douweiluo0600 2018-04-12 17:56
浏览 55
已采纳

Laravel 5.6 Passport OAuth Max登录尝试

I've just created a simple OAuth system with Laravel Passport. This system will be responsible for an external app user registration and authentication. Everything is working as i expect, and now i would like to implement a mechanism to lock users after a predefined number of failed login attempts.

I'm new to Laravel and Passport, is there any built in package that can manage this for me? Or do I have to develop this feature on my own? If so, how can i accomplish such task?

I've been searching all around the interwebs but until now i couldn't find anything regarding Passport OAuth.

  • 写回答

2条回答 默认 最新

  • douxian6260 2018-04-16 22:32
    关注

    I've managed to accomplish what i wanted to do, if anyone comes across this issue, here's what i did...

    Created a custom AuthController and login method to replace Laravel Passport's default oauth/token:

    use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
use Illuminate\Http\Response;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Response;
use \Laravel\Passport\Http\Controllers\AccessTokenController as AccessTokenController;

class AuthController extends AccessTokenController
{
    use AuthenticatesUsers;

    //custom login method
    public function login(Request $request)
    {
        //...
    }
}

    Before any other login actions, check if a user has reached the max login attempts:

    //custom login method
public function login(Request $request)
{
    //check if the max number of login attempts has been reached
    if ($this->hasTooManyLoginAttempts($request)) 
    {
        $this->fireLockoutEvent($request);

        return "To many attempts...";
    }

    //...
}

    Verify user credentials by attempting a login. If a logins succeeds reset the the failed attempts count. If it fails, increment the count:

    //check if user has reached the max number of login attempts

//verify user credentials
$credentials = $request->only('email', 'password');

if (Auth::attempt($credentials)) 
{       
    //reset failed login attemps
    $this->clearLoginAttempts($request);

    //...
}
else
{       
    //count user failed login attempts
    $this->incrementLoginAttempts($request);

    return "Login failed...";
}

    And finally, since Passport (OAuth2) uses PSR-7 requests (Server Request Interface), we need to convert the standard Laravel request to PSR-7 in order to issue the access token:

    //Authentication passed...

//convert Laravel Request (Symfony Request) to PSR-7
$psr7Factory = new DiactorosFactory();
$psrRequest = $psr7Factory->createRequest($request);

//generate access token
$tokenResponse = parent::issueToken($psrRequest);

//return issued token
return Response::json($tokenResponse);

    Here's the complete login method:

    public function login(Request $request)
{
    //check if user has reached the max number of login attempts
    if ($this->hasTooManyLoginAttempts($request)) 
    {
        $this->fireLockoutEvent($request);

        return "To many attempts...";
    }


    //verify user credentials
    $credentials = $request->only('email', 'password');

    if (Auth::attempt($credentials)) 
    {
        //Authentication passed...

        //reset failed login attemps
        $this->clearLoginAttempts($request);

        //convert Laravel Request (Symfony Request) to PSR-7
        $psr7Factory = new DiactorosFactory();
        $psrRequest = $psr7Factory->createRequest($request);

        //generate access token
        $tokenResponse = parent::issueToken($psrRequest);

        //return issued token
        return Response::json($tokenResponse);
    } 
    else 
    {
        //count user failed login attempts
        $this->incrementLoginAttempts($request);

        return "Login failed...";
    }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛
  • ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题
  • ¥30 python代码,帮调试
  • ¥15 #MATLAB仿真#车辆换道路径规划
  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
  • ¥15 数据可视化Python
  • ¥15 要给毕业设计添加扫码登录的功能!!有偿
  • ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥100 Jenkins自动化部署—悬赏100元