在laravel 6中,密码代理现在具有以下用于限制密码重置(https://github.com/laravel/framework/blob/6.x/src/Illuminate/Auth/Passwords/PasswordBroker.php#L58)
public function sendResetLink(array $credentials)
{
// First we will check to see if we found a user at the given credentials and
// if we did not we will redirect back to this current URI with a piece of
// "flash" data in the session to indicate to the developers the errors.
$user = $this->getUser($credentials);
if (is_null($user)) {
return static::INVALID_USER;
}
if (method_exists($this->tokens, 'recentlyCreatedToken') &&
$this->tokens->recentlyCreatedToken($user)) {
return static::RESET_THROTTLED;
}
// Once we have the reset token, we are ready to send the message out to this
// user with a link to reset their password. We will then redirect back to
// the current URI having nothing set in the session to indicate errors.
$user->sendPasswordResetNotification(
$this->tokens->create($user)
);
return static::RESET_LINK_SENT;
}
但是,当我反复提交密码重置时,为什么密码重置没有受到限制-我仍然收到重置通知吗?
[我已经注意到,在6.x recentlyCreatedToken版本的TokenRepositoryInterface中不存在https://github.com/laravel/framework/blob/6.x/src/Illuminate/Auth/Passwords/TokenRepositoryInterface.php方法>
但是已在版本7.x中添加
这仅是v7.x的功能,还是我需要做的一些遗失的事情?
在laravel 6中,密码代理现在具有以下限制密码重置的功能(https://github.com/laravel/framework/blob/6.x/src/Illuminate/Auth/Passwords/PasswordBroker.php#L58)公共函数...
密码重设限制在Laravel 6.x中有效,但是由于某些原因,您需要在配置文件throttle中手动设置config/auth.php参数: