From bc44a9cdce24d36a76dc64e6920e2c966580d659 Mon Sep 17 00:00:00 2001 From: Liam Hackett Date: Sat, 5 Feb 2022 17:34:02 +0000 Subject: [PATCH] [3.x] Replace removeSpecialCharacters method with Str Helper Equivalent (#219) * Bump support requirment to include new String transliteration helper * Replace removeSpecialCharacters method with Str transliteration method Co-authored-by: Liam Hackett --- auth-backend/ThrottlesLogins.php | 84 +----------------------- composer.json | 2 +- tests/AuthBackend/ThrottleLoginsTest.php | 26 -------- 3 files changed, 2 insertions(+), 110 deletions(-) diff --git a/auth-backend/ThrottlesLogins.php b/auth-backend/ThrottlesLogins.php index a6ffb92..4e22dc1 100644 --- a/auth-backend/ThrottlesLogins.php +++ b/auth-backend/ThrottlesLogins.php @@ -89,7 +89,7 @@ protected function fireLockoutEvent(Request $request) */ protected function throttleKey(Request $request) { - return $this->removeSpecialCharacters(Str::lower($request->input($this->username())).'|'.$request->ip()); + return Str::transliterate(Str::lower($request->input($this->username())).'|'.$request->ip()); } /** @@ -121,86 +121,4 @@ public function decayMinutes() { return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1; } - - /** - * Remove special characters that may allow users to bypass rate limiting. - * - * @param string $key - * @return string - */ - protected function removeSpecialCharacters($key) - { - $values = [ - 'ⓐ' => 'a', - 'ⓑ' => 'b', - 'ⓒ' => 'c', - 'ⓓ' => 'd', - 'ⓔ' => 'e', - 'ⓕ' => 'f', - 'ⓖ' => 'g', - 'ⓗ' => 'h', - 'ⓘ' => 'i', - 'ⓙ' => 'j', - 'ⓚ' => 'k', - 'ⓛ' => 'l', - 'ⓜ' => 'm', - 'ⓝ' => 'n', - 'ⓞ' => 'o', - 'ⓟ' => 'p', - 'ⓠ' => 'q', - 'ⓡ' => 'r', - 'ⓢ' => 's', - 'ⓣ' => 't', - 'ⓤ' => 'u', - 'ⓥ' => 'v', - 'ⓦ' => 'w', - 'ⓧ' => 'x', - 'ⓨ' => 'y', - 'ⓩ' => 'z', - '①' => '1', - '②' => '2', - '③' => '3', - '④' => '4', - '⑤' => '5', - '⑥' => '6', - '⑦' => '7', - '⑧' => '8', - '⑨' => '9', - '⑩' => '10', - '⑪' => '11', - '⑫' => '12', - '⑬' => '13', - '⑭' => '14', - '⑮' => '15', - '⑯' => '16', - '⑰' => '17', - '⑱' => '18', - '⑲' => '19', - '⑳' => '20', - '⓪' => '0', - '⓵' => '1', - '⓶' => '2', - '⓷' => '3', - '⓸' => '4', - '⓹' => '5', - '⓺' => '6', - '⓻' => '7', - '⓼' => '8', - '⓽' => '9', - '⓾' => '10', - '⓫' => '11', - '⓬' => '12', - '⓭' => '13', - '⓮' => '14', - '⓯' => '15', - '⓰' => '16', - '⓱' => '17', - '⓲' => '18', - '⓳' => '19', - '⓴' => '20', - '⓿' => '0', - ]; - - return strtr($key, $values); - } } diff --git a/composer.json b/composer.json index 214a59c..01177c3 100644 --- a/composer.json +++ b/composer.json @@ -13,7 +13,7 @@ "php": "^7.3|^8.0", "illuminate/console": "^8.42|^9.0", "illuminate/filesystem": "^8.42|^9.0", - "illuminate/support": "^8.42|^9.0", + "illuminate/support": "^8.82|^9.0", "illuminate/validation": "^8.42|^9.0" }, "require-dev": { diff --git a/tests/AuthBackend/ThrottleLoginsTest.php b/tests/AuthBackend/ThrottleLoginsTest.php index d04adb5..026dc89 100644 --- a/tests/AuthBackend/ThrottleLoginsTest.php +++ b/tests/AuthBackend/ThrottleLoginsTest.php @@ -9,32 +9,6 @@ class ThrottleLoginsTest extends TestCase { - /** - * @test - * @dataProvider specialCharacterProvider - */ - public function it_can_replace_special_characters(string $value, string $expected): void - { - $throttle = $this->getMockForTrait(ThrottlesLogins::class); - $reflection = new \ReflectionClass($throttle); - $method = $reflection->getMethod('removeSpecialCharacters'); - $method->setAccessible(true); - - $this->assertSame($expected, $method->invoke($throttle, $value)); - } - - public function specialCharacterProvider(): array - { - return [ - ['ⓐⓑⓒⓓⓔⓕⓖⓗⓘⓙⓚⓛⓜⓝⓞⓟⓠⓡⓢⓣⓤⓥⓦⓧⓨⓩ', 'abcdefghijklmnopqrstuvwxyz'], - ['⓪①②③④⑤⑥⑦⑧⑨⑩⑪⑫⑬⑭⑮⑯⑰⑱⑲⑳', '01234567891011121314151617181920'], - ['⓵⓶⓷⓸⓹⓺⓻⓼⓽⓾', '12345678910'], - ['⓿⓫⓬⓭⓮⓯⓰⓱⓲⓳⓴', '011121314151617181920'], - ['abcdefghijklmnopqrstuvwxyz', 'abcdefghijklmnopqrstuvwxyz'], - ['0123456789', '0123456789'], - ]; - } - /** * @test * @dataProvider emailProvider