Laravel 5.6 Passport OAuth Max登录尝试 [英] Laravel 5.6 Passport OAuth Max Login Attempts
问题描述
我刚刚使用Laravel Passport创建了一个简单的OAuth系统.该系统将负责外部应用程序用户的注册和身份验证.一切都按我的预期进行,现在我想实现一种机制,以在预定义次数的登录尝试失败后锁定用户.
I've just created a simple OAuth system with Laravel Passport. This system will be responsible for an external app user registration and authentication. Everything is working as i expect, and now i would like to implement a mechanism to lock users after a predefined number of failed login attempts.
我是Laravel和Passport的新手,是否有任何内置软件包可以为我管理?还是我必须自己开发此功能?如果是这样,我该如何完成这项任务?
I'm new to Laravel and Passport, is there any built in package that can manage this for me? Or do I have to develop this feature on my own? If so, how can i accomplish such task?
我一直在搜索整个互联网,但是直到现在我都找不到关于Passport OAuth的任何信息.
I've been searching all around the interwebs but until now i couldn't find anything regarding Passport OAuth.
推荐答案
我已经设法完成了我想做的事情,如果有人遇到这个问题,这就是我所做的...
I've managed to accomplish what i wanted to do, if anyone comes across this issue, here's what i did...
创建了一个自定义AuthController和登录方法来替换Laravel Passport的默认oauth/token:
Created a custom AuthController and login method to replace Laravel Passport's default oauth/token:
use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
use Illuminate\Http\Response;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Response;
use \Laravel\Passport\Http\Controllers\AccessTokenController as AccessTokenController;
class AuthController extends AccessTokenController
{
use AuthenticatesUsers;
//custom login method
public function login(Request $request)
{
//...
}
}
在执行其他任何登录操作之前,请检查用户是否已达到最大登录尝试次数:
Before any other login actions, check if a user has reached the max login attempts:
//custom login method
public function login(Request $request)
{
//check if the max number of login attempts has been reached
if ($this->hasTooManyLoginAttempts($request))
{
$this->fireLockoutEvent($request);
return "To many attempts...";
}
//...
}
通过尝试登录来验证用户凭据.如果登录成功,则重置失败尝试次数.如果失败,则增加计数:
Verify user credentials by attempting a login. If a logins succeeds reset the the failed attempts count. If it fails, increment the count:
//check if user has reached the max number of login attempts
//verify user credentials
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials))
{
//reset failed login attemps
$this->clearLoginAttempts($request);
//...
}
else
{
//count user failed login attempts
$this->incrementLoginAttempts($request);
return "Login failed...";
}
最后,由于Passport(OAuth2)使用PSR-7请求(服务器请求接口),因此我们需要将标准Laravel请求转换为PSR-7才能发出访问令牌:
And finally, since Passport (OAuth2) uses PSR-7 requests (Server Request Interface), we need to convert the standard Laravel request to PSR-7 in order to issue the access token:
//Authentication passed...
//convert Laravel Request (Symfony Request) to PSR-7
$psr7Factory = new DiactorosFactory();
$psrRequest = $psr7Factory->createRequest($request);
//generate access token
$tokenResponse = parent::issueToken($psrRequest);
//return issued token
return Response::json($tokenResponse);
这是完整的登录方法:
public function login(Request $request)
{
//check if user has reached the max number of login attempts
if ($this->hasTooManyLoginAttempts($request))
{
$this->fireLockoutEvent($request);
return "To many attempts...";
}
//verify user credentials
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials))
{
//Authentication passed...
//reset failed login attemps
$this->clearLoginAttempts($request);
//convert Laravel Request (Symfony Request) to PSR-7
$psr7Factory = new DiactorosFactory();
$psrRequest = $psr7Factory->createRequest($request);
//generate access token
$tokenResponse = parent::issueToken($psrRequest);
//return issued token
return Response::json($tokenResponse);
}
else
{
//count user failed login attempts
$this->incrementLoginAttempts($request);
return "Login failed...";
}
}
这篇关于Laravel 5.6 Passport OAuth Max登录尝试的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!