fix: address security review findings
This commit is contained in:
@@ -28,7 +28,8 @@ return static function (): void {
|
||||
|
||||
$clientIp = ClientIp::resolve($_SERVER, $settings);
|
||||
$auditBase['client_ip'] = $clientIp;
|
||||
$correlation = KeyName::build($ctx->serverName(), $ctx->username(), time());
|
||||
$createdAt = time();
|
||||
$correlation = KeyName::build($ctx->serverName(), $ctx->username(), $createdAt);
|
||||
$auditBase['correlation'] = $correlation;
|
||||
|
||||
$limiter = new RateLimiter(Settings::STATE_DIR . '/rate-limit');
|
||||
@@ -43,7 +44,8 @@ return static function (): void {
|
||||
$settings->loginKeyTtl(),
|
||||
$settings->userIpBound(),
|
||||
$clientIp,
|
||||
$redirectPath
|
||||
$redirectPath,
|
||||
$createdAt
|
||||
);
|
||||
|
||||
try {
|
||||
|
||||
Reference in New Issue
Block a user