Mercurial > p > roundup > code

comparison roundup/configuration.py @ 7556:273c8c2b5042

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection. Failed API login rate limiting with expiring lockout added.
author John Rouillard <rouilj@ieee.org>
date Wed, 19 Jul 2023 20:37:45 -0400
parents bed28b64c581
children 5e118944ef75
comparison
equal deleted inserted replaced
7555:451232f83244 7556:273c8c2b5042
650 except OptionValueError: 650 except OptionValueError:
651 raise # pass through subclass 651 raise # pass through subclass
652 except ValueError: 652 except ValueError:
653 raise OptionValueError(self, value, "Integer number required") 653 raise OptionValueError(self, value, "Integer number required")
654 654
655 class IntegerNumberGtZeroOption(Option):
656
657 """Integer numbers greater than zero."""
658
659 def str2value(self, value):
660 try:
661 v = int(value)
662 if v < 1:
663 raise OptionValueError(self, value,
664 "Integer number greater than zero required")
665 return v
666 except OptionValueError:
667 raise # pass through subclass
668 except ValueError:
669 raise OptionValueError(self, value, "Integer number required")
655 670
656 class OctalNumberOption(Option): 671 class OctalNumberOption(Option):
657 672
658 """Octal Integer numbers""" 673 """Octal Integer numbers"""
659 674
1245 "this number.\n" 1260 "this number.\n"
1246 "Determines the burst rate and the rate that new api\n" 1261 "Determines the burst rate and the rate that new api\n"
1247 "calls will be made available. If set to 360 and\n" 1262 "calls will be made available. If set to 360 and\n"
1248 "api_intervals_in_sec is set to 3600, the 361st call in\n" 1263 "api_intervals_in_sec is set to 3600, the 361st call in\n"
1249 "10 seconds results in a 429 error to the caller. It\n" 1264 "10 seconds results in a 429 error to the caller. It\n"
1250 "tells them to wait 10 seconds (360/3600) before making\n" 1265 "tells them to wait 10 seconds (3600/360) before making\n"
1251 "another api request. A value of 0 turns off rate\n" 1266 "another api request. A value of 0 turns off rate\n"
1252 "limiting in the API. Tune this as needed. See rest\n" 1267 "limiting in the API. Tune this as needed. See rest\n"
1253 "documentation for more info.\n"), 1268 "documentation for more info.\n"),
1254 (IntegerNumberGeqZeroOption, 'api_interval_in_sec', "3600", 1269 (IntegerNumberGtZeroOption, 'api_interval_in_sec', "3600",
1255 "Defines the interval in seconds over which an api client can\n" 1270 "Defines the interval in seconds over which an api client can\n"
1256 "make api_calls_per_interval api calls. Tune this as needed.\n"), 1271 "make api_calls_per_interval api calls. Tune this as needed.\n"),
1272 (IntegerNumberGeqZeroOption, 'api_failed_login_limit', "4",
1273 "Limit login failure to the API per api_failed_login_interval_in_sec\n"
1274 "seconds.\n"
1275 "A value of 0 turns off failed login rate\n"
1276 "limiting in the API. You should not disable this. See rest\n"
1277 "documentation for more info.\n"),
1278 (IntegerNumberGtZeroOption, 'api_failed_login_interval_in_sec', "600",
1279 "Defines the interval in seconds over which api login failures\n"
1280 "are recorded. It allows api_failed_login_limit login failures\n"
1281 "in this time interval. Tune this as needed.\n"),
1257 (CsrfSettingOption, 'csrf_enforce_token', "yes", 1282 (CsrfSettingOption, 'csrf_enforce_token', "yes",
1258 """How do we deal with @csrf fields in posted forms. 1283 """How do we deal with @csrf fields in posted forms.
1259 Set this to 'required' to block the post and notify 1284 Set this to 'required' to block the post and notify
1260 the user if the field is missing or invalid. 1285 the user if the field is missing or invalid.
1261 Set this to 'yes' to block the post and notify the user 1286 Set this to 'yes' to block the post and notify the user
Roundup Issue Tracker: http://roundup-tracker.org/