fix(spec113): enforce 10/min system login throttle

This commit is contained in:
Ahmed Darrazi 2026-02-26 02:37:49 +01:00
parent 8ef221b48e
commit 4f1568b759
2 changed files with 14 additions and 1 deletions

View File

@ -14,6 +14,14 @@
class Login extends BaseLogin class Login extends BaseLogin
{ {
/**
* Filament's base login page uses Livewire-level rate limiting. We override it
* to enforce the System panel policy via Laravel's RateLimiter (SR-003).
*/
protected function rateLimit($maxAttempts, $decaySeconds = 60, $method = null, $component = null): void
{
}
public function authenticate(): ?LoginResponse public function authenticate(): ?LoginResponse
{ {
$data = $this->form->getState(); $data = $this->form->getState();

View File

@ -30,6 +30,9 @@
]); ]);
for ($i = 0; $i < 10; $i++) { for ($i = 0; $i < 10; $i++) {
Filament::setCurrentPanel('system');
Filament::bootCurrentPanel();
Livewire::test(Login::class) Livewire::test(Login::class)
->set('data.email', $user->email) ->set('data.email', $user->email)
->set('data.password', 'wrong-password') ->set('data.password', 'wrong-password')
@ -37,6 +40,9 @@
->assertHasErrors(['data.email']); ->assertHasErrors(['data.email']);
} }
Filament::setCurrentPanel('system');
Filament::bootCurrentPanel();
Livewire::test(Login::class) Livewire::test(Login::class)
->set('data.email', $user->email) ->set('data.email', $user->email)
->set('data.password', 'wrong-password') ->set('data.password', 'wrong-password')
@ -59,4 +65,3 @@
expect($latestAudit)->not->toBeNull(); expect($latestAudit)->not->toBeNull();
expect($latestAudit->metadata['reason'] ?? null)->toBe('throttled'); expect($latestAudit->metadata['reason'] ?? null)->toBe('throttled');
}); });