Merge pull request #104 from kbond/feature/throttle-retry-time

[feature] add additional detail to TooManyPasswordRequestsException

Author: weaverryan

src/Exception/TooManyPasswordRequestsException.php

@@ -14,6 +14,25 @@
  */
 final class TooManyPasswordRequestsException extends \Exception implements ResetPasswordExceptionInterface
 {
+    private $availableAt;
+
+    public function __construct(\DateTimeInterface $availableAt, string $message = '', int $code = 0, \Throwable $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+
+        $this->availableAt = $availableAt;
+    }
+
+    public function getAvailableAt(): \DateTimeInterface
+    {
+        return $this->availableAt;
+    }
+
+    public function getRetryAfter(): int
+    {
+        return $this->getAvailableAt()->getTimestamp() - (new \DateTime('now'))->getTimestamp();
+    }
+
     public function getReason(): string
     {
         return 'You have already requested a reset password email. Please check your email or try again soon.';

src/ResetPasswordHelper.php

@@ -64,8 +64,8 @@ public function generateResetToken(object $user): ResetPasswordToken
     {
         $this->resetPasswordCleaner->handleGarbageCollection();
 
-        if ($this->hasUserHitThrottling($user)) {
-            throw new TooManyPasswordRequestsException();
+        if ($availableAt = $this->hasUserHitThrottling($user)) {
+            throw new TooManyPasswordRequestsException($availableAt);
         }
 
         $expiresAt = new \DateTimeImmutable(\sprintf('+%d seconds', $this->resetRequestLifetime));
@@ -158,18 +158,21 @@ private function findResetPasswordRequest(string $token): ?ResetPasswordRequestI
         return $this->repository->findResetPasswordRequest($selector);
     }
 
-    private function hasUserHitThrottling(object $user): bool
+    private function hasUserHitThrottling(object $user): ?\DateTimeInterface
     {
+        /** @var \DateTime|\DateTimeImmutable|null $lastRequestDate */
         $lastRequestDate = $this->repository->getMostRecentNonExpiredRequestDate($user);
 
         if (null === $lastRequestDate) {
-            return false;
+            return null;
         }
 
-        if (($lastRequestDate->getTimestamp() + $this->requestThrottleTime) > \time()) {
-            return true;
+        $availableAt = (clone $lastRequestDate)->add(new \DateInterval("PT{$this->requestThrottleTime}S"));
+
+        if ($availableAt > new \DateTime('now')) {
+            return $availableAt;
         }
 
-        return false;
+        return null;
     }
 }

tests/UnitTests/Exception/ResetPasswordExceptionTest.php

@@ -25,38 +25,36 @@ class ResetPasswordExceptionTest extends TestCase
     public function exceptionDataProvider(): \Generator
     {
         yield [
-            ExpiredResetPasswordTokenException::class,
+            new ExpiredResetPasswordTokenException(),
             'The link in your email is expired. Please try to reset your password again.',
         ];
         yield [
-            InvalidResetPasswordTokenException::class,
+            new InvalidResetPasswordTokenException(),
             'The reset password link is invalid. Please try to reset your password again.',
         ];
         yield [
-            TooManyPasswordRequestsException::class,
+            new TooManyPasswordRequestsException(new \DateTime('+1 hour')),
             'You have already requested a reset password email. Please check your email or try again soon.',
         ];
         yield [
-            FakeRepositoryException::class,
+            new FakeRepositoryException(),
             'Please update the request_password_repository configuration in config/packages/reset_password.yaml to point to your "request password repository` service.',
         ];
     }
 
     /**
      * @dataProvider exceptionDataProvider
      */
-    public function testIsReason(string $exception, string $message): void
+    public function testIsReason(ResetPasswordExceptionInterface $exception, string $message): void
     {
-        $result = new $exception();
-        self::assertSame($message, $result->getReason());
+        self::assertSame($message, $exception->getReason());
     }
 
