mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2024-11-24 09:50:45 -06:00
Fix Insufficient Granularity of Access Control
This commit is contained in:
James Cole
parent
e60444cf65
commit
0af2fd845d
@ -92,9 +92,12 @@ class ForgotPasswordController extends Controller
|
||||
// We will send the password reset link to this user. Once we have attempted
|
||||
// to send the link, we will examine the response then see the message we
|
||||
// need to show to the user. Finally, we'll send out a proper response.
|
||||
$this->broker()->sendResetLink($request->only('email'));
|
||||
$result = $this->broker()->sendResetLink($request->only('email'));
|
||||
if('passwords.throttled' === $result) {
|
||||
Log::error(sprintf('Cowardly refuse to send a password reset message to user #%d because the reset button has been throttled.', $user->id));
|
||||
}
|
||||
|
||||
// always send the same response:
|
||||
// always send the same response to the user:
|
||||
$response = trans('firefly.forgot_password_response');
|
||||
|
||||
return back()->with('status', trans($response));
|
||||
|
||||
@ -98,8 +98,8 @@ return [
|
||||
|
||||
'providers' => [
|
||||
'users' => [
|
||||
'driver' => 'eloquent',
|
||||
'model' => FireflyIII\User::class,
|
||||
'driver' => 'eloquent',
|
||||
'model' => FireflyIII\User::class,
|
||||
],
|
||||
'remote_user_provider' => [
|
||||
'driver' => 'remote_user_provider',
|
||||
@ -111,7 +111,7 @@ return [
|
||||
//'model' => LdapRecord\Models\ActiveDirectory\User::class,
|
||||
'model' => LdapRecord\Models\OpenLDAP\User::class,
|
||||
'rules' => [
|
||||
UserDefinedRule::class
|
||||
UserDefinedRule::class,
|
||||
],
|
||||
'database' => [
|
||||
'model' => FireflyIII\User::class,
|
||||
@ -141,6 +141,7 @@ return [
|
||||
'provider' => 'users',
|
||||
'table' => 'password_resets',
|
||||
'expire' => 60,
|
||||
'throttle' => 300, // Allows a user to request 1 token per 300 seconds
|
||||
],
|
||||
],
|
||||
/*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user