identity['remember']); | ||
$identity = serialize($identity); | ||
} | ||
|
||
return $identity; | ||
} | ||
|
||
/** | ||
* Increments the count for the given string by one stores | ||
* it into cache and returns the current value for that | ||
* identity. | ||
* | ||
* @param string $identityString | ||
* @param integer $increments Amount that is going to be added to the throttling attemps for the given identity | ||
* @return integer How many times that same string was used | ||
*/ | ||
protected function countThrottle($identityString, $increments = 1) | ||
{ | ||
$count = $this->app['cache'] | ||
->get('login_throttling:'.md5($identityString), 0); | ||
|
||
$count = $count + $increments; | ||
|
||
$ttl = $this->app['config']->get('confide::throttle_time_period'); | ||
|
||
$this->app['cache'] | ||
->put('login_throttling:'.md5($identityString), $count, $ttl); | ||
|
||
return $count; | ||
} | ||
} |
Oops, something went wrong.