Update login form, allow admins to enable captcha after X failed attempts. Admins can set the number of attempts before captcha is shown, default is 2 attempts before captcha is required

app/Http/Controllers/Auth/LoginController.php

@@ -7,6 +7,8 @@ use App\Http\Controllers\Controller;
 use App\User;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use App\Services\BouncerService;
+use Illuminate\Http\Request;
+use Illuminate\Validation\ValidationException;
 
 class LoginController extends Controller
 {
@@ -70,8 +72,16 @@ class LoginController extends Controller
             'password'        => 'required|string|min:6',
         ];
 
-        if(config('captcha.enabled') || config('captcha.active.login')) {
-            $rules['h-captcha-response'] = 'required|captcha';
+        if(
+        	config('captcha.enabled') ||
+        	config('captcha.active.login') ||
+        	(
+				config('captcha.triggers.login.enabled') &&
+				request()->session()->has('login_attempts') &&
+				request()->session()->get('login_attempts') >= config('captcha.triggers.login.attempts')
+			)
+        ) {
+            $rules['h-captcha-response'] = 'required|filled|captcha|min:5';
         }
         
         $this->validate($request, $rules);
@@ -102,4 +112,28 @@ class LoginController extends Controller
         $log->user_agent = $request->userAgent();
         $log->save();
     }
+
+    /**
+     * Get the failed login response instance.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Symfony\Component\HttpFoundation\Response
+     *
+     * @throws \Illuminate\Validation\ValidationException
+     */
+    protected function sendFailedLoginResponse(Request $request)
+    {
+    	if(config('captcha.triggers.login.enabled')) {
+			if ($request->session()->has('login_attempts')) {
+				$ct = $request->session()->get('login_attempts');
+				$request->session()->put('login_attempts', $ct + 1);
+			} else {
+				$request->session()->put('login_attempts', 1);
+			}
+    	}
+
+        throw ValidationException::withMessages([
+            $this->username() => [trans('auth.failed')],
+        ]);
+    }
 }

config/captcha.php

@@ -16,5 +16,12 @@ return [
     'active' => [
     	'login' => env('CAPTCHA_ENABLED_ON_LOGIN', false),
     	'register' => env('CAPTCHA_ENABLED_ON_REGISTER', false)
+    ],
+
+    'triggers' => [
+    	'login' => [
+    		'enabled' => env('CAPTCHA_TRIGGERS_LOGIN_ENABLED', false),
+    		'attempts' => env('CAPTCHA_TRIGGERS_LOGIN_ATTEMPTS', 2)
+    	]
     ]
 ];

resources/views/auth/login.blade.php

@@ -50,10 +50,18 @@
                             </div>
                         </div>
 
-                        @if(config('captcha.enabled') || config('captcha.active.login'))
-                        <div class="d-flex justify-content-center mb-3">
-                            {!! Captcha::display() !!}
-                        </div>
+                        @if(
+                        	config('captcha.enabled') ||
+                        	config('captcha.active.login') ||
+                        	(
+                        		config('captcha.triggers.login.enabled') &&
+                        		request()->session()->has('login_attempts') &&
+                        		request()->session()->get('login_attempts') >= config('captcha.triggers.login.attempts')
+                        	)
+                        )
+	                        <div class="d-flex justify-content-center mb-3">
+	                            {!! Captcha::display() !!}
+	                        </div>
                         @endif
 
                         <div class="form-group row mb-0">