By Shadrix


2019-02-10 09:29:53 8 Comments

In my api.php I have my main routes grouped within:

Route::middleware('throttle:60,1')->group(function() { //all my main api routes});

However, I have routes, that need custom times. For example, if the user needs to type his/her password again when he/she changes something in the settings.

//outside of the throttle:60,1
Route::post('/password/check', 'Api\[email protected]')
     ->middleware('throttle:3,1', 'auth:api');

My goal is that the user can only type his/her password 3 times, after that he/she needs to cool down.

However, I noticed that when I fetch URLs from the API the "X-Ratelimit-Remaining" is already used up. This leads to the problem that the user needs to cooldown when the password was typed in.

I wrote a PHPUnit test to prove that there is a bug:

/** @test */
public function throttle_works_correctly_even_when_other_api_url_are_called()
{
    $this->withExceptionHandling();

    $this->otherApiUrl()->assertStatus(200);

    $this->url(['currentPassword' => 'secret'])->assertStatus(200);

    $this->url(['currentPassword' => 'secret'])->assertStatus(200);

    $this->url(['currentPassword' => 'secret'])->assertStatus(200); <-- fails at this part

    $this->url(['currentPassword' => 'secret'])
        ->assertStatus(429);
}

1 comments

@Shadrix 2019-02-11 09:55:19

So there is no way because throttling works like that. However, I found another solution. Just copy ThrottlesLogin and adjust to your needs. Works fine like that :)

Related Questions

Sponsored Content

4 Answered Questions

Laravel queue rate limiting or throttling

0 Answered Questions

Which Grant types to use

1 Answered Questions

1 Answered Questions

Laravel API routes authenticated by user session

3 Answered Questions

[SOLVED] Laravel api authorization with api_token

1 Answered Questions

[SOLVED] Laravel 5.4 Auth API route

2 Answered Questions

[SOLVED] Increase X-RateLimit-Limit in laravel using throttle middleware

3 Answered Questions

[SOLVED] Middleware overriding other middleware in Laravel

0 Answered Questions

1 Answered Questions

[SOLVED] Rate Limiting Feature for particular Route in Laravel 5.2

Sponsored Content