UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2025-01-10 22:20:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #4409 from pixelfed/staging

Browse source 
Update login form, allow admins to enable captcha after X failed atte…
This commit is contained in:
daniel 2023-05-23 05:10:15 -06:00 committed by GitHub
commit a73541ab95
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 56 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -53,6 +53,7 @@
- Update PublicTimelineService, improve warmCache query ([9f901d65](https://github.com/pixelfed/pixelfed/commit/9f901d65)) - Update PublicTimelineService, improve warmCache query ([9f901d65](https://github.com/pixelfed/pixelfed/commit/9f901d65))
- Update AP Inbox, fix delete handling ([2800c888](https://github.com/pixelfed/pixelfed/commit/2800c888)) - Update AP Inbox, fix delete handling ([2800c888](https://github.com/pixelfed/pixelfed/commit/2800c888))
- Update login/register views and captcha config, enable login or register captchas or both ([c071c719](https://github.com/pixelfed/pixelfed/commit/c071c719)) - Update login/register views and captcha config, enable login or register captchas or both ([c071c719](https://github.com/pixelfed/pixelfed/commit/c071c719))
- Update login form, allow admins to enable captcha after X failed attempts. Admins can set the number of attempts before captcha is shown, default is 2 attempts before captcha is required ([221ddce0](https://github.com/pixelfed/pixelfed/commit/221ddce0))
- ([](https://github.com/pixelfed/pixelfed/commit/)) - ([](https://github.com/pixelfed/pixelfed/commit/))
## [v0.11.6 (2023-05-03)](https://github.com/pixelfed/pixelfed/compare/v0.11.5...v0.11.6) ## [v0.11.6 (2023-05-03)](https://github.com/pixelfed/pixelfed/compare/v0.11.5...v0.11.6)

38
app/Http/Controllers/Auth/LoginController.php
View file

@ -7,6 +7,8 @@ use App\Http\Controllers\Controller;
use App\User; use App\User;
use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Foundation\Auth\AuthenticatesUsers;
use App\Services\BouncerService; use App\Services\BouncerService;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
class LoginController extends Controller class LoginController extends Controller
{ {
@ -70,8 +72,16 @@ class LoginController extends Controller
'password' => 'required|string|min:6', 'password' => 'required|string|min:6',
]; ];
if(config('captcha.enabled') || config('captcha.active.login')) { if(
$rules['h-captcha-response'] = 'required|captcha'; config('captcha.enabled') ||
config('captcha.active.login') ||
(
config('captcha.triggers.login.enabled') &&
request()->session()->has('login_attempts') &&
request()->session()->get('login_attempts') >= config('captcha.triggers.login.attempts')
)
) {
$rules['h-captcha-response'] = 'required|filled|captcha|min:5';
} }
$this->validate($request, $rules); $this->validate($request, $rules);
@ -102,4 +112,28 @@ class LoginController extends Controller
$log->user_agent = $request->userAgent(); $log->user_agent = $request->userAgent();
$log->save(); $log->save();
} }
/**
* Get the failed login response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Symfony\Component\HttpFoundation\Response
*
* @throws \Illuminate\Validation\ValidationException
*/
protected function sendFailedLoginResponse(Request $request)
{
if(config('captcha.triggers.login.enabled')) {
if ($request->session()->has('login_attempts')) {
$ct = $request->session()->get('login_attempts');
$request->session()->put('login_attempts', $ct + 1);
} else {
$request->session()->put('login_attempts', 1);
}
}
throw ValidationException::withMessages([
$this->username() => [trans('auth.failed')],
]);
}
} }

7
config/captcha.php
View file

@ -16,5 +16,12 @@ return [
'active' => [ 'active' => [
'login' => env('CAPTCHA_ENABLED_ON_LOGIN', false), 'login' => env('CAPTCHA_ENABLED_ON_LOGIN', false),
'register' => env('CAPTCHA_ENABLED_ON_REGISTER', false) 'register' => env('CAPTCHA_ENABLED_ON_REGISTER', false)
],
'triggers' => [
'login' => [
'enabled' => env('CAPTCHA_TRIGGERS_LOGIN_ENABLED', false),
'attempts' => env('CAPTCHA_TRIGGERS_LOGIN_ATTEMPTS', 2)
]
] ]
]; ];

16
resources/views/auth/login.blade.php
View file

@ -50,10 +50,18 @@
</div> </div>
</div> </div>
@if(config('captcha.enabled') || config('captcha.active.login')) @if(
<div class="d-flex justify-content-center mb-3"> config('captcha.enabled') ||
{!! Captcha::display() !!} config('captcha.active.login') ||
</div> (
config('captcha.triggers.login.enabled') &&
request()->session()->has('login_attempts') &&
request()->session()->get('login_attempts') >= config('captcha.triggers.login.attempts')
)
)
<div class="d-flex justify-content-center mb-3">
{!! Captcha::display() !!}
</div>
@endif @endif
<div class="form-group row mb-0"> <div class="form-group row mb-0">