Skip to content
Snippets Groups Projects
Verified Commit 595dce06 authored by Dave Long's avatar Dave Long
Browse files

Issue #3410419 by catch: Only clear flood attempts when necessary during user login 

(cherry picked from commit 8e5acc67)
parent dd59d521
No related branches found
No related tags found
16 merge requests!8376Drupal views: adding more granularity to the ‘use ajax’ functionality,!8300Issue #3443586 View area displays even when parent view has no results.,!7567Issue #3153723 by quietone, Hardik_Patel_12: Change the scaffolding...,!7565Issue #3153723 by quietone, Hardik_Patel_12: Change the scaffolding...,!7509Change label "Block description" to "Block type",!7344Issue #3292350 by O'Briat, KlemenDEV, hswong3i, smustgrave, quietone: Update...,!6922Issue #3412959 by quietone, smustgrave, longwave: Fix 12 'un' words,!6848Issue #3417553 by longwave: Remove withConsecutive() in CacheCollectorTest,!6720Revert "Issue #3358581 by pfrenssen, _tarik_, a.dmitriiev, smustgrave:...,!6560Update ClaroPreRender.php, confirming classes provided are in array format,!6528Issue #3414261 by catch: Add authenticated user umami performance tests,!6501Issue #3263668 by omkar-pd, Wim Leers, hooroomoo: Re-enable inline form errors...,!6354Draft: Issue #3380392 by phma: Updating language weight from the overview reverts label if translated,!6324Issue #3416723 by Ludo.R: Provide a "node type" views default argument,!6119Issue #3405704 by Spokje, longwave: symfony/psr-http-message-bridge major version bump,!5950Issue #3403653 by alexpott, longwave: Incorporate improvements to how contrib runs PHPStan to core
Pipeline #68844 passed
Stage: 🏗️ Build
Stage: 🗜️ Test
Pipeline: drupal

#68846

    Hide whitespace changes
    Inline Side-by-side
    core/modules/user/src/Form/UserLoginForm.php
    + 17
    6
    View file @ 595dce06
    ...@@ -209,11 +209,22 @@ public function validateAuthentication(array &$form, FormStateInterface $form_st ...@@ -209,11 +209,22 @@ public function validateAuthentication(array &$form, FormStateInterface $form_st
    } }
    $form_state->set('flood_control_user_identifier', $identifier); $form_state->set('flood_control_user_identifier', $identifier);
    // Don't allow login if the limit for this user has been reached. // If there are zero flood records for this user, then we don't need to
    // Default is to allow 5 failed attempts every 6 hours. // clear any failed login attempts after a successful login, so check
    if (!$this->userFloodControl->isAllowed('user.failed_login_user', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)) { // for this case first before checking the actual flood limit and store
    $form_state->set('flood_control_triggered', 'user'); // the result in form state.
    return; if (!$this->userFloodControl->isAllowed('user.failed_login_user', 1, $flood_config->get('user_window'), $identifier)) {
    // Now check the actual limit for the user. Default is to allow 5
    // failed attempts every 6 hours. This means we check the flood table
    // twice if flood control has already been triggered by a previous
    // login attempt, bu this should be the less common case.
    if (!$this->userFloodControl->isAllowed('user.failed_login_user', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)) {
    $form_state->set('flood_control_triggered', 'user');
    return;
    }
    }
    else {
    $form_state->set('flood_control_skip_clear', 'user');
    } }
    } }
    // We are not limited by flood control, so try to authenticate. // We are not limited by flood control, so try to authenticate.
    ...@@ -263,7 +274,7 @@ public function validateFinal(array &$form, FormStateInterface $form_state) { ...@@ -263,7 +274,7 @@ public function validateFinal(array &$form, FormStateInterface $form_state) {
    } }
    } }
    } }
    elseif ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) { elseif (!$form_state->get('flood_control_skip_clear') && $flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) {
    // Clear past failures for this user so as not to block a user who might // Clear past failures for this user so as not to block a user who might
    // log in and out more than once in an hour. // log in and out more than once in an hour.
    $this->userFloodControl->clear('user.failed_login_user', $flood_control_user_identifier); $this->userFloodControl->clear('user.failed_login_user', $flood_control_user_identifier);
    ......
    core/profiles/standard/tests/src/FunctionalJavascript/StandardPerformanceTest.php
    + 4
    4
    View file @ 595dce06
    ...@@ -131,8 +131,8 @@ public function testLogin(): void { ...@@ -131,8 +131,8 @@ public function testLogin(): void {
    // random test failures, assert greater than equal the highest and lowest // random test failures, assert greater than equal the highest and lowest
    // number of queries observed during test runs. // number of queries observed during test runs.
    // See https://www.drupal.org/project/drupal/issues/3402610 // See https://www.drupal.org/project/drupal/issues/3402610
    $this->assertLessThanOrEqual(39, $performance_data->getQueryCount()); $this->assertLessThanOrEqual(41, $performance_data->getQueryCount());
    $this->assertGreaterThanOrEqual(39, $performance_data->getQueryCount()); $this->assertGreaterThanOrEqual(38, $performance_data->getQueryCount());
    $this->assertSame(28, $performance_data->getCacheGetCount()); $this->assertSame(28, $performance_data->getCacheGetCount());
    $this->assertLessThanOrEqual(2, $performance_data->getCacheSetCount()); $this->assertLessThanOrEqual(2, $performance_data->getCacheSetCount());
    $this->assertGreaterThanOrEqual(1, $performance_data->getCacheSetCount()); $this->assertGreaterThanOrEqual(1, $performance_data->getCacheSetCount());
    ...@@ -163,8 +163,8 @@ public function testLoginBlock(): void { ...@@ -163,8 +163,8 @@ public function testLoginBlock(): void {
    $performance_data = $this->collectPerformanceData(function () use ($account) { $performance_data = $this->collectPerformanceData(function () use ($account) {
    $this->submitLoginForm($account); $this->submitLoginForm($account);
    }); });
    $this->assertLessThanOrEqual(50, $performance_data->getQueryCount()); $this->assertLessThanOrEqual(51, $performance_data->getQueryCount());
    $this->assertGreaterThanOrEqual(48, $performance_data->getQueryCount()); $this->assertGreaterThanOrEqual(47, $performance_data->getQueryCount());
    // This test observes a variable number of cache operations, so to avoid random // This test observes a variable number of cache operations, so to avoid random
    // test failures, assert greater than equal the highest and lowest number // test failures, assert greater than equal the highest and lowest number
    // observed during test runs. // observed during test runs.
    ......
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment