Improve condition and add test

MatTheCat · MatTheCat · commit d07c9ea99284 · 2022-08-16T11:27:53.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php
@@ -124,6 +124,7 @@ public function testLoginThrottling()
             ['johannes', 'also_wrong'],
             ['wrong', 'wrong'],
             ['johannes', 'wrong_again'],
+            ['johannes', 'still_wrong'],
         ];
         foreach ($attempts as $i => $attempt) {
             $form = $client->request('GET', '/login')->selectButton('login')->form();
@@ -137,17 +138,21 @@ public function testLoginThrottling()
                     $this->assertStringContainsString('Invalid credentials', $text, 'Invalid response on 1st attempt');
 
                     break;
-                case 1: // Second attempt : login throttling !
+                case 1: // Second attempt : login throttling!
                     $this->assertStringContainsString('Too many failed login attempts, please try again in 8 minutes.', $text, 'Invalid response on 2nd attempt');
 
                     break;
                 case 2: // Third attempt with unexisting username
                     $this->assertStringContainsString('Invalid credentials.', $text, 'Invalid response on 3rd attempt');
 
                     break;
-                case 3: // Fourth attempt : still login throttling !
+                case 3: // Fourth attempt : still login throttling!
                     $this->assertStringContainsString('Too many failed login attempts, please try again in 8 minutes.', $text, 'Invalid response on 4th attempt');
 
+                    break;
+                case 4: // Fifth attempt : still login throttling!
+                    $this->assertStringContainsString('Too many failed login attempts, please try again in 8 minutes.', $text, 'Invalid response on 5th attempt');
+
                     break;
             }
         }
diff --git a/src/Symfony/Component/HttpFoundation/RateLimiter/AbstractRequestRateLimiter.php b/src/Symfony/Component/HttpFoundation/RateLimiter/AbstractRequestRateLimiter.php
@@ -35,9 +35,7 @@ public function consume(Request $request): RateLimit
         foreach ($limiters as $limiter) {
             $rateLimit = $limiter->consume(1);
 
-            if (null === $minimalRateLimit || $rateLimit->getRemainingTokens() < $minimalRateLimit->getRemainingTokens() || !$rateLimit->isAccepted()) {
-                $minimalRateLimit = $rateLimit;
-            }
+            $minimalRateLimit = $minimalRateLimit ? self::getMinimalRateLimit($minimalRateLimit, $rateLimit) : $rateLimit;
         }
 
         return $minimalRateLimit;
@@ -54,4 +52,20 @@ public function reset(Request $request): void
      * @return LimiterInterface[] a set of limiters using keys extracted from the request
      */
     abstract protected function getLimiters(Request $request): array;
+
+    private static function getMinimalRateLimit(RateLimit $first, RateLimit $second): RateLimit
+    {
+        if ($first->isAccepted() !== $second->isAccepted()) {
+            return $first->isAccepted() ? $second : $first;
+        }
+
+        $firstRemainingTokens = $first->getRemainingTokens();
+        $secondRemainingTokens = $second->getRemainingTokens();
+
+        if ($firstRemainingTokens === $secondRemainingTokens) {
+            return $first->getRetryAfter() < $second->getRetryAfter() ? $second : $first;
+        }
+
+        return $firstRemainingTokens > $secondRemainingTokens ? $second : $first;
+    }
 }
