kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-31 02:36:28 +00:00
Code Issues Projects Releases Wiki Activity

Fix Insufficient Granularity of Access Control

Browse Source
This commit is contained in:
James Cole
2021-10-03 18:18:44 +02:00
parent e60444cf65
commit 0af2fd845d
2 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/Http/Controllers/Auth/ForgotPasswordController.php
View File

@@ -92,9 +92,12 @@ class ForgotPasswordController extends Controller
// We will send the password reset link to this user. Once we have attempted
// to send the link, we will examine the response then see the message we
// need to show to the user. Finally, we'll send out a proper response.
$this->broker()->sendResetLink($request->only('email'));
$result = $this->broker()->sendResetLink($request->only('email'));
if('passwords.throttled' === $result) {
Log::error(sprintf('Cowardly refuse to send a password reset message to user #%d because the reset button has been throttled.', $user->id));
}
// always send the same response:
// always send the same response to the user:
$response = trans('firefly.forgot_password_response');
return back()->with('status', trans($response));

7
config/auth.php
View File

@@ -98,8 +98,8 @@ return [
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => FireflyIII\User::class,
'driver' => 'eloquent',
'model' => FireflyIII\User::class,
],
'remote_user_provider' => [
'driver' => 'remote_user_provider',
@@ -111,7 +111,7 @@ return [
//'model' => LdapRecord\Models\ActiveDirectory\User::class,
'model' => LdapRecord\Models\OpenLDAP\User::class,
'rules' => [
UserDefinedRule::class
UserDefinedRule::class,
],
'database' => [
'model' => FireflyIII\User::class,
@@ -141,6 +141,7 @@ return [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 300, // Allows a user to request 1 token per 300 seconds
],
],
/*