limit login attempts

stephanediondev · stephanediondev · commit 53b35a5d828f · 2022-03-05T13:38:25.000+01:00
diff --git a/.env.dist b/.env.dist
@@ -22,6 +22,12 @@ APP_SECRET=fda41e68dccbce19b1829cb12cc5d89f
 MAILER_DSN=null://null
 ###< symfony/mailer ###
 
+###> symfony/lock ###
+# Choose one of the stores below
+# postgresql+advisory://db_user:db_password@localhost/db_name
+LOCK_DSN=semaphore
+###< symfony/lock ###
+
 ###> app ###
 INSTALLATION_TYPE=source
 ELASTICSEARCH_URL=http://localhost:9200
diff --git a/composer.json b/composer.json
@@ -8,9 +8,9 @@
     "prefer-stable": true,
     "require": {
         "php": ">=8.0.2",
-        "composer-runtime-api": ">=2.1",
         "ext-ctype": "*",
         "ext-iconv": "*",
+        "composer-runtime-api": ">=2.1",
         "box/spout": "^3.1",
         "matomo/device-detector": "^5.0",
         "minishlink/web-push": "^6.0.1",
@@ -27,6 +27,7 @@
         "symfony/mailer": "6.0.*",
         "symfony/monolog-bundle": "^3.1",
         "symfony/process": "6.0.*",
+        "symfony/rate-limiter": "6.0.*",
         "symfony/runtime": "6.0.*",
         "symfony/security-bundle": "6.0.*",
         "symfony/serializer": "6.0.*",
diff --git a/composer.lock b/composer.lock
diff --git a/config/packages/lock.yaml b/config/packages/lock.yaml
@@ -0,0 +1,2 @@
+framework:
+    lock: '%env(LOCK_DSN)%'
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -18,6 +18,9 @@ security:
             custom_authenticator: App\Security\AppCustomAuthenticator
             logout:
                 path: app_logout
+            login_throttling:
+                max_attempts: 3
+                interval: '5 minutes'
 
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
diff --git a/src/Controller/AppSecurityController.php b/src/Controller/AppSecurityController.php
@@ -52,7 +52,7 @@ public function login(Request $request, AuthenticationUtils $authenticationUtils
         }
 
         if ($error = $authenticationUtils->getLastAuthenticationError()) {
-            $this->addFlash('danger', $error->getMessageKey());
+            $this->addFlash('danger', strtr($error->getMessageKey(), $error->getMessageData()));
         }
 
         $lastUsername = $authenticationUtils->getLastUsername();
diff --git a/symfony.lock b/symfony.lock
@@ -317,6 +317,18 @@
     "symfony/intl": {
         "version": "v5.0.5"
     },
+    "symfony/lock": {
+        "version": "6.0",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "master",
+            "version": "5.2",
+            "ref": "a1c8800e40ae735206bb14586fdd6c4630a51b8d"
+        },
+        "files": [
+            "config/packages/lock.yaml"
+        ]
+    },
     "symfony/mailer": {
         "version": "4.3",
         "recipe": {
@@ -407,6 +419,9 @@
     "symfony/property-info": {
         "version": "v5.0.5"
     },
+    "symfony/rate-limiter": {
+        "version": "v6.0.3"
+    },
     "symfony/routing": {
         "version": "6.0",
         "recipe": {

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+framework:`
	`2`	`+ lock: '%env(LOCK_DSN)%'`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public function login(Request $request, AuthenticationUtils $authenticationUtils`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`if ($error = $authenticationUtils->getLastAuthenticationError()) {`
`55`		`- $this->addFlash('danger', $error->getMessageKey());`
	`55`	`+ $this->addFlash('danger', strtr($error->getMessageKey(), $error->getMessageData()));`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`$lastUsername = $authenticationUtils->getLastUsername();`