Mercurial > p > roundup > code
view test/test_init.py @ 5717:cad18de2b988
issue2550949: Rate limit password guesses/login attempts.
Generic rate limit mechanism added. Deployed for web page
logins. Default is 3 login attempts/minute for a user. After which one
login attempt every 20 seconds can be done.
Uses gcra algorithm so all I need to store is a username and timestamp
in the one time key database. This does mean I don't have a list of
all failed login attempts as part of the rate limiter.
Set up config setting as well so admin can tune the rate. Maybe 1
every 10 seconds is ok at a site with poor typists who need 6 attempts
to get the password right 8-).
The gcra method can also be used to limit the rest and xmlrpc
interfaces if needed. The mechanism I added also supplies a status
method that calculates the expected values for http headers returned
as part of rate limiting.
Also tests added to test all code paths I hope.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 11 May 2019 17:24:58 -0400 |
| parents | 198b6e810c67 |
| children |
line wrap: on
line source
#-*- encoding: utf-8 -*- import unittest, os, pprint, difflib, textwrap from roundup.init import loadTemplateInfo class TemplateInfoTestCase(unittest.TestCase): def testLoadTemplateInfo(self): path = os.path.join(os.path.dirname(__file__), '../share/roundup/templates/classic') self.maxDiff = None self.assertEqual( loadTemplateInfo(path), { 'description': textwrap.dedent('''\ This is a generic issue tracker that may be used to track bugs, feature requests, project issues or any number of other types of issues. Most users of Roundup will find that this template suits them, with perhaps a few customisations.'''), 'intended-for': 'All first-time Roundup users', 'name': 'classic', 'path': path } ) # vim: set et sts=4 sw=4 :