'ErrorException : Array to string conversion' if an array is posted to the login endpoint's email field
RJ2020DD opened this issue · comments
- Fortify Version: 1.8.4
- Laravel Version: 8.74.0
- PHP Version: 8.0.11
- Database Driver & Version: MySQL 8.0.26
Description:
When an array (or non scalar value) is posted to the login route for the email field, an 'ErrorException : Array to string conversion' is thrown by app/Providers/FortifyServiceProvider.php:40. This is due to the rate limiter key expecting a string value:
return Limit::perMinute(5)->by($request->email.$request->ip());
A genuine user shouldn't be posting an array but perhaps there should be a check to prevent the error? Also it would be good to still take advantage of the rate limiting as it's more than likely a spam/hack attempt. Therefore if
is_scalar($request->email);
was to return false, the key could be set to:
'nonscalar'.$request->ip()
Steps To Reproduce:
You can run this basic test to reproduce it;
public function test_posting_array_to_login_email_field()
{
$this->withoutExceptionHandling();
$this->post('/login', [
'email' => [],
]);
}
Thanks, I've sent in a fix for this: #333