Skip to content

Commit

Permalink
Make LoginRateLimiter case insentive
Browse files Browse the repository at this point in the history
  • Loading branch information
@jderusse
jderusse committed May 10, 2021
1 parent a8b5ba8 commit eb86bcf
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
2 changes: 1 addition & 1 deletion RateLimiter/DefaultLoginRateLimiter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ protected function getLimiters(Request $request): array
{
return [
$this->globalFactory->create($request->getClientIp()),
$this->localFactory->create($request->attributes->get(Security::LAST_USERNAME).'-'.$request->getClientIp()),
$this->localFactory->create(strtolower($request->attributes->get(Security::LAST_USERNAME)).'-'.$request->getClientIp()),
];
}
}
15 changes: 15 additions & 0 deletions Tests/EventListener/LoginThrottlingListenerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,21 @@ public function testPreventsLoginWhenOverLocalThreshold()
$this->listener->checkPassport($this->createCheckPassportEvent($passport));
}

public function testPreventsLoginWithMultipleCase()
{
$request = $this->createRequest();
$passports = [$this->createPassport('wouter'), $this->createPassport('Wouter'), $this->createPassport('wOuter')];

$this->requestStack->push($request);

for ($i = 0; $i < 3; ++$i) {
$this->listener->checkPassport($this->createCheckPassportEvent($passports[$i % 3]));
}

$this->expectException(TooManyLoginAttemptsAuthenticationException::class);
$this->listener->checkPassport($this->createCheckPassportEvent($passports[0]));
}

public function testPreventsLoginWhenOverGlobalThreshold()
{
$request = $this->createRequest();
Expand Down

0 comments on commit eb86bcf

Please sign in to comment.