Mercurial > p > roundup > code
comparison roundup/cgi/actions.py @ 5772:8dbe307bdb57
Finish up login rate limit code. Set config item to 0 disables, make
sure config item can't be negative integer.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Fri, 07 Jun 2019 13:50:57 -0400 |
| parents | 2f116ba7e7cf |
| children | 1a835db41674 |
comparison
equal
deleted
inserted
replaced
| 5771:3f00269f3297 | 5772:8dbe307bdb57 |
|---|---|
| 1231 ) | 1231 ) |
| 1232 | 1232 |
| 1233 try: | 1233 try: |
| 1234 # Implement rate limiting of logins by login name. | 1234 # Implement rate limiting of logins by login name. |
| 1235 # Use prefix to prevent key collisions maybe?? | 1235 # Use prefix to prevent key collisions maybe?? |
| 1236 rlkey="LOGIN-" + self.client.user | 1236 # set client.db.config.WEB_LOGIN_ATTEMPTS_MIN to 0 |
| 1237 limit=self.loginLimit | 1237 # to disable |
| 1238 gcra=Gcra() | 1238 if self.client.db.config.WEB_LOGIN_ATTEMPTS_MIN: # if 0 - off |
| 1239 otk=self.client.db.Otk | 1239 rlkey="LOGIN-" + self.client.user |
| 1240 try: | 1240 limit=self.loginLimit |
| 1241 val=otk.getall(rlkey) | 1241 gcra=Gcra() |
| 1242 gcra.set_tat_as_string(rlkey, val['tat']) | 1242 otk=self.client.db.Otk |
| 1243 except KeyError: | 1243 try: |
| 1244 # ignore if tat not set, it's 1970-1-1 by default. | 1244 val=otk.getall(rlkey) |
| 1245 pass | 1245 gcra.set_tat_as_string(rlkey, val['tat']) |
| 1246 # see if rate limit exceeded and we need to reject the attempt | 1246 except KeyError: |
| 1247 reject=gcra.update(rlkey, limit) | 1247 # ignore if tat not set, it's 1970-1-1 by default. |
| 1248 | 1248 pass |
| 1249 # Calculate a timestamp that will make OTK expire the | 1249 # see if rate limit exceeded and we need to reject the attempt |
| 1250 # unused entry 1 hour in the future | 1250 reject=gcra.update(rlkey, limit) |
| 1251 ts = time.time() - (60 * 60 * 24 * 7) + 3600 | 1251 |
| 1252 otk.set(rlkey, tat=gcra.get_tat_as_string(rlkey), | 1252 # Calculate a timestamp that will make OTK expire the |
| 1253 __timestamp=ts) | 1253 # unused entry 1 hour in the future |
| 1254 otk.commit() | 1254 ts = time.time() - (60 * 60 * 24 * 7) + 3600 |
| 1255 | 1255 otk.set(rlkey, tat=gcra.get_tat_as_string(rlkey), |
| 1256 if reject: | 1256 __timestamp=ts) |
| 1257 # User exceeded limits: find out how long to wait | 1257 otk.commit() |
| 1258 status=gcra.status(rlkey, limit) | 1258 |
| 1259 raise Reject(_("Logins occurring too fast. Please wait: %d seconds.")%status['Retry-After']) | 1259 if reject: |
| 1260 else: | 1260 # User exceeded limits: find out how long to wait |
| 1261 self.verifyLogin(self.client.user, password) | 1261 status=gcra.status(rlkey, limit) |
| 1262 raise Reject(_("Logins occurring too fast. Please wait: %d seconds.")%status['Retry-After']) | |
| 1263 | |
| 1264 self.verifyLogin(self.client.user, password) | |
| 1262 except exceptions.LoginError as err: | 1265 except exceptions.LoginError as err: |
| 1263 self.client.make_user_anonymous() | 1266 self.client.make_user_anonymous() |
| 1264 for arg in err.args: | 1267 for arg in err.args: |
| 1265 self.client.add_error_message(arg) | 1268 self.client.add_error_message(arg) |
| 1266 | 1269 |