diff --git a/app/config/eccube/packages/prod/eccube_rate_limiter.yaml b/app/config/eccube/packages/prod/eccube_rate_limiter.yaml index a86553f75d5..2605faa3423 100644 --- a/app/config/eccube/packages/prod/eccube_rate_limiter.yaml +++ b/app/config/eccube/packages/prod/eccube_rate_limiter.yaml @@ -17,37 +17,37 @@ eccube: mypage_change: route: mypage_change method: [ 'POST' ] - type: customer + type: user limit: 10 interval: '30 minutes' mypage_delivery_new: route: mypage_delivery_new method: [ 'POST' ] - type: customer + type: user limit: 10 interval: '30 minutes' mypage_delivery_edit: route: mypage_delivery_edit method: [ 'POST' ] - type: customer + type: user limit: 10 interval: '30 minutes' mypage_delivery_delete: route: mypage_delivery_delete method: [ 'DELETE' ] - type: customer + type: user limit: 10 interval: '30 minutes' shopping_shipping_multiple_edit_customer: route: shopping_shipping_multiple_edit method: [ 'POST' ] - type: customer + type: user limit: 10 interval: '30 minutes' shopping_shipping_edit_customer: route: shopping_shipping_edit method: [ 'POST' ] - type: customer + type: user limit: 10 interval: '30 minutes' contact: @@ -74,3 +74,9 @@ eccube: route: ~ limit: 10 interval: '30 minutes' + admin_two_factor_auth: + route: admin_two_factor_auth + method: [ 'POST' ] + type: user + limit: 5 + interval: '30 minutes' diff --git a/src/Eccube/DependencyInjection/Configuration.php b/src/Eccube/DependencyInjection/Configuration.php index 21f45bccc16..9e799928058 100644 --- a/src/Eccube/DependencyInjection/Configuration.php +++ b/src/Eccube/DependencyInjection/Configuration.php @@ -61,7 +61,7 @@ public function addRateLimiterSection(ArrayNodeDefinition $rootNode): void ->ifArray() ->then(fn (array $v) => \array_map(fn ($method) => \strtolower($method), $v)) ->end() - ->enumPrototype()->values(['ip', 'customer'])->end() + ->enumPrototype()->values(['ip', 'customer', 'user'])->end() ->defaultValue([]) ->end() ->arrayNode('method') diff --git a/src/Eccube/EventListener/RateLimiterListener.php b/src/Eccube/EventListener/RateLimiterListener.php index 7d5241608d3..a15a0ea39f2 100644 --- a/src/Eccube/EventListener/RateLimiterListener.php +++ b/src/Eccube/EventListener/RateLimiterListener.php @@ -15,6 +15,7 @@ use Eccube\Common\EccubeConfig; use Eccube\Entity\Customer; +use Eccube\Entity\Member; use Eccube\Request\Context; use Psr\Container\ContainerInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface; @@ -22,6 +23,7 @@ use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException; use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\RateLimiter\RateLimiterFactory; +use Symfony\Component\Security\Core\User\UserInterface; class RateLimiterListener implements EventSubscriberInterface { @@ -49,7 +51,6 @@ public function onController(ControllerEvent $event) if (!isset($limiterConfigs[$route])) { return; } - $method = $request->getMethod(); foreach ($limiterConfigs[$route] as $id => $config) { @@ -74,12 +75,11 @@ public function onController(ControllerEvent $event) if (!$this->locator->has($limiterId)) { continue; } - /** @var RateLimiterFactory $factory */ $factory = $this->locator->get($limiterId); - if (in_array('customer', $config['type'])) { + if (in_array('customer', $config['type']) || in_array('user', $config['type'])) { $User = $this->requestContext->getCurrentUser(); - if ($User instanceof Customer) { + if ($User instanceof UserInterface) { $limiter = $factory->create($User->getId()); if (!$limiter->consume()->isAccepted()) { throw new TooManyRequestsHttpException();