[9.x] Prevent double sanitized key in RateLimiter@tooManyAttempts (#…

…42462) * Prevent double sanitized key * Fix test for PHP8.0
laravel · May 23, 2022 · 127a9ca · 127a9ca
1 parent c61fd7a
commit 127a9ca
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/src/Illuminate/Cache/RateLimiter.php b/src/Illuminate/Cache/RateLimiter.php
@@ -89,10 +89,8 @@ public function attempt($key, $maxAttempts, Closure $callback, $decaySeconds = 6
      */
     public function tooManyAttempts($key, $maxAttempts)
     {
-        $key = $this->cleanRateLimiterKey($key);
-
         if ($this->attempts($key) >= $maxAttempts) {
-            if ($this->cache->has($key.':timer')) {
+            if ($this->cache->has($this->cleanRateLimiterKey($key).':timer')) {
                 return true;
             }
 

diff --git a/tests/Cache/CacheRateLimiterTest.php b/tests/Cache/CacheRateLimiterTest.php
@@ -136,4 +136,19 @@ public function testKeysAreSanitizedFromUnicodeCharacters()
 
         $this->assertTrue($rateLimiter->tooManyAttempts('jôhn', 1));
     }
+
+    public function testKeyIsSanitizedOnlyOnce()
+    {
+        $cache = m::mock(Cache::class);
+        $rateLimiter = new RateLimiter($cache);
+
+        $key = "john'doe";
+        $cleanedKey = $rateLimiter->cleanRateLimiterKey($key);
+
+        $cache->shouldReceive('get')->once()->with($cleanedKey, 0)->andReturn(1);
+        $cache->shouldReceive('has')->once()->with("$cleanedKey:timer")->andReturn(true);
+        $cache->shouldReceive('add')->never();
+
+        $this->assertTrue($rateLimiter->tooManyAttempts($key, 1));
+    }
 }