[11.x] Fix the RateLimiter issue when using dynamic keys (laravel#53763)

MilesChou · web-flow · commit 5ed48d361cea · 2024-12-06T13:18:17.000-06:00
* Fix the RateLimite issue when generating dynamic keys

* Adjust limit condition in Limit::fallbackKey() method
diff --git a/src/Illuminate/Cache/RateLimiting/Limit.php b/src/Illuminate/Cache/RateLimiting/Limit.php
@@ -150,7 +150,7 @@ public function response(callable $callback)
      */
     public function fallbackKey()
     {
-        $prefix = $this->key ? '' : "{$this->key}:";
+        $prefix = $this->key ? "{$this->key}:" : '';
 
         return "{$prefix}attempts:{$this->maxAttempts}:decay:{$this->decaySeconds}";
     }
diff --git a/tests/Cache/RateLimiterTest.php b/tests/Cache/RateLimiterTest.php
@@ -2,8 +2,10 @@
 
 namespace Illuminate\Tests\Cache;
 
+use Illuminate\Cache\ArrayStore;
 use Illuminate\Cache\RateLimiter;
 use Illuminate\Cache\RateLimiting\Limit;
+use Illuminate\Cache\Repository;
 use Illuminate\Contracts\Cache\Repository as Cache;
 use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\TestCase;
@@ -38,6 +40,33 @@ public function testRegisterNamedRateLimiter(mixed $name, string $expected): voi
 
         $this->assertNotNull($limiterClosure);
     }
+
+    public function testShouldUseOriginKeyAsPrefixWhenMultipleLimiterWithSameKey()
+    {
+        $rateLimiter = new RateLimiter(new Repository(new ArrayStore));
+
+        $rateLimiter->for('user_limiter', fn (string $userId) => [
+            Limit::perSecond(3)->by($userId),
+            Limit::perMinute(5)->by($userId),
+        ]);
+
+        $userId1 = '123';
+        $userId2 = '456';
+
+        $limiterForUser1 = $rateLimiter->limiter('user_limiter')($userId1);
+        $limiterForUser2 = $rateLimiter->limiter('user_limiter')($userId2);
+
+        for ($i = 0; $i < 3; $i++) {
+            $this->assertFalse($rateLimiter->tooManyAttempts($limiterForUser1[0]->key, $limiterForUser1[0]->maxAttempts));
+            $this->assertFalse($rateLimiter->tooManyAttempts($limiterForUser2[0]->key, $limiterForUser2[0]->maxAttempts));
+
+            $rateLimiter->hit($limiterForUser1[0]->key, $limiterForUser1[0]->decaySeconds);
+            $rateLimiter->hit($limiterForUser2[0]->key, $limiterForUser2[0]->decaySeconds);
+        }
+
+        $this->assertNotSame($limiterForUser1[0]->key, $limiterForUser2[0]->key);
+        $this->assertNotSame($limiterForUser1[1]->key, $limiterForUser2[1]->key);
+    }
 }
 
 enum BackedEnumNamedRateLimiter: string

Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,7 @@ public function response(callable $callback)`
`150`	`150`	`*/`
`151`	`151`	`public function fallbackKey()`
`152`	`152`	`{`
`153`		`- $prefix = $this->key ? '' : "{$this->key}:";`
	`153`	`+ $prefix = $this->key ? "{$this->key}:" : '';`
`154`	`154`
`155`	`155`	`return "{$prefix}attempts:{$this->maxAttempts}:decay:{$this->decaySeconds}";`
`156`	`156`	`}`