This repository was archived by the owner on Jul 11, 2019. It is now read-only.
#455 hhu_theme Brute force protection #686
Open
JessicaBachmann wants to merge 21 commits intoliqd:developfrom
Open
#455 hhu_theme Brute force protection #686JessicaBachmann wants to merge 21 commits intoliqd:developfrom
JessicaBachmann wants to merge 21 commits intoliqd:developfrom
Conversation
Collaborator
|
I have the feeling that this might be a privacy issue. I believe we are not allowed to store the IP address for an unspecified period of time. I am not sure however. What are your thoughts on that? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request fixes hhucn/adhocracy.hhu_theme#455 from hhu_theme
Creates a new table for logging each Login attempt. It stores username, ip and a timestamp.
After 5 unsuccessful attempts for an hour the next Login is delayed according to the amount of unsuccessful logins. This should harden an automated bruteforce attack on a users account.
Changes/ adds:
model/login.py: new class for managing logging table function
def count_logs returns amount of unsuccessful logins for past hour;
def create creates a new table entry into loginlog to log each login;
migration/versions/080_login_store.py: new class for adding
loginlog table to database
/model/init.py: mapper for new table created
/lib/auth/authentication.py: call of logging function added, sleep
functionality added (sleeps if more than 5 unsuccessful login for
past hour)