From 221ddce0fa8617c800324997b27c72f6ef4b6413 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Tue, 23 May 2023 05:08:34 -0600 Subject: [PATCH] Update login form, allow admins to enable captcha after X failed attempts. Admins can set the number of attempts before captcha is shown, default is 2 attempts before captcha is required --- app/Http/Controllers/Auth/LoginController.php | 38 ++++++++++++++++++- config/captcha.php | 7 ++++ resources/views/auth/login.blade.php | 16 ++++++-- 3 files changed, 55 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 5a11808c..3861d327 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -7,6 +7,8 @@ use App\Http\Controllers\Controller; use App\User; use Illuminate\Foundation\Auth\AuthenticatesUsers; use App\Services\BouncerService; +use Illuminate\Http\Request; +use Illuminate\Validation\ValidationException; class LoginController extends Controller { @@ -70,8 +72,16 @@ class LoginController extends Controller 'password' => 'required|string|min:6', ]; - if(config('captcha.enabled') || config('captcha.active.login')) { - $rules['h-captcha-response'] = 'required|captcha'; + if( + config('captcha.enabled') || + config('captcha.active.login') || + ( + config('captcha.triggers.login.enabled') && + request()->session()->has('login_attempts') && + request()->session()->get('login_attempts') >= config('captcha.triggers.login.attempts') + ) + ) { + $rules['h-captcha-response'] = 'required|filled|captcha|min:5'; } $this->validate($request, $rules); @@ -102,4 +112,28 @@ class LoginController extends Controller $log->user_agent = $request->userAgent(); $log->save(); } + + /** + * Get the failed login response instance. + * + * @param \Illuminate\Http\Request $request + * @return \Symfony\Component\HttpFoundation\Response + * + * @throws \Illuminate\Validation\ValidationException + */ + protected function sendFailedLoginResponse(Request $request) + { + if(config('captcha.triggers.login.enabled')) { + if ($request->session()->has('login_attempts')) { + $ct = $request->session()->get('login_attempts'); + $request->session()->put('login_attempts', $ct + 1); + } else { + $request->session()->put('login_attempts', 1); + } + } + + throw ValidationException::withMessages([ + $this->username() => [trans('auth.failed')], + ]); + } } diff --git a/config/captcha.php b/config/captcha.php index 4f55cbb1..586f0d77 100644 --- a/config/captcha.php +++ b/config/captcha.php @@ -16,5 +16,12 @@ return [ 'active' => [ 'login' => env('CAPTCHA_ENABLED_ON_LOGIN', false), 'register' => env('CAPTCHA_ENABLED_ON_REGISTER', false) + ], + + 'triggers' => [ + 'login' => [ + 'enabled' => env('CAPTCHA_TRIGGERS_LOGIN_ENABLED', false), + 'attempts' => env('CAPTCHA_TRIGGERS_LOGIN_ATTEMPTS', 2) + ] ] ]; diff --git a/resources/views/auth/login.blade.php b/resources/views/auth/login.blade.php index 73559826..43caeb6d 100644 --- a/resources/views/auth/login.blade.php +++ b/resources/views/auth/login.blade.php @@ -50,10 +50,18 @@ - @if(config('captcha.enabled') || config('captcha.active.login')) -
- {!! Captcha::display() !!} -
+ @if( + config('captcha.enabled') || + config('captcha.active.login') || + ( + config('captcha.triggers.login.enabled') && + request()->session()->has('login_attempts') && + request()->session()->get('login_attempts') >= config('captcha.triggers.login.attempts') + ) + ) +
+ {!! Captcha::display() !!} +
@endif