Ratelimiter messaging

Author: PeteBishwhip

app/Http/Controllers/Account/AuthController.php

@@ -5,6 +5,7 @@
 use App\Http\Controllers\Controller;
 use App\Http\Requests\LoginRequest;
 use Illuminate\Http\Request;
+use Illuminate\Support\Carbon;
 
 class AuthController extends Controller
 {
@@ -21,17 +22,31 @@ public function logout()
         return redirect()->route('account.login');
     }
 
+    /**
+     * Process the login request.
+     *
+     * @TODO Implement additional brute-force protection with custom blocked IPs model.
+     *
+     * @param LoginRequest $request
+     * @throws \Illuminate\Validation\ValidationException
+     * @return \Illuminate\Http\RedirectResponse
+     */
     public function processLogin(LoginRequest $request)
     {
         $credentials = $request->only('email', 'password');
         $key = 'login-attempt:' . $request->ip();
         $attemptsPerHour = 5;
 
         if (\RateLimiter::tooManyAttempts($key, $attemptsPerHour)) {
+            $blockedUntil = Carbon::now()
+                ->addSeconds(\RateLimiter::availableIn($key))
+                ->diffInMinutes(Carbon::now());
+
             return back()
-                ->withInput($request->only('email'))
+                ->withInput($request->only(['email', 'remember']))
                 ->withErrors([
-                    'email' => 'Too many login attempts. Please try again later.',
+                    'email' => 'Too many login attempts. Please try again in '
+                        . $blockedUntil . ' minutes.',
                 ]);
         }