Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove "_token" from parseIdentity #408

Merged
merged 6 commits into from Sep 20, 2014
Merged

Remove "_token" from parseIdentity #408

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
44a7b29
parseIdentity remove csrf token
Sep 15, 2014
4abb95c
add a note regarding $repo->isThrottled($input)
Sep 15, 2014
97d2b74
Update CacheLoginThrottleService.php
Sep 15, 2014
a298d8d
add _token and remember to testShouldParseIdentity
Sep 19, 2014
9110f65
Removed comment about using just a part of the input to check if thro…
Zizaco Sep 20, 2014
58587dd
Updated CacheLoginThrottleService in order to use a more pessimistic …
Zizaco Sep 20, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
16 changes: 11 additions & 5 deletions src/Confide/CacheLoginThrottleService.php
View file
Open in desktop
Expand Up @@ -72,12 +72,18 @@ public function isThrottled($identity)
*/
protected function parseIdentity($identity)
{
// If is an array, remove password, remember and then
// transforms it into a string.
// The fields that are relevant for login throttling.
$relevantFields = ['email'];

if (is_array($identity)) {
unset($identity['password']);
unset($identity['remember']);
$identity = serialize($identity);
// If is an array, remove all non important fields and
// transforms it into a string.
$cleanedIdentity = array_intersect_key(
$identity,
array_flip($relevantFields)
);

$identity = serialize($cleanedIdentity);
}

return $identity;
Expand Down
7 changes: 6 additions & 1 deletion tests/Confide/CacheLoginThrottleServiceTest.php
View file
Open in desktop
Expand Up @@ -133,7 +133,12 @@ public function testShouldParseIdentity()
*/
$throttleService = m::mock('Zizaco\Confide\CacheLoginThrottleService[parseIdentity]', []);
$throttleService->shouldAllowMockingProtectedMethods();
$identity = ['email'=>'someone@somewhere.com','password'=>'123'];
$identity = [
'email'=>'someone@somewhere.com',
'password'=>'123',
'_token'=>'somethingusual',
'remember'=>true
];

/*
|------------------------------------------------------------
Expand Down