Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove "_token" from parseIdentity #408

Merged
merged 6 commits into from Sep 20, 2014
Merged

Remove "_token" from parseIdentity #408

merged 6 commits into from Sep 20, 2014

Commits on Sep 15, 2014

  1. parseIdentity remove csrf token

    wppd committed Sep 15, 2014
    Configuration menu
    Copy the full SHA
    44a7b29 View commit details
    Browse the repository at this point in the history

  2. add a note regarding $repo->isThrottled($input) 

    94th line, `$repo->login($input)`. 

In fact, it'll extract username or email from the `$input` as throttle identity 

However, `$repo->isThrottled($input)` will just use `$input` as throttle identity.

so, the throttle identity will never match up resulting in login throttling not working.
    wppd committed Sep 15, 2014
    Configuration menu
    Copy the full SHA
    4abb95c View commit details
    Browse the repository at this point in the history

  3. Update CacheLoginThrottleService.php

    wppd committed Sep 15, 2014
    Configuration menu
    Copy the full SHA
    97d2b74 View commit details
    Browse the repository at this point in the history

Commits on Sep 19, 2014

  1. add _token and remember to testShouldParseIdentity

    wppd committed Sep 19, 2014
    Configuration menu
    Copy the full SHA
    a298d8d View commit details
    Browse the repository at this point in the history

Commits on Sep 20, 2014

  1. Removed comment about using just a part of the input to check if thro… 

    …ttled since CacheLoginThrottleService::parseIdentity now removes _token
    @Zizaco
    Zizaco committed Sep 20, 2014
    Configuration menu
    Copy the full SHA
    9110f65 View commit details
    Browse the repository at this point in the history

  2. Updated CacheLoginThrottleService in order to use a more pessimistic … 

    …approach when parsing identity
    @Zizaco
    Zizaco committed Sep 20, 2014
    Configuration menu
    Copy the full SHA
    58587dd View commit details
    Browse the repository at this point in the history