Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove "_token" from parseIdentity #408

Merged
merged 6 commits into from Sep 20, 2014
Merged

Remove "_token" from parseIdentity #408

merged 6 commits into from Sep 20, 2014

Conversation

ghost
Copy link

@ghost ghost commented Sep 15, 2014

also add a note (or say warning) about login throttle in the UsersController

wppd added 2 commits September 15, 2014 08:44
parseIdentity remove csrf token
44a7b29
add a note regarding $repo->isThrottled($input)
4abb95c 
94th line, `$repo->login($input)`. 

In fact, it'll extract username or email from the `$input` as throttle identity 

However, `$repo->isThrottled($input)` will just use `$input` as throttle identity.

so, the throttle identity will never match up resulting in login throttling not working.
@coveralls
Copy link

Coverage Status

Coverage increased (+0.0%) when pulling 4abb95c on wppd:master into bdfbcff on Zizaco:master.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.0%) when pulling 97d2b74 on wppd:master into bdfbcff on Zizaco:master.

@Zizaco
Copy link
Owner

Zizaco commented Sep 19, 2014

Thanks @WPPD
Can you include the _token in the test case? Just to avoid that a bug related to this will not be introduced in the future.

Also you can give me access to wppd/confide instead. Than I can add it to your pull request.

@ghost
Copy link
Author

ghost commented Sep 19, 2014

hi @Zizaco I've added you to the Collaborators list. I think it's best to leave it to you since I'm not good at this thing.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.01%) when pulling a298d8d on wppd:master into bdfbcff on Zizaco:master.

@ghost
Copy link
Author

ghost commented Sep 19, 2014

hey @Zizaco I've add _token and also remember to the test case testShouldParseIdentity. not so sure if it's good enough.

Please let me know if you need me to do anything. I'm very new to this. :]

@Zizaco
Removed comment about using just a part of the input to check if thro…
9110f65 
…ttled since CacheLoginThrottleService::parseIdentity now removes _token
@Zizaco
Updated CacheLoginThrottleService in order to use a more pessimistic …
58587dd 
…approach when parsing identity
@Zizaco
Copy link
Owner

Zizaco commented Sep 20, 2014

@WPPD The tests are good now!

I've made some tweaks in your branch.

Thanks again for spotting this problem :)

@Zizaco Zizaco merged commit 58587dd into Zizaco:master Sep 20, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@coveralls @Zizaco