feat: don't send verification code if failed signin limit is reached (#3616)

object/verification.go

@@ -60,7 +60,7 @@ type VerificationRecord struct {
 	IsUsed     bool   `xorm:"notnull" json:"isUsed"`
 }
 
-func IsAllowSend(user *User, remoteAddr, recordType string) error {
+func IsAllowSend(user *User, remoteAddr, recordType, lang string) error {
 	var record VerificationRecord
 	record.RemoteAddr = remoteAddr
 	record.Type = recordType
@@ -78,10 +78,15 @@ func IsAllowSend(user *User, remoteAddr, recordType string) error {
 		return errors.New("you can only send one code in 60s")
 	}
 
+	err = checkSigninErrorTimes(user, lang)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
-func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string, lang string) error {
 	sender := organization.DisplayName
 	title := provider.Title
 
@@ -99,7 +104,7 @@ func SendVerificationCodeToEmail(organization *Organization, user *User, provide
 	}
 	content = strings.Replace(content, "%{user.friendlyName}", userString, 1)
 
-	err := IsAllowSend(user, remoteAddr, provider.Category)
+	err := IsAllowSend(user, remoteAddr, provider.Category, lang)
 	if err != nil {
 		return err
 	}
@@ -117,8 +122,8 @@ func SendVerificationCodeToEmail(organization *Organization, user *User, provide
 	return nil
 }
 
-func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
-	err := IsAllowSend(user, remoteAddr, provider.Category)
+func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string, lang string) error {
+	err := IsAllowSend(user, remoteAddr, provider.Category, lang)
 	if err != nil {
 		return err
 	}