Update login form, allow admins to enable captcha after X failed attempts. Admins can set the number of attempts before captcha is shown, default is 2 attempts before captcha is required

This commit is contained in:
Daniel Supernault 2023-05-23 05:08:34 -06:00
parent f9eb99c897
commit 221ddce0fa
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
3 changed files with 55 additions and 6 deletions

View file

@ -7,6 +7,8 @@ use App\Http\Controllers\Controller;
use App\User; use App\User;
use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Foundation\Auth\AuthenticatesUsers;
use App\Services\BouncerService; use App\Services\BouncerService;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
class LoginController extends Controller class LoginController extends Controller
{ {
@ -70,8 +72,16 @@ class LoginController extends Controller
'password' => 'required|string|min:6', 'password' => 'required|string|min:6',
]; ];
if(config('captcha.enabled') || config('captcha.active.login')) { if(
$rules['h-captcha-response'] = 'required|captcha'; config('captcha.enabled') ||
config('captcha.active.login') ||
(
config('captcha.triggers.login.enabled') &&
request()->session()->has('login_attempts') &&
request()->session()->get('login_attempts') >= config('captcha.triggers.login.attempts')
)
) {
$rules['h-captcha-response'] = 'required|filled|captcha|min:5';
} }
$this->validate($request, $rules); $this->validate($request, $rules);
@ -102,4 +112,28 @@ class LoginController extends Controller
$log->user_agent = $request->userAgent(); $log->user_agent = $request->userAgent();
$log->save(); $log->save();
} }
/**
* Get the failed login response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Symfony\Component\HttpFoundation\Response
*
* @throws \Illuminate\Validation\ValidationException
*/
protected function sendFailedLoginResponse(Request $request)
{
if(config('captcha.triggers.login.enabled')) {
if ($request->session()->has('login_attempts')) {
$ct = $request->session()->get('login_attempts');
$request->session()->put('login_attempts', $ct + 1);
} else {
$request->session()->put('login_attempts', 1);
}
}
throw ValidationException::withMessages([
$this->username() => [trans('auth.failed')],
]);
}
} }

View file

@ -16,5 +16,12 @@ return [
'active' => [ 'active' => [
'login' => env('CAPTCHA_ENABLED_ON_LOGIN', false), 'login' => env('CAPTCHA_ENABLED_ON_LOGIN', false),
'register' => env('CAPTCHA_ENABLED_ON_REGISTER', false) 'register' => env('CAPTCHA_ENABLED_ON_REGISTER', false)
],
'triggers' => [
'login' => [
'enabled' => env('CAPTCHA_TRIGGERS_LOGIN_ENABLED', false),
'attempts' => env('CAPTCHA_TRIGGERS_LOGIN_ATTEMPTS', 2)
]
] ]
]; ];

View file

@ -50,7 +50,15 @@
</div> </div>
</div> </div>
@if(config('captcha.enabled') || config('captcha.active.login')) @if(
config('captcha.enabled') ||
config('captcha.active.login') ||
(
config('captcha.triggers.login.enabled') &&
request()->session()->has('login_attempts') &&
request()->session()->get('login_attempts') >= config('captcha.triggers.login.attempts')
)
)
<div class="d-flex justify-content-center mb-3"> <div class="d-flex justify-content-center mb-3">
{!! Captcha::display() !!} {!! Captcha::display() !!}
</div> </div>