feat: don't send verification code if failed signin limit is reached (#3616)

controllers/verification.go

@@ -258,7 +258,7 @@ func (c *ApiController) SendVerificationCode() {
 			return
 		}
 
-		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest)
+		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest, c.GetAcceptLanguage())
 	case object.VerifyTypePhone:
 		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
 			if user != nil && util.GetMaskedPhone(user.Phone) == vform.Dest {
@@ -304,7 +304,7 @@ func (c *ApiController) SendVerificationCode() {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), vform.CountryCode))
 			return
 		} else {
-			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, clientIp, phone)
+			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, clientIp, phone, c.GetAcceptLanguage())
 		}
 	}
 

object/verification.go

@@ -60,7 +60,7 @@ type VerificationRecord struct {
 	IsUsed     bool   `xorm:"notnull" json:"isUsed"`
 }
 
-func IsAllowSend(user *User, remoteAddr, recordType string) error {
+func IsAllowSend(user *User, remoteAddr, recordType, lang string) error {
 	var record VerificationRecord
 	record.RemoteAddr = remoteAddr
 	record.Type = recordType
@@ -78,10 +78,15 @@ func IsAllowSend(user *User, remoteAddr, recordType string) error {
 		return errors.New("you can only send one code in 60s")
 	}
 
+	err = checkSigninErrorTimes(user, lang)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
-func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string, lang string) error {
 	sender := organization.DisplayName
 	title := provider.Title
 
@@ -99,7 +104,7 @@ func SendVerificationCodeToEmail(organization *Organization, user *User, provide
 	}
 	content = strings.Replace(content, "%{user.friendlyName}", userString, 1)
 
-	err := IsAllowSend(user, remoteAddr, provider.Category)
+	err := IsAllowSend(user, remoteAddr, provider.Category, lang)
 	if err != nil {
 		return err
 	}
@@ -117,8 +122,8 @@ func SendVerificationCodeToEmail(organization *Organization, user *User, provide
 	return nil
 }
 
-func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string, lang string) error {
-	err := IsAllowSend(user, remoteAddr, provider.Category)
+	err := IsAllowSend(user, remoteAddr, provider.Category, lang)
 	if err != nil {
 		return err
 	}