登录限制 添加到我的 symfony 应用程序中。
如果我尝试在同一分钟内使用无效凭据连续登录 5 次,我的身份验证器的 TooManyLoginAttemptsAuthenticationException
方法中会出现
onAuthenticationFailure
,到目前为止一切顺利。但是,如果我尝试在
TooManyLoginAttemptsAuthenticationException
之后的同一分钟内使用正确的凭据登录,我预计会出现相同的错误,但实际上我已成功登录。我错过了什么吗?
我的 security.yaml :
security:
enable_authenticator_manager: true
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
ldap:
id: App\Security\LdapUserProvider
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\Utilisateur
property: nni
encoders:
App\Entity\Utilisateur:
algorithm: 'auto'
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: ^/get_team_email$, roles: PUBLIC_ACCESS }
- { path: ^/login$, roles: PUBLIC_ACCESS }
- { path: ^/login_check$, roles: PUBLIC_ACCESS }
- { path: ^, roles: ROLE_USER}
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
security: true
provider: '%connexion_provider%'
entry_point: App\Security\LdapFormAuthenticator
logout:
path: /logout
success_handler: app.logout.success.handler
# configuring the maximum login attempts (per minute)
login_throttling:
max_attempts: 3
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
guard:
authenticators:
- App\Security\LdapFormAuthenticator
form_login:
use_forward: true
login_path: login
check_path: login
节流处理程序的源代码中看到的那样,限制器会在成功登录后重置。它仅在连续 3 次失败登录尝试时启动(其中 3 次已在您自己的配置中定义)
login_throttling:
max_attempts: 3
interval: '5 minutes'