We could not synchronize checks via GitHub's checks API since Scrutinizer's GitHub App is not installed for this repository.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Backpack\CRUD\app\Library\Auth; |
||
4 | |||
5 | use Illuminate\Auth\Events\Lockout; |
||
6 | use Illuminate\Cache\RateLimiter; |
||
7 | use Illuminate\Http\Request; |
||
8 | use Illuminate\Http\Response; |
||
9 | use Illuminate\Support\Facades\Lang; |
||
10 | use Illuminate\Support\Str; |
||
11 | use Illuminate\Validation\ValidationException; |
||
12 | |||
13 | trait ThrottlesLogins |
||
14 | { |
||
15 | /** |
||
16 | * Determine if the user has too many failed login attempts. |
||
17 | * |
||
18 | * @param \Illuminate\Http\Request $request |
||
19 | * @return bool |
||
20 | */ |
||
21 | protected function hasTooManyLoginAttempts(Request $request) |
||
22 | { |
||
23 | return $this->limiter()->tooManyAttempts( |
||
24 | $this->throttleKey($request), $this->maxAttempts() |
||
25 | ); |
||
26 | } |
||
27 | |||
28 | /** |
||
29 | * Increment the login attempts for the user. |
||
30 | * |
||
31 | * @param \Illuminate\Http\Request $request |
||
32 | * @return void |
||
33 | */ |
||
34 | protected function incrementLoginAttempts(Request $request) |
||
35 | { |
||
36 | $this->limiter()->hit( |
||
37 | $this->throttleKey($request), $this->decayMinutes() * 60 |
||
38 | ); |
||
39 | } |
||
40 | |||
41 | /** |
||
42 | * Redirect the user after determining they are locked out. |
||
43 | * |
||
44 | * @param \Illuminate\Http\Request $request |
||
45 | * @return void |
||
46 | * |
||
47 | * @throws \Illuminate\Validation\ValidationException |
||
48 | */ |
||
49 | protected function sendLockoutResponse(Request $request) |
||
50 | { |
||
51 | $seconds = $this->limiter()->availableIn( |
||
52 | $this->throttleKey($request) |
||
53 | ); |
||
54 | |||
55 | throw ValidationException::withMessages([ |
||
56 | $this->username() => [Lang::get('auth.throttle', [ |
||
0 ignored issues
–
show
|
|||
57 | 'seconds' => $seconds, |
||
58 | 'minutes' => ceil($seconds / 60), |
||
59 | ])], |
||
60 | ])->status(Response::HTTP_TOO_MANY_REQUESTS); |
||
61 | } |
||
62 | |||
63 | /** |
||
64 | * Clear the login locks for the given user credentials. |
||
65 | * |
||
66 | * @param \Illuminate\Http\Request $request |
||
67 | * @return void |
||
68 | */ |
||
69 | protected function clearLoginAttempts(Request $request) |
||
70 | { |
||
71 | $this->limiter()->clear($this->throttleKey($request)); |
||
72 | } |
||
73 | |||
74 | /** |
||
75 | * Fire an event when a lockout occurs. |
||
76 | * |
||
77 | * @param \Illuminate\Http\Request $request |
||
78 | * @return void |
||
79 | */ |
||
80 | protected function fireLockoutEvent(Request $request) |
||
81 | { |
||
82 | event(new Lockout($request)); |
||
83 | } |
||
84 | |||
85 | /** |
||
86 | * Get the throttle key for the given request. |
||
87 | * |
||
88 | * @param \Illuminate\Http\Request $request |
||
89 | * @return string |
||
90 | */ |
||
91 | protected function throttleKey(Request $request) |
||
92 | { |
||
93 | return Str::lower($request->input($this->username())).'|'.$request->ip(); |
||
0 ignored issues
–
show
It seems like
username() must be provided by classes using this trait. How about adding it as abstract method to this trait?
This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable {
public function equalIds(Idable $other) {
return $this->getId() === $other->getId();
}
}
The trait Adding the
Loading history...
|
|||
94 | } |
||
95 | |||
96 | /** |
||
97 | * Get the rate limiter instance. |
||
98 | * |
||
99 | * @return \Illuminate\Cache\RateLimiter |
||
100 | */ |
||
101 | protected function limiter() |
||
102 | { |
||
103 | return app(RateLimiter::class); |
||
104 | } |
||
105 | |||
106 | /** |
||
107 | * Get the maximum number of attempts to allow. |
||
108 | * |
||
109 | * @return int |
||
110 | */ |
||
111 | public function maxAttempts() |
||
112 | { |
||
113 | return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5; |
||
114 | } |
||
115 | |||
116 | /** |
||
117 | * Get the number of minutes to throttle for. |
||
118 | * |
||
119 | * @return int |
||
120 | */ |
||
121 | public function decayMinutes() |
||
122 | { |
||
123 | return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1; |
||
124 | } |
||
125 | } |
||
126 |
This check looks for methods that are used by a trait but not required by it.
To illustrate, let’s look at the following code example
The trait
Idable
provides a methodequalsId
that in turn relies on the methodgetId()
. If this method does not exist on a class mixing in this trait, the method will fail.Adding the
getId()
as an abstract method to the trait will make sure it is available.