Add a small check to ask to wait one hour between two recoveries of an account

2026-01-17 10:08:05 +00:00 · 2023-11-07 15:52:31 +01:00 · 2023-11-07 15:52:31 +01:00 · b6b54802d2
commit b6b54802d2
parent 459e8faf9d
2 changed files with 11 additions and 1 deletions
--- a/flexiapi/app/Account.php
+++ b/flexiapi/app/Account.php
@ -339,6 +339,12 @@ class Account extends Authenticatable
            ->exists();
    }

+    public function failedRecentRecovery(): bool
+    {
+        $oneHourAgo = Carbon::now()->subHour();
+        return !empty($this->recovery_code) && $this->updated_at->greaterThan($oneHourAgo);
+    }
+
    public function updatePassword($newPassword, string $algorithm = 'SHA-256')
    {
        $this->passwords()->delete();
--- a/flexiapi/app/Http/Controllers/Account/RecoveryController.php
+++ b/flexiapi/app/Http/Controllers/Account/RecoveryController.php
@ -81,6 +81,10 @@ class RecoveryController extends Controller
            return redirect()->back()->withErrors(['identifier' => 'The account doesn\'t exists']);
        }

+        if ($account->failedRecentRecovery()) {
+            return redirect()->back()->withErrors(['code' => 'Account recovered recently, try again later']);
+        }
+
        if ($request->get('email')) {
            $account = (new AccountService)->recoverByEmail($account);
        } elseif ($request->get('phone')) {
@ -112,7 +116,7 @@ class RecoveryController extends Controller
            return redirect()->route($request->get('method') == 'phone'
                ? 'account.recovery.show.phone'
                : 'account.recovery.show.email')->withErrors([
-                'code' => 'The code entered was not valid'
+                'code' => 'The code entered was not valid, try again later'
            ]);
        }