Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add check if user exceeded attempt of logins #36

Merged
merged 5 commits into from
Jan 23, 2019
Merged

Add check if user exceeded attempt of logins #36

merged 5 commits into from
Jan 23, 2019

Conversation

leportella
Copy link
Collaborator

@leportella leportella commented Jan 18, 2019
edited
Loading

Closes #21

  • Create functions that sees if user is blocked and adds number of failed tries
  • Block user from login after number of tries
  • Make variables of time and number of attempts optional

@leportella leportella force-pushed the block-user-after-x-failed-logins branch from a3b1f33 to b04f63d Compare January 18, 2019 17:27
@leportella leportella changed the title [WIP] Add check if user exceeded attempt of logins Add check if user exceeded attempt of logins Jan 21, 2019
yuvipanda
yuvipanda requested changes Jan 23, 2019
View reviewed changes
Copy link
Contributor

@yuvipanda yuvipanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One style change, otherwise LGTM!

nativeauthenticator/nativeauthenticator.py Outdated
@@ -25,13 +41,40 @@ def add_new_table(self):
User.info = relationship(UserInfo, backref='users')
UserInfo.__table__.create(self.db.bind)

def exceed_atempts_of_login(self, username):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method does two things:

  1. Check if the user has exceeded their limit
  2. Record that the user has attempted a log in

Instead, this should be three functions:

  1. Records that the user has attempted to log in (mutating the dictionary)
  2. Check if the user has exceeded their limit (check the dictionary)
  3. Reset user's entry in dictionary after a successful login

This clearly separates different actions on the data, making it easier to understand in the longer run.

@leportella
Add check if user exceeded attempt of logins
017f5f4
@leportella
Block users to authenticate if they exceeded attempts
eaaf196
@leportella
Add config for block after number of tries
4a4aa30
@leportella
Add docs on block user after failed logins
8c9e061
@leportella
Divide responsabilities while checking blocked users
3197739 
The previous version to check if a user exceeded a number of failed
logins everything was checked in a single method. This commit splits the
responsabilities between 4 functions with small responsabilites each
@leportella leportella force-pushed the block-user-after-x-failed-logins branch from eed363c to 3197739 Compare January 23, 2019 17:18
@yuvipanda yuvipanda merged commit 753c53a into master Jan 23, 2019
@yuvipanda
Copy link
Contributor

LGTM!

@lambdaTotoro lambdaTotoro deleted the block-user-after-x-failed-logins branch September 29, 2021 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuvipanda yuvipanda yuvipanda approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leportella @yuvipanda