diff --git a/config/auth.php b/config/auth.php index a795d0dee7a..ede1e28a3ed 100644 --- a/config/auth.php +++ b/config/auth.php @@ -91,6 +91,7 @@ 'provider' => 'users', 'table' => 'password_resets', 'expire' => 60, + 'throttle' => 60, ], ], ]; diff --git a/src/MicroweberPackages/User/routes/api.php b/src/MicroweberPackages/User/routes/api.php index 6f78cbc5f47..e323bc458ab 100644 --- a/src/MicroweberPackages/User/routes/api.php +++ b/src/MicroweberPackages/User/routes/api.php @@ -100,7 +100,9 @@ Route::any('logout', 'UserLoginController@logout')->name('logout'); Route::post('register', 'UserRegisterController@register')->name('register')->middleware(['allowed_ips']); - Route::post('/forgot-password', 'UserForgotPasswordController@send')->name('password.email'); + Route::post('/forgot-password', 'UserForgotPasswordController@send') + ->middleware(['throttle:3,1']) + ->name('password.email'); Route::post('/reset-password', 'UserForgotPasswordController@update')->name('password.update'); Route::post('/profile-update', 'UserProfileController@update')->name('profile.update'); diff --git a/src/MicroweberPackages/User/routes/web.php b/src/MicroweberPackages/User/routes/web.php index 9c94b3af267..6d727fd0095 100644 --- a/src/MicroweberPackages/User/routes/web.php +++ b/src/MicroweberPackages/User/routes/web.php @@ -40,7 +40,9 @@ Route::post('email/verify-resend/{id}/{hash}', 'UserVerifyController@sendVerifyEmail')->name('verification.send'); Route::get('/forgot-password', 'UserForgotPasswordController@showForgotForm')->name('password.request'); - Route::post('/forgot-password', 'UserForgotPasswordController@send')->name('password.email'); + Route::post('/forgot-password', 'UserForgotPasswordController@send') + ->middleware(['throttle:3,1']) + ->name('password.email'); Route::get('/reset-password/{token}', 'UserForgotPasswordController@showResetForm')->name('password.reset'); Route::post('/reset-password', 'UserForgotPasswordController@update')->name('password.update');