Skip to content
This repository has been archived by the owner on Mar 17, 2023. It is now read-only.

Latest commit

 

History

History
24 lines (17 loc) · 843 Bytes

UPGRADE.md

File metadata and controls

24 lines (17 loc) · 843 Bytes

Upgrade Guide

Future upgrade notes will be placed here.

Upgrading To 1.7.3 From 1.x

Two Factor Brute Force Attack Security Fix

Fortify 1.7.3 includes a security fix to prevent potential brute force attacks against the two factor authentication code form when a malicious user already knows another user's email address and password. To fully enable the security fix, you will need to enable two factor rate limiting in your application's fortify.php configuration file:

 'limiters' => [
     'login' => 'login',
     'two-factor' => 'two-factor',
 ],

Next, define the two-factor rate limiter in the boot method of your application's FortifyServiceProvider:

RateLimiter::for('two-factor', function (Request $request) {
    return Limit::perMinute(5)->by($request->session()->get('login.id'));
});