$this->canResetPassword($passwordLink, $user)
);
}
-
+
/**
* Sets the initial state of whether or not a user is allowed to login with their email
* initial state is passed in the array of 1 for email allowed and 0 for not allowed
$user,
$user,
$redirect_url,
- self::LOGIN_MSG_CSRFCHECKFAILED
+ self::LOGIN_MSG_CSRFCHECKFAILED,
+ false,
);
}
* @return RedirectResponse
*/
private function createLoginFailedResponse(
- $user, $originalUser, $redirect_url, string $loginMessage) {
+ $user,
+ $originalUser,
+ $redirect_url,
+ string $loginMessage,
+ bool $throttle = true,
+ ) {
// Read current user and append if possible we need to
// return the unmodified user otherwise we will leak the login name
$args = $user !== null ? ['user' => $originalUser, 'direct' => 1] : [];
$response = new RedirectResponse(
$this->urlGenerator->linkToRoute('core.login.showLoginForm', $args)
);
- $response->throttle(['user' => substr($user, 0, 64)]);
+ if ($throttle) {
+ $response->throttle(['user' => substr($user, 0, 64)]);
+ }
$this->session->set('loginMessages', [
[$loginMessage], []
]);
$response = $this->loginController->tryLogin($loginChain, 'Jane', $password, $originalUrl);
$expected = new RedirectResponse('');
- $expected->throttle(['user' => 'Jane']);
$this->assertEquals($expected, $response);
}