|
|
|
|
@ -207,7 +207,7 @@ class LoginController extends Controller { |
|
|
|
|
$this->canResetPassword($passwordLink, $user) |
|
|
|
|
); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Sets the initial state of whether or not a user is allowed to login with their email |
|
|
|
|
* initial state is passed in the array of 1 for email allowed and 0 for not allowed |
|
|
|
|
@ -299,7 +299,8 @@ class LoginController extends Controller { |
|
|
|
|
$user, |
|
|
|
|
$user, |
|
|
|
|
$redirect_url, |
|
|
|
|
self::LOGIN_MSG_CSRFCHECKFAILED |
|
|
|
|
self::LOGIN_MSG_CSRFCHECKFAILED, |
|
|
|
|
false, |
|
|
|
|
); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -349,7 +350,12 @@ class LoginController extends Controller { |
|
|
|
|
* @return RedirectResponse |
|
|
|
|
*/ |
|
|
|
|
private function createLoginFailedResponse( |
|
|
|
|
$user, $originalUser, $redirect_url, string $loginMessage) { |
|
|
|
|
$user, |
|
|
|
|
$originalUser, |
|
|
|
|
$redirect_url, |
|
|
|
|
string $loginMessage, |
|
|
|
|
bool $throttle = true, |
|
|
|
|
) { |
|
|
|
|
// Read current user and append if possible we need to |
|
|
|
|
// return the unmodified user otherwise we will leak the login name |
|
|
|
|
$args = $user !== null ? ['user' => $originalUser, 'direct' => 1] : []; |
|
|
|
|
@ -359,7 +365,9 @@ class LoginController extends Controller { |
|
|
|
|
$response = new RedirectResponse( |
|
|
|
|
$this->urlGenerator->linkToRoute('core.login.showLoginForm', $args) |
|
|
|
|
); |
|
|
|
|
$response->throttle(['user' => substr($user, 0, 64)]); |
|
|
|
|
if ($throttle) { |
|
|
|
|
$response->throttle(['user' => substr($user, 0, 64)]); |
|
|
|
|
} |
|
|
|
|
$this->session->set('loginMessages', [ |
|
|
|
|
[$loginMessage], [] |
|
|
|
|
]); |
|
|
|
|
|
Benjamin Gaussorgues
2 years ago