Secure login access

bestmomo · bestmomo · commit 3a7a76914a39 · 2015-06-03T17:18:19.000+02:00
diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php
@@ -8,6 +8,7 @@
 use App\Http\Requests\Auth\LoginRequest;
 use App\Http\Requests\Auth\RegisterRequest;
 use App\Repositories\UserRepository;
+use App\Services\MaxValueDelay;
 
 class AuthController extends Controller {
 
@@ -43,19 +44,27 @@ public function __construct(Guard $auth)
 	 * @param  App\Http\Requests\LoginRequest  $request
 	 * @return Response
 	 */
-	public function postLogin(LoginRequest $request)
+	public function postLogin(LoginRequest $request, MaxValueDelay $maxValueDelay)
 	{
 		$logValue = $request->input('log');
 
-		$logAccess = filter_var($logValue, FILTER_VALIDATE_EMAIL) ? 'email' : 'username';
+		if($maxValueDelay->check($logValue))
+		{
+			return redirect('/auth/login')
+			->with('error', trans('front/login.maxattempt'));
+		}
 
+		$logAccess = filter_var($logValue, FILTER_VALIDATE_EMAIL) ? 'email' : 'username';
+		
 		$credentials = [$logAccess => $logValue, 'password' => $request->input('password')];
 
 		if ($this->auth->attempt($credentials, $request->has('memory')))
 		{
 			return redirect('/');
 		}
 
+		$maxValueDelay->increment($logValue);
+
 		return redirect('/auth/login')
 		->with('error', trans('front/login.credentials'))
 		->withInput($request->only('email'));
diff --git a/app/Services/MaxValueDelay.php b/app/Services/MaxValueDelay.php
@@ -0,0 +1,44 @@
+<?php namespace App\Services;
+
+use Cache;
+
+class MaxValueDelay {
+
+	/**
+	 * Time delay in minutes.
+	 *
+	 * @var int
+	 */
+	protected $timeRepeat = 4;
+
+	/**
+	 * Max repeat.
+	 *
+	 * @var int
+	 */	
+	protected $max = 2;
+
+	/**
+	 * Add or increment a key in cache.
+	 *
+	 * @return void
+	 */
+	public function increment($key)
+	{
+		if(!Cache::add($key, 0, $this->timeRepeat))
+		{
+			Cache::increment($key);
+		}
+	}
+
+	/**
+	 * Check for max value.
+	 *
+	 * @return bool
+	 */
+	public function check($key)
+	{
+		return Cache::get($key) == $this->max; 
+	}
+
+}
diff --git a/resources/lang/en/front/login.php b/resources/lang/en/front/login.php
@@ -11,5 +11,6 @@
 	'register-info' => 'To register quickly just click on the button !',
 	'registering' => 'I subscribe',
 	'credentials' => 'These credentials do not match our records.',
-	'log' => 'Your email or your user name'
+	'log' => 'Your email or your user name',
+	'maxattempt' => 'You have reached the maximum number of login attempts. Try again in a few minutes.'
 ];
diff --git a/resources/lang/fr/front/login.php b/resources/lang/fr/front/login.php
@@ -11,5 +11,6 @@
 	'register-info' => 'Vous pouvez vous inscrire rapidement et gratuitement et pouvoir ainsi laisser des commentaires en cliquant sur le bouton ci-dessous.',
 	'registering' => 'Je m\'inscris',
 	'credentials' => 'Ces informations ne correspondent pas à celles que nous avons dans notre base de données.',
-	'log' => 'Votre email ou votre nom d\'utilisateur'
+	'log' => 'Votre email ou votre nom d\'utilisateur',
+	'maxattempt' => 'Vous avez atteint le nombre maximum de tentatives de connexion. Réessayez dans quelques minutes.'
 ];
