From a2e4271af4a370266c052d44d0b3d6c77aa2a74f Mon Sep 17 00:00:00 2001 From: Tom Schlick Date: Sat, 23 Apr 2016 19:27:56 -0400 Subject: [PATCH 1/4] reset the attempts on lockout to avoid race condition re-lockout --- src/Illuminate/Cache/RateLimiter.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/Illuminate/Cache/RateLimiter.php b/src/Illuminate/Cache/RateLimiter.php index 953bc2fd5b29..23b6478ac257 100644 --- a/src/Illuminate/Cache/RateLimiter.php +++ b/src/Illuminate/Cache/RateLimiter.php @@ -40,6 +40,8 @@ public function tooManyAttempts($key, $maxAttempts, $decayMinutes = 1) if ($this->attempts($key) > $maxAttempts) { $this->cache->add($key.':lockout', time() + ($decayMinutes * 60), $decayMinutes); + + $this->resetAttempts($key); return true; } @@ -71,6 +73,17 @@ public function attempts($key) { return $this->cache->get($key, 0); } + + /** + * Reset the number of attempts for the given key. + * + * @param string $key + * @return mixed + */ + public function resetAttempts($key) + { + return $this->cache->forget($key; + } /** * Get the number of retries left for the given key. @@ -94,7 +107,7 @@ public function retriesLeft($key, $maxAttempts) */ public function clear($key) { - $this->cache->forget($key); + $this->resetAttempts($key); $this->cache->forget($key.':lockout'); } From dd803fdc88e3ef8659eb66a44a5bfbb836b46fa3 Mon Sep 17 00:00:00 2001 From: Tom Schlick Date: Sat, 23 Apr 2016 19:35:17 -0400 Subject: [PATCH 2/4] fix missing ) --- src/Illuminate/Cache/RateLimiter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Illuminate/Cache/RateLimiter.php b/src/Illuminate/Cache/RateLimiter.php index 23b6478ac257..c6d3b5f725f6 100644 --- a/src/Illuminate/Cache/RateLimiter.php +++ b/src/Illuminate/Cache/RateLimiter.php @@ -82,7 +82,7 @@ public function attempts($key) */ public function resetAttempts($key) { - return $this->cache->forget($key; + return $this->cache->forget($key); } /** From fd5e15ce9000985b7d65618193fad518f668ee12 Mon Sep 17 00:00:00 2001 From: Tom Schlick Date: Sat, 23 Apr 2016 19:37:40 -0400 Subject: [PATCH 3/4] remove added spacing --- src/Illuminate/Cache/RateLimiter.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Illuminate/Cache/RateLimiter.php b/src/Illuminate/Cache/RateLimiter.php index c6d3b5f725f6..497ceb13ceb4 100644 --- a/src/Illuminate/Cache/RateLimiter.php +++ b/src/Illuminate/Cache/RateLimiter.php @@ -40,7 +40,7 @@ public function tooManyAttempts($key, $maxAttempts, $decayMinutes = 1) if ($this->attempts($key) > $maxAttempts) { $this->cache->add($key.':lockout', time() + ($decayMinutes * 60), $decayMinutes); - + $this->resetAttempts($key); return true; @@ -73,7 +73,7 @@ public function attempts($key) { return $this->cache->get($key, 0); } - + /** * Reset the number of attempts for the given key. * From de8f38ca2235493c974fc56d773ccb27c3f54b52 Mon Sep 17 00:00:00 2001 From: Tom Schlick Date: Sat, 23 Apr 2016 19:42:43 -0400 Subject: [PATCH 4/4] add forget mock to the tests --- tests/Cache/CacheRateLimiterTest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Cache/CacheRateLimiterTest.php b/tests/Cache/CacheRateLimiterTest.php index 4733d1bfe050..ce786885a03b 100644 --- a/tests/Cache/CacheRateLimiterTest.php +++ b/tests/Cache/CacheRateLimiterTest.php @@ -27,6 +27,7 @@ public function testTooManyAttemptsReturnsTrueIfMaxAttemptsExceeded() $cache->shouldReceive('get')->once()->with('key', 0)->andReturn(10); $cache->shouldReceive('has')->once()->with('key:lockout')->andReturn(false); $cache->shouldReceive('add')->once()->with('key:lockout', m::type('int'), 1); + $cache->shouldReceive('forget')->once()->with('key'); $rateLimiter = new RateLimiter($cache); $this->assertTrue($rateLimiter->tooManyAttempts('key', 1, 1));