Mercurial > p > roundup > code
view website/issues/extensions/timezone.py @ 5717:cad18de2b988
issue2550949: Rate limit password guesses/login attempts.
Generic rate limit mechanism added. Deployed for web page
logins. Default is 3 login attempts/minute for a user. After which one
login attempt every 20 seconds can be done.
Uses gcra algorithm so all I need to store is a username and timestamp
in the one time key database. This does mean I don't have a list of
all failed login attempts as part of the rate limiter.
Set up config setting as well so admin can tune the rate. Maybe 1
every 10 seconds is ok at a site with poor typists who need 6 attempts
to get the password right 8-).
The gcra method can also be used to limit the rest and xmlrpc
interfaces if needed. The mechanism I added also supplies a status
method that calculates the expected values for http headers returned
as part of rate limiting.
Also tests added to test all code paths I hope.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 11 May 2019 17:24:58 -0400 |
| parents | 7d8e0dbb0852 |
| children |
line wrap: on
line source
# Utility for replacing the simple input field for the timezone with # a select-field that lists the available values. import cgi try: import pytz except ImportError: pytz = None def tzfield(prop, name, default): if pytz: value = prop.plain() if '' == value: value = default else: try: value = "Etc/GMT%+d" % int(value) except ValueError: pass l = ['<select name="%s">' % name] for zone in pytz.all_timezones: s = ' ' if zone == value: s = 'selected=selected ' z = cgi.escape(zone) l.append('<option %svalue="%s">%s</option>' % (s, z, z)) l.append('</select>') return '\n'.join(l) else: return prop.field() def init(instance): instance.registerUtil('tzfield', tzfield)