bug #40547 [RateLimiter] Security hardening - Rate limiter (jderusse)
This PR was merged into the 5.2 branch.
Discussion
----------
[RateLimiter] Security hardening - Rate limiter
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
e61553af4b
Security hardening - Rate limiter
This commit is contained in:
commit
0f4870b23f
@ -46,7 +46,7 @@ final class RateLimiterFactory
|
||||
|
||||
public function create(?string $key = null): LimiterInterface
|
||||
{
|
||||
$id = $this->config['id'].$key;
|
||||
$id = $this->config['id'].'-'.$key;
|
||||
$lock = $this->lockFactory ? $this->lockFactory->createLock($id) : new NoLock();
|
||||
|
||||
switch ($this->config['policy']) {
|
||||
|
@ -41,7 +41,7 @@ final class DefaultLoginRateLimiter extends AbstractRequestRateLimiter
|
||||
{
|
||||
return [
|
||||
$this->globalFactory->create($request->getClientIp()),
|
||||
$this->localFactory->create($request->attributes->get(Security::LAST_USERNAME).$request->getClientIp()),
|
||||
$this->localFactory->create($request->attributes->get(Security::LAST_USERNAME).'-'.$request->getClientIp()),
|
||||
];
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user