throttling - Laravel 6：油门密码重置

问题描述

在 laravel 6 中，密码代理现在具有以下限制密码重置（https://github.com/laravel/framework/blob/6.x/src/Illuminate/Auth/Passwords/PasswordBroker.php#L58）

public function sendResetLink(array $credentials)
{
    // First we will check to see if we found a user at the given credentials and
    // if we did not we will redirect back to this current URI with a piece of
    // "flash" data in the session to indicate to the developers the errors.
    $user = $this->getUser($credentials);

    if (is_null($user)) {
        return static::INVALID_USER;
    }

    if (method_exists($this->tokens, 'recentlyCreatedToken') &&
        $this->tokens->recentlyCreatedToken($user)) {
        return static::RESET_THROTTLED;
    }

    // Once we have the reset token, we are ready to send the message out to this
    // user with a link to reset their password. We will then redirect back to
    // the current URI having nothing set in the session to indicate errors.
    $user->sendPasswordResetNotification(
        $this->tokens->create($user)
    );

    return static::RESET_LINK_SENT;
}

但是，当我反复提交密码重置时，为什么密码重置没有受到限制 - 我仍然收到重置通知？

我注意到该recentlyCreatedToken方法在 6.x 版本的 TokenRepositoryInterface 中不存在https://github.com/laravel/framework/blob/6.x/src/Illuminate/Auth/Passwords/TokenRepositoryInterface.php

但已在 7.x 版本中添加

https://github.com/laravel/framework/blob/master/src/Illuminate/Auth/Passwords/TokenRepositoryInterface.php

这只是 v7.x 的一个功能，还是我需要做一些我错过的事情？

标签： throttlingforgot-passwordlaravel-6.2