From 4d5eb659c0bdb02aaf5aa51a2edcccd570c188f9 Mon Sep 17 00:00:00 2001
From: Rotzbua <Rotzbua@users.noreply.github.com>
Date: Tue, 15 Jan 2019 01:55:56 +0100
Subject: [PATCH] IP pseudonymization for rate limiter (#1589)

requirement of gdpr
---
 classes/admin.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/classes/admin.php b/classes/admin.php
index 24692a79..181e8e2a 100644
--- a/classes/admin.php
+++ b/classes/admin.php
@@ -367,6 +367,9 @@ class Admin
         $ipKey = Uri::ip();
         $redirect = isset($post['redirect']) ? $post['redirect'] : $this->base . $this->route;
 
+        // Pseudonymization of the IP
+        $ipKey = sha1($ipKey . $this->grav['config']->get('security.salt'));
+
         // Check if the current IP has been used in failed login attempts.
         $attempts = count($rateLimiter->getAttempts($ipKey, 'ip'));