function UserAuthenticationController::floodControl
Enforces flood control for the current login request.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The current request.
string $username: The user name sent for login credentials.
1 call to UserAuthenticationController::floodControl()
- UserAuthenticationController::login in core/
modules/ user/ src/ Controller/ UserAuthenticationController.php - Logs in a user.
File
-
core/
modules/ user/ src/ Controller/ UserAuthenticationController.php, line 389
Class
- UserAuthenticationController
- Provides controllers for login, login status and logout via HTTP requests.
Namespace
Drupal\user\ControllerCode
protected function floodControl(Request $request, $username) {
$flood_config = $this->config('user.flood');
if (!$this->userFloodControl
->isAllowed('user.failed_login_ip', $flood_config->get('ip_limit'), $flood_config->get('ip_window'))) {
throw new AccessDeniedHttpException('Access is blocked because of IP based flood prevention.', NULL, Response::HTTP_TOO_MANY_REQUESTS);
}
if ($identifier = $this->getLoginFloodIdentifier($request, $username)) {
// Don't allow login if the limit for this user has been reached.
// Default is to allow 5 failed attempts every 6 hours.
if (!$this->userFloodControl
->isAllowed('user.http_login', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)) {
if ($flood_config->get('uid_only')) {
$error_message = sprintf('There have been more than %s failed login attempts for this account. It is temporarily blocked. Try again later or request a new password.', $flood_config->get('user_limit'));
}
else {
$error_message = 'Too many failed login attempts from your IP address. This IP address is temporarily blocked.';
}
throw new AccessDeniedHttpException($error_message, NULL, Response::HTTP_TOO_MANY_REQUESTS);
}
}
}