1

Hello I'm using Laravel DEFAULT password reset, and it works perfectly, but there is one little problem, I can request 'password reset' every single minute, and I don't like it, so my question is how to reduce that request time like, I wanna be able to make 2 request every 5m.

/ForgotPasswordController.php

 public function __construct()
    {
        if (preg_match('/en/',url()->previous())){
            App::setLocale('en');
        }else{
            App::setLocale('ru');
        }

        $this->middleware('guest');

    }
David J.
  • 23
  • 4

2 Answers2

0

The best way to do this would use a time comparison or leaky bucket which simply records the last request. The time for a password reset should be logged in the backend and then conditionals can be used to ensure that no two resets can be done in under 5 minutes. View these examples:

James-Riordan
  • 64
  • 3
  • CloudFlare's [Sliding Window](https://blog.cloudflare.com/counting-things-a-lot-of-different-things/) is quite nice and only requires storing 2 values and some simple math. – Sammitch Jun 26 '20 at 17:44
0

You could use the ThrottleRequests middleware that Laravel provides by default, either by defining it in the controller constructor:

public function __construct()
{
    if (preg_match('/en/', url()->previous())) {
        App::setLocale('en');
    } else {
        App::setLocale('ru');
    }

    $this->middleware('throttle:2,5');
    $this->middleware('guest');
}

...or by tacking it onto the route definition.

Route::post('/password/reset', 'ForgotPasswordController@yourFunction')
    ->middleware('throttle:2,5');

Additional information on the parameters: https://www.cloudways.com/blog/laravel-and-api-rate-limiting/

Chris Forrence
  • 10,042
  • 11
  • 48
  • 64