-
-
Notifications
You must be signed in to change notification settings - Fork 829
/
PasswordResetThrottler.php
45 lines (36 loc) · 1.14 KB
/
PasswordResetThrottler.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\User\Throttler;
use Carbon\Carbon;
use Flarum\Http\RequestUtil;
use Flarum\User\PasswordToken;
use Illuminate\Support\Arr;
use Psr\Http\Message\ServerRequestInterface;
/**
* Logged-in users can request password reset email,
* this throttler applies a timeout of 5 minutes between password resets.
* This does not apply to guests requesting password resets.
*/
class PasswordResetThrottler
{
public static int $timeout = 300;
public function __invoke(ServerRequestInterface $request): ?bool
{
if ($request->getAttribute('routeName') !== 'forgot') {
return null;
}
if (! Arr::has($request->getParsedBody(), 'email')) {
return null;
}
$actor = RequestUtil::getActor($request);
if (PasswordToken::query()->where('user_id', $actor->id)->where('created_at', '>=', Carbon::now()->subSeconds(self::$timeout))->exists()) {
return true;
}
return null;
}
}