diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index 37ccbba3f..dac8078a6 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -270,7 +270,6 @@ class AccountController extends Controller return redirect()->back(); } - public function unblock(Request $request) { $this->validate($request, [ @@ -362,6 +361,13 @@ class AccountController extends Controller public function sudoMode(Request $request) { + if($request->session()->has('sudoModeAttempts') && $request->session()->get('sudoModeAttempts') >= 3) { + $request->session()->pull('2fa.session.active'); + $request->session()->pull('redirectNext'); + $request->session()->pull('sudoModeAttempts'); + Auth::logout(); + return redirect(route('login')); + } return view('auth.sudo'); } @@ -373,6 +379,12 @@ class AccountController extends Controller $user = Auth::user(); $password = $request->input('password'); $next = $request->session()->get('redirectNext', '/'); + if($request->session()->has('sudoModeAttempts')) { + $count = (int) $request->session()->get('sudoModeAttempts'); + $request->session()->put('sudoModeAttempts', $count + 1); + } else { + $request->session()->put('sudoModeAttempts', 1); + } if(password_verify($password, $user->password) === true) { $request->session()->put('sudoMode', time()); return redirect($next); diff --git a/app/Http/Middleware/DangerZone.php b/app/Http/Middleware/DangerZone.php index d1a1b4afb..5a43d6e6b 100644 --- a/app/Http/Middleware/DangerZone.php +++ b/app/Http/Middleware/DangerZone.php @@ -16,6 +16,12 @@ class DangerZone */ public function handle($request, Closure $next) { + if( $request->session()->get('sudoModeAttempts') > 3) { + $request->session()->pull('redirectNext'); + $request->session()->pull('sudoModeAttempts'); + Auth::logout(); + return redirect(route('login')); + } if(!Auth::check()) { return redirect(route('login')); }