3

我将 JWT 用于我的 Laravel + Angular 应用程序。我看到 Laravel 5.3 具有开箱即用的登录限制功能。但是在使用 JWT Auth 时,我怎样才能让它工作呢?我有以下代码,但登录限制不起作用。尽管尝试了无数次失败,但我只收到Invalid Login Details错误消息,但没有限制并显示Too many logins错误:

class LoginController extends Controller
{
     use AuthenticatesUsers;

     protected $maxLoginAttempts=5;
     protected $lockoutTime=300;

    public function login(Request $request)
    {
      $credentials = $request->only('email', 'password');

      $this->validate($request, [
        'email' => 'required',
        'password' => 'required',
      ]);

      if ($this->hasTooManyLoginAttempts($request)) {
            $this->fireLockoutEvent($request);
            return response()->json(['error' => 'Too many logins'], 400);
      }

      try {
        if (! $token = JWTAuth::attempt($credentials)) {
          return response()->json(['error' => 'Invalid Login Details'], 401);
        }
      } catch (JWTException $e) {
        // something went wrong
        $this->incrementLoginAttempts($request);
        return response()->json(['error' => 'Could Not Create Token'], 500);
      }

      // if no errors are encountered we can return a JWT
      return response()->json(compact('token'));
    }
}

您如何使用 JWTAuth 使用此功能?你能帮我吗?

4

1 回答 1

4

这是因为您的 JWTAuth 不会抛出异常来增加您的登录尝试。只需将$this->incrementLoginAttempts($request);身份验证失败的条件放入内部,如下所示:

if (! $token = JWTAuth::attempt($credentials)) {
$this->incrementLoginAttempts($request);
return response()->json(['error' => 'Invalid Login Details'], 401);
}
于 2017-01-14T19:47:07.463 回答