feat: don't send verification code if failed signin limit is reached (#3616)

2025-05-22 18:25:47 +08:00 · 2025-02-26 17:34:14 +03:00 · 2025-02-26 17:34:14 +03:00 · f2e3037bc5
commit f2e3037bc5
parent d986a4a9e0
2 changed files with 12 additions and 7 deletions
--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -258,7 +258,7 @@ func (c *ApiController) SendVerificationCode() {
 			return
 		}

-		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest)
+		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest, c.GetAcceptLanguage())
 	case object.VerifyTypePhone:
 		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
 			if user != nil && util.GetMaskedPhone(user.Phone) == vform.Dest {
@ -304,7 +304,7 @@ func (c *ApiController) SendVerificationCode() {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), vform.CountryCode))
 			return
 		} else {
-			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, clientIp, phone)
+			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, clientIp, phone, c.GetAcceptLanguage())
 		}
 	}

--- a/object/verification.go
+++ b/object/verification.go
@ -60,7 +60,7 @@ type VerificationRecord struct {
 	IsUsed     bool   `xorm:"notnull" json:"isUsed"`
 }

-func IsAllowSend(user *User, remoteAddr, recordType string) error {
+func IsAllowSend(user *User, remoteAddr, recordType, lang string) error {
 	var record VerificationRecord
 	record.RemoteAddr = remoteAddr
 	record.Type = recordType
@ -78,10 +78,15 @@ func IsAllowSend(user *User, remoteAddr, recordType string) error {
 		return errors.New("you can only send one code in 60s")
 	}

+	err = checkSigninErrorTimes(user, lang)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }

-func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string, lang string) error {
 	sender := organization.DisplayName
 	title := provider.Title

@ -99,7 +104,7 @@ func SendVerificationCodeToEmail(organization *Organization, user *User, provide
 	}
 	content = strings.Replace(content, "%{user.friendlyName}", userString, 1)

-	err := IsAllowSend(user, remoteAddr, provider.Category)
+	err := IsAllowSend(user, remoteAddr, provider.Category, lang)
 	if err != nil {
 		return err
 	}
@ -117,8 +122,8 @@ func SendVerificationCodeToEmail(organization *Organization, user *User, provide
 	return nil
 }

-func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
-	err := IsAllowSend(user, remoteAddr, provider.Category)
+func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string, lang string) error {
+	err := IsAllowSend(user, remoteAddr, provider.Category, lang)
 	if err != nil {
 		return err
 	}