     /**
      * @dataProvider exceptionDataProvider
      */
-    public function testImplementsResetPasswordExceptionInterface(string $exception): void
+    public function testImplementsResetPasswordExceptionInterface(ResetPasswordExceptionInterface $exception): void
     {
-        $interfaces = \class_implements($exception);
-        self::assertArrayHasKey(ResetPasswordExceptionInterface::class, $interfaces);
+        self::assertInstanceOf(ResetPasswordExceptionInterface::class, $exception);
     }
 }

tests/UnitTests/Exception/TooManyPasswordRequestsExceptionTest.php

@@ -0,0 +1,28 @@
+<?php
+
+/*
+ * This file is part of the SymfonyCasts ResetPasswordBundle package.
+ * Copyright (c) SymfonyCasts <https://symfonycasts.com/>
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace SymfonyCasts\Bundle\ResetPassword\Tests\UnitTests\Exception;
+
+use PHPUnit\Framework\TestCase;
+use SymfonyCasts\Bundle\ResetPassword\Exception\TooManyPasswordRequestsException;
+
+/**
+ * @author Kevin Bond <kevinbond@gmail.com>
+ */
+class TooManyPasswordRequestsExceptionTest extends TestCase
+{
+    public function testCanGetRetryAfter(): void
+    {
+        $exception = new TooManyPasswordRequestsException(new \DateTime('+1 hour'));
+
+        // account for time changes during test
+        self::assertGreaterThanOrEqual(3599, $exception->getRetryAfter());
+        self::assertLessThanOrEqual(3600, $exception->getRetryAfter());
+    }
+}

tests/UnitTests/ResetPasswordHelperTest.php

@@ -94,25 +94,18 @@ public function testHasUserThrottlingReturnsFalseWithNoLastRequestDate(): void
     /**
      * @covers \SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelper::hasUserHitThrottling
      */
-    public function testHasUserThrottlingReturnsFalseIfNotBeforeThrottleTime(): void
+    public function testHasUserThrottlingReturnsNullIfNotBeforeThrottleTime(): void
     {
         $this->mockRepo
             ->expects($this->once())
             ->method('getUserIdentifier')
             ->willReturn('1234')
         ;
 
-        $mockLastRequestTime = $this->createMock(\DateTimeImmutable::class);
-        $mockLastRequestTime
-            ->expects($this->once())
-            ->method('getTimestamp')
-            ->willReturn(1234)
-        ;
-
         $this->mockRepo
             ->expects($this->once())
             ->method('getMostRecentNonExpiredRequestDate')
-            ->willReturn($mockLastRequestTime)
+            ->willReturn(new \DateTime('-3 hours'))
         ;
 
         $this->mockRepo
@@ -121,29 +114,44 @@ public function testHasUserThrottlingReturnsFalseIfNotBeforeThrottleTime(): void
             ->willReturn(new ResetPasswordTestFixtureRequest())
         ;
 
-        $helper = $this->getPasswordResetHelper();
+        $helper = new ResetPasswordHelper(
+            $this->mockTokenGenerator,
+            $this->mockCleaner,
+            $this->mockRepo,
+            99999999,
+            7200 // 2 hours
+        );
+
         $helper->generateResetToken(new \stdClass());
     }
 
     public function testExceptionThrownIfRequestBeforeThrottleLimit(): void
     {
-        $mockLastRequestTime = $this->createMock(\DateTimeImmutable::class);
-        $mockLastRequestTime
-            ->expects($this->once())
-            ->method('getTimestamp')
-            ->willReturn(9999999999)
-        ;
-
         $this->mockRepo
             ->expects($this->once())
             ->method('getMostRecentNonExpiredRequestDate')
-            ->willReturn($mockLastRequestTime)
+            ->willReturn(new \DateTime('-1 hour'))
         ;
 
-        $this->expectException(TooManyPasswordRequestsException::class);
+        $helper = new ResetPasswordHelper(
+            $this->mockTokenGenerator,
+            $this->mockCleaner,
+            $this->mockRepo,
+            99999999,
+            7200 // 2 hours
+        );
 
-        $helper = $this->getPasswordResetHelper();
-        $helper->generateResetToken(new \stdClass());
+        try {
+            $helper->generateResetToken(new \stdClass());
+        } catch (TooManyPasswordRequestsException $exception) {
+            // account for time changes during test
+            self::assertGreaterThanOrEqual(3599, $exception->getRetryAfter());
+            self::assertLessThanOrEqual(3600, $exception->getRetryAfter());
+
+            return;
+        }
+
+        $this->fail('Exception was not thrown.');
     }
 
     public function testRemoveResetRequestThrowsExceptionWithEmptyToken(): void