securityConfig = $securityConfig; $this->collectionFactory = $collectionFactory; $this->dateTime = $dateTime; $this->remoteAddress = $remoteAddress; } /** * {@inheritdoc} */ public function check($securityEventType, $accountReference = null, $longIp = null) { $isEnabled = $this->securityConfig->getPasswordResetProtectionType() != ResetMethod::OPTION_NONE; $limitTimeBetweenRequests = $this->securityConfig->getMinTimeBetweenPasswordResetRequests(); if ($isEnabled && $limitTimeBetweenRequests) { if (null === $longIp) { $longIp = $this->remoteAddress->getRemoteAddress(); } $lastRecordCreationTimestamp = $this->loadLastRecordCreationTimestamp( $securityEventType, $accountReference, $longIp ); if ($lastRecordCreationTimestamp && ( $limitTimeBetweenRequests > ($this->dateTime->gmtTimestamp() - $lastRecordCreationTimestamp) )) { throw new SecurityViolationException( __( 'We received too many requests for password resets. ' . 'Please wait and try again later or contact %1.', $this->securityConfig->getCustomerServiceEmail() ) ); } } } /** * Load last record creation timestamp * * @param int $securityEventType * @param string $accountReference * @param int $longIp * @return int */ private function loadLastRecordCreationTimestamp($securityEventType, $accountReference, $longIp) { $collection = $this->collectionFactory->create($securityEventType, $accountReference, $longIp); /** @var \Magento\Security\Model\PasswordResetRequestEvent $record */ $record = $collection->filterLastItem()->getFirstItem(); return (int) strtotime($record->getCreatedAt()); } }