first commit
This commit is contained in:
34
app/Http/Requests/Auth/ChangePasswordRequest.php
Normal file
34
app/Http/Requests/Auth/ChangePasswordRequest.php
Normal file
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests\Auth;
|
||||
|
||||
use App\Rules\PasswordNotReused;
|
||||
use App\Support\PasswordPolicy;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
|
||||
/**
|
||||
* Смена пароля с проверкой политики и истории (меры ИАФ.3).
|
||||
*/
|
||||
class ChangePasswordRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
return $this->user() !== null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'current_password' => ['required', 'current_password'],
|
||||
'password' => [
|
||||
'required',
|
||||
'confirmed',
|
||||
PasswordPolicy::rule(),
|
||||
new PasswordNotReused($this->user()),
|
||||
],
|
||||
];
|
||||
}
|
||||
}
|
||||
86
app/Http/Requests/Auth/LoginRequest.php
Normal file
86
app/Http/Requests/Auth/LoginRequest.php
Normal file
@@ -0,0 +1,86 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests\Auth;
|
||||
|
||||
use Illuminate\Auth\Events\Lockout;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\RateLimiter;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
|
||||
/**
|
||||
* Валидация и обработка попытки входа (меры ИАФ.1, ИАФ.6, УПД.6).
|
||||
*
|
||||
* Реализует блокировку после N неудачных попыток на T минут согласно
|
||||
* config/security.php → lockout.
|
||||
*/
|
||||
class LoginRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'email' => ['required', 'string', 'email'],
|
||||
'password' => ['required', 'string'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Попытка аутентификации с проверкой ограничения скорости и блокировки.
|
||||
*/
|
||||
public function authenticate(): void
|
||||
{
|
||||
$this->ensureIsNotRateLimited();
|
||||
|
||||
if (! Auth::attempt($this->only('email', 'password'), $this->boolean('remember'))) {
|
||||
RateLimiter::hit($this->throttleKey(), $this->decaySeconds());
|
||||
|
||||
throw ValidationException::withMessages([
|
||||
'email' => __('auth.failed'),
|
||||
]);
|
||||
}
|
||||
|
||||
RateLimiter::clear($this->throttleKey());
|
||||
}
|
||||
|
||||
/**
|
||||
* Проверка лимита неудачных попыток (ИАФ.6).
|
||||
*/
|
||||
public function ensureIsNotRateLimited(): void
|
||||
{
|
||||
$maxAttempts = (int) config('security.lockout.max_attempts');
|
||||
|
||||
if (! RateLimiter::tooManyAttempts($this->throttleKey(), $maxAttempts)) {
|
||||
return;
|
||||
}
|
||||
|
||||
event(new Lockout($this));
|
||||
|
||||
$seconds = RateLimiter::availableIn($this->throttleKey());
|
||||
|
||||
throw ValidationException::withMessages([
|
||||
'email' => __('auth.throttle', [
|
||||
'seconds' => $seconds,
|
||||
'minutes' => ceil($seconds / 60),
|
||||
]),
|
||||
]);
|
||||
}
|
||||
|
||||
public function throttleKey(): string
|
||||
{
|
||||
return Str::transliterate(Str::lower($this->string('email')).'|'.$this->ip());
|
||||
}
|
||||
|
||||
private function decaySeconds(): int
|
||||
{
|
||||
return (int) config('security.lockout.decay_minutes') * 60;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user