Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/old/vendor/magento/module-security/Model/SecurityChecker/ |
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
namespace Magento\Security\Model\SecurityChecker;
use Magento\Framework\Exception\SecurityViolationException;
use Magento\Framework\HTTP\PhpEnvironment\RemoteAddress;
use Magento\Security\Model\Config\Source\ResetMethod;
use Magento\Security\Model\ConfigInterface;
use Magento\Security\Model\ResourceModel\PasswordResetRequestEvent\CollectionFactory;
/**
* Checker by frequency requests
*/
class Frequency implements SecurityCheckerInterface
{
/**
* @var \Magento\Framework\Stdlib\DateTime\DateTime
*/
private $dateTime;
/**
* @var \Magento\Security\Model\ResourceModel\PasswordResetRequestEvent\CollectionFactory
*/
private $collectionFactory;
/**
* @var ConfigInterface
*/
private $securityConfig;
/**
* @var RemoteAddress
*/
private $remoteAddress;
/**
* @param ConfigInterface $securityConfig
* @param CollectionFactory $collectionFactory
* @param \Magento\Framework\Stdlib\DateTime\DateTime $dateTime
* @param RemoteAddress $remoteAddress
*/
public function __construct(
ConfigInterface $securityConfig,
CollectionFactory $collectionFactory,
\Magento\Framework\Stdlib\DateTime\DateTime $dateTime,
RemoteAddress $remoteAddress
) {
$this->securityConfig = $securityConfig;
$this->collectionFactory = $collectionFactory;
$this->dateTime = $dateTime;
$this->remoteAddress = $remoteAddress;
}
/**
* @inheritdoc
*/
public function check($securityEventType, $accountReference = null, $longIp = null)
{
$isEnabled = $this->securityConfig->getPasswordResetProtectionType() != ResetMethod::OPTION_NONE;
$limitTimeBetweenRequests = $this->securityConfig->getMinTimeBetweenPasswordResetRequests();
if ($isEnabled && $limitTimeBetweenRequests) {
if (null === $longIp) {
$longIp = $this->remoteAddress->getRemoteAddress();
}
$lastRecordCreationTimestamp = $this->loadLastRecordCreationTimestamp(
$securityEventType,
$accountReference,
$longIp
);
if ($lastRecordCreationTimestamp && (
$limitTimeBetweenRequests >
($this->dateTime->gmtTimestamp() - $lastRecordCreationTimestamp)
)) {
throw new SecurityViolationException(
__(
'We received too many requests for password resets. '
. 'Please wait and try again later or contact %1.',
$this->securityConfig->getCustomerServiceEmail()
)
);
}
}
}
/**
* Load last record creation timestamp
*
* @param int $securityEventType
* @param string $accountReference
* @param int $longIp
* @return int
*/
private function loadLastRecordCreationTimestamp($securityEventType, $accountReference, $longIp)
{
$collection = $this->collectionFactory->create($securityEventType, $accountReference, $longIp);
/** @var \Magento\Security\Model\PasswordResetRequestEvent $record */
$record = $collection->filterLastItem()->getFirstItem();
return (int) strtotime($record->getCreatedAt() ?? '');
}
}