Laravel 项目使用 throttle 实现重置密码限制提交次数

JellyBool

JellyBool

在 laravel 5.2 之后,如果你在一分钟内尝试过多地登录, laravel 就会自动限制你在接下来的一分钟内不允许再进行
登录行为,需要你等待一分钟之后再尝试登录,这个背后其实就是使用了 throttle ,源码大概位于这个文件当中:

use Illuminate\Foundation\Auth\ThrottlesLogins;

那么在重置用户密码的时候,我们是否可以将它移植过来呢?

当然可以

如果是 laravel 5.3 的版本,修改 app/Http/Controllers/Auth/PasswordController.php 的内容:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;

use Illuminate\Foundation\Auth\AuthenticatesUsers;

use Illuminate\Foundation\Auth\ResetsPasswords;

use Illuminate\Foundation\Auth\ThrottlesLogins;

use Illuminate\Http\Request;

use Illuminate\Support\Facades\Log;

use Illuminate\Support\Facades\Validator;

class PasswordController extends Controller

{

    /*

    |--------------------------------------------------------------------------

    | Password Reset Controller

    |--------------------------------------------------------------------------

    |

    | This controller is responsible for handling password reset requests

    | and uses a simple trait to include this behavior. You're free to

    | explore this trait and override any methods you wish to tweak.

    |

    */

    use ResetsPasswords, ThrottlesLogins;

    protected $username;

    /**

     * Create a new password controller instance.

     *

     * @return void

     */

    public function __construct()

    {

        $this->middleware('guest');

    }

    /**

     * Validate the request of sending reset link.

     *

     * @param  \Illuminate\Http\Request  $request

     * @return void

     */

    protected function validateSendResetLinkEmail(Request $request)

    {

        $this->incrementLoginAttempts($request);

        $this->username = 'email';

        if($this->hasTooManyLoginAttempts($request)) {

            return back()->withError("You have exceeded the limit of attempts. Please try again shortly")

                        ->withInput();

        }

        $validator = Validator::make(

            $request->all(), [

                'email' => 'required|email'

            ]

        );

        if ($validator->fails()) {

            return back()->withMessage("If you are in the system you will get an email shortly to reset your password")

                        ->withInput();

        }

    }

    public function loginUsername()

    {

        return property_exists($this, 'username') ? $this->username : 'email';

    }

    protected function getThrottleKey(Request $request)

    {

        return $request->ip();

    }

}

如果是 laravel 5.2 的版本,以上控制器代码需要改成类似下面这个样子:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;

use Illuminate\Foundation\Auth\ResetsPasswords;

use Illuminate\Foundation\Auth\ThrottlesLogins;

use Illuminate\Http\Request;

use Illuminate\Support\Facades\Log;

use Illuminate\Support\Facades\Password;

class PasswordController extends Controller

{

    /*

    |--------------------------------------------------------------------------

    | Password Reset Controller

    |--------------------------------------------------------------------------

    |

    | This controller is responsible for handling password reset requests

    | and uses a simple trait to include this behavior. You're free to

    | explore this trait and override any methods you wish to tweak.

    |

    */

    use ResetsPasswords, ThrottlesLogins;

    protected $username;

    /**

     * Create a new password controller instance.

     *

     * @return void

     */

    public function __construct()

    {

        $this->middleware('guest');

    }

    /**

     * Validate the request of sending reset link.

     *

     * @param  \Illuminate\Http\Request  $request

     * @return void

     */

    protected function sendResetLinkEmail(Request $request)

    {

        $this->incrementLoginAttempts($request);

        $this->username = 'email';

        Log::debug("Validate");

        if($this->hasTooManyLoginAttempts($request)) {

            return redirect()->back()->withErrors(['email' => "You have exceeded the limit of attempts. Please try again shortly"]);

        }

        $this->validate($request, ['email' => 'required|email']);

        $broker = $this->getBroker();

        $response = Password::broker($broker)->sendResetLink(

            $request->only('email'), $this->resetEmailBuilder()

        );

        switch ($response) {

            case Password::RESET_LINK_SENT:

                return $this->getSendResetLinkEmailSuccessResponse($response);

            case Password::INVALID_USER:

            default:

                return $this->getSendResetLinkEmailFailureResponse($response);

        }

    }

    public function loginUsername()

    {

        return property_exists($this, 'username') ? $this->username : 'email';

    }

    protected function getThrottleKey(Request $request)

    {

        return $request->ip();

    }

}

最后

修改一下重置密码时候的消息提示, resources/lang/en/passwords.php 或者你自己创建了不同的语言,类似 resources/lang/zh_cn/passwords.php

    "password" => "密码至少是六位字符并且匹配。",


    "user"     => "如果你是注册用户,重置邮件已经发送到你的邮箱了。", //主要是这一行


    "token"    => "密码重置令牌无效。",


    "sent"     => "密码重置邮件已发送!",


    "reset"    => "密码重置成功!",

希望对你有帮助。

本文由 JellyBool 创作, 转载和引用遵循 署名-非商业性使用 2.5 中国大陆 进行许可。

共有 0 条评论