Make Login & API throttling editable using the .env file - Close #163

app/Http/Controllers/Auth/LoginController.php

@@ -27,6 +27,13 @@ class LoginController extends Controller
 
     use AuthenticatesUsers;
 
+    /**
+     * The login throttle.
+     *
+     * @var integer
+     */
+    protected $maxAttempts;
+
     /**
      * Handle a login request to the application.
      *
@@ -39,6 +46,8 @@ class LoginController extends Controller
     {
         Log::info(sprintf('User login requested by %s from %s', var_export($request['email'], true), $request->ip()));
 
+        $this->maxAttempts = config('auth.throttle.login');
+
         // If the class is using the ThrottlesLogins trait, we can automatically throttle
         // the login attempts for this application. We'll key this by the username and
         // the IP address of the client making these requests into this application.

app/Http/Controllers/Auth/WebAuthnLoginController.php

@@ -20,6 +20,13 @@ class WebAuthnLoginController extends Controller
 {
     use AuthenticatesUsers;
 
+    /**
+     * The login throttle.
+     *
+     * @var integer
+     */
+    protected $maxAttempts;
+
     /*
     |--------------------------------------------------------------------------
     | WebAuthn Login Controller
@@ -67,6 +74,8 @@ class WebAuthnLoginController extends Controller
     {
         Log::info(sprintf('User login via webauthn requested by %s from %s', var_export($request['email'], true), $request->ip()));
 
+        $this->maxAttempts = config('auth.throttle.login');
+
         // If the class is using the ThrottlesLogins trait, we can automatically throttle
         // the login attempts for this application. We'll key this by the username and
         // the IP address of the client making these requests into this application